60.分析对比模块找出被注入的模块
免责声明:内容仅供学习参考,请合法利用知识,禁止进行违法犯罪活动!
内容参考于:易道云信息技术研究院
上一个内容:59.获取进行模块列表
以 59.获取进行模块列表 它的代码为基础进行修改
效果图:
首先添加一个Dialog
然后添加一个List Control控件
并给新加的dialog添加类list control控件添加变量
CWndINC.cpp文件修改
BOOL CWndINC::OnInitDialog()
{
CDialogEx::OnInitDialog();
InstallPage(&modPage[0], IDD_MOD_LIST, L"正常进程", TRUE);
InstallPage(&modPage[1], IDD_MOD_LIST, L"感染进程", TRUE);
InstallPage(&modAnly, IDD_MOD_ANLY, L"分析对比", TRUE);
return 0;
}
// 分析按钮的点击事件
void CWndINC::OnBnClickedButton3()
{
// TODO: 在此添加控件通知处理程序代码
int CountNormal = modPage[0].LstModule.GetItemCount();
int CountRoot = modPage[1].LstModule.GetItemCount();
if (CountRoot && CountNormal) {
for (int i = 0; i < CountNormal; i++) {
CString txt = modPage[0].LstModule.GetItemText(i, 3);
for (int y = 0; y < CountRoot; y++) {
if (modPage[1].LstModule.GetItemText(y, 3) == txt) {
modPage[1].LstModule.SetItemData(y, 1);
modPage[0].LstModule.SetItemData(i, 1);
break;
}
}
}
CString wTxt[2]{ L"减少", L"正常" };
for (int i = 0; i < CountNormal; i++) {
DWORD state = modPage[0].LstModule.GetItemData(i);
//
modAnly.LstAnly.InsertItem(0, modPage[0].LstModule.GetItemText(i, 0));
modAnly.LstAnly.SetItemText(0, 1, modPage[0].LstModule.GetItemText(i, 1));
modAnly.LstAnly.SetItemText(0, 2, modPage[0].LstModule.GetItemText(i, 2));
modAnly.LstAnly.SetItemText(0, 3, modPage[0].LstModule.GetItemText(i, 3));
modAnly.LstAnly.SetItemText(0, 4, wTxt[state]);
}
for (int i = 0; i < CountRoot; i++) {
DWORD state = modPage[1].LstModule.GetItemData(i);
if (state == 0) {
modAnly.LstAnly.InsertItem(0, modPage[1].LstModule.GetItemText(i, 0));
modAnly.LstAnly.SetItemText(0, 1, modPage[1].LstModule.GetItemText(i, 1));
modAnly.LstAnly.SetItemText(0, 2, modPage[1].LstModule.GetItemText(i, 2));
modAnly.LstAnly.SetItemText(0, 3, modPage[1].LstModule.GetItemText(i, 3));
modAnly.LstAnly.SetItemText(0, 4, L"增加");
}
}
}
}CWindProcess.cpp文件做出修改:
void CWindProcess::RefreshProcess()
{
ProcessLst.DeleteAllItems();
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnap == INVALID_HANDLE_VALUE) {
AfxMessageBox(L"获取进程列表失败!检查是否具有管理员权限!");
return;
}
PROCESSENTRY32 pe{sizeof(pe)};
BOOL BMORE = Process32First(hSnap, &pe);
while (BMORE) {
CString txt;
txt.Format(L"%d", pe.th32ProcessID);
ProcessLst.InsertItem(0, txt);
ProcessLst.SetItemText(0, 1, pe.szExeFile);
BMORE = Process32Next(hSnap, &pe);
}
CloseHandle(hSnap);
}CWndModAnly.cpp文件内容:它是新加的dialog的类
// CWndModAnly.cpp: 实现文件
//
#include "pch.h"
#include "GAMEHACKER2.h"
#include "CWndModAnly.h"
#include "afxdialogex.h"
// CWndModAnly 对话框
IMPLEMENT_DYNAMIC(CWndModAnly, CDialogEx)
CWndModAnly::CWndModAnly(CWnd* pParent /*=nullptr*/)
: CDialogEx(IDD_MOD_ANLY, pParent)
{
}
CWndModAnly::~CWndModAnly()
{
}
void CWndModAnly::DoDataExchange(CDataExchange* pDX)
{
CDialogEx::DoDataExchange(pDX);
DDX_Control(pDX, IDC_LIST1, LstAnly);
}
BOOL CWndModAnly::OnInitDialog()
{
CDialogEx::OnInitDialog();
LONG_PTR lStyle;
// 得到窗口的样式,GWL_STYLE在GetWindowLongPtr说明中有
lStyle = GetWindowLongPtr(LstAnly.m_hWnd, GWL_STYLE);
lStyle |= LVS_REPORT;
SetWindowLongPtr(LstAnly.m_hWnd, GWL_STYLE, lStyle);
DWORD dStyle = LstAnly.GetExtendedStyle();
dStyle |= LVS_EX_FULLROWSELECT;
dStyle |= LVS_EX_GRIDLINES;
LstAnly.SetExtendedStyle(dStyle);
LstAnly.InsertColumn(0, L"模块名称", 0, 200);
LstAnly.InsertColumn(1, L"基址", 0, 400);
LstAnly.InsertColumn(2, L"大小", 0, 400);
LstAnly.InsertColumn(3, L"文件位置", 0, 400);
LstAnly.InsertColumn(4, L"状态", 0, 400);
return TRUE;
}
BEGIN_MESSAGE_MAP(CWndModAnly, CDialogEx)
END_MESSAGE_MAP()
// CWndModAnly 消息处理程序
CWndModAnly.h文件内容:它是新加的dialog的类
#pragma once
// CWndModAnly 对话框
class CWndModAnly : public CDialogEx
{
DECLARE_DYNAMIC(CWndModAnly)
public:
CWndModAnly(CWnd* pParent = nullptr); // 标准构造函数
virtual ~CWndModAnly();
// 对话框数据
#ifdef AFX_DESIGN_TIME
enum { IDD = IDD_MOD_ANLY };
#endif
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持
DECLARE_MESSAGE_MAP()
public:
CListCtrl LstAnly;
public:
protected:
virtual BOOL OnInitDialog();
};
原文地址:https://blog.csdn.net/qq_36301061/article/details/140619930
免责声明:本站文章内容转载自网络资源,如本站内容侵犯了原著者的合法权益,可联系本站删除。更多内容请关注自学内容网(zxcms.com)!