关于DLL呼出窗体的问题

83428108@qq.com

大家好,现在遇到一个问题.
DLL已经注入到目标进程,已经检查过进程内可执行模块,有我注入的DLL
但是无法呼出DLL窗口,连 MessageBox()都无法出来
library DllGame;
{ Important note about DLL memory management: ShareMem must be the
  first unit in your library's USES clause AND your project's (select
  Project-View Source) USES clause if your DLL exports any procedures or
  functions that pass strings as parameters or function results. This
  applies to all strings passed to and from your DLL--even those that
  are nested in records and classes. ShareMem is the interface unit to
  the BORLNDMM.DLL shared memory manager, which must be deployed along
  with your DLL. To avoid using BORLNDMM.DLL, pass string information
  using PChar or ShortString parameters. }
uses
  SysUtils,windows,
  Classes;
{$R *.res}
var
keyhhk: HHOOK ;
Function add (a,b:integer):integer; //加法函数
begin
  result:=a+b;
end;
Function keyproc(icode,wp,lp:integer):DWORD;stdcall;   //键盘HOOK回调函数
begin
  if (icode=HC_ACTION) then
            begin
              if (wp=VK_HOME)and ((1 shl 31)and lp=0) then MessageBox(0,'显示WG','显示WG',0);
            end;
keyProc:=CallNextHookEx(keyhhk,icode,wp,lp);
end;
Function installKeyProc():boolean;stdcall;
var
h:HWND;
GameTid:THandle;
begin
    Result:=false;
    h:=FindWindow(nil,'The Return of Legend');
    if h=0 then begin Messagebox(0,'未找到游戏','error',0);exit; end;//如果游戏未打开则退出
    GameTid:=GetWindowThreadProcessId(h);
    keyhhk:=SetWindowsHookEx(WH_KEYBOARD,@Keyproc,GetModuleHandle('DllGame.dll'),GameTid);
    if keyhhk>0 then Result:=true;
end;
exports   //导出函数
  add,
  installKeyProc;

哪位前辈给个例程,注入方式不管,只需要DLL部分,能在拦截键盘信息,呼出窗体就好

aminghanhua

1. library DllGamePro;
   
2. 
   
3. { Important note about DLL memory management: ShareMem must be the
   
4.   first unit in your library's USES clause AND your project's (select
   
5.   Project-View Source) USES clause if your DLL exports any procedures or
   
6.   functions that pass strings as parameters or function results. This
   
7.   applies to all strings passed to and from your DLL--even those that
   
8.   are nested in records and classes. ShareMem is the interface unit to
   
9.   the BORLNDMM.DLL shared memory manager, which must be deployed along
   
10.   with your DLL. To avoid using BORLNDMM.DLL, pass string information
    
11.   using PChar or ShortString parameters. }
    
12. 
    
13. uses
    
14.   SysUtils,
    
15.   Windows,
    
16.   Classes,
    
17.   TlHelp32,
    
18.   DllGame in 'DllGame.pas' {ForMain},
    
19.   Setfun in 'Setfun.pas',
    
20.   GameFun in 'GameFun.pas';
    
21. 
    
22. {$R *.res}
    
23. 
    
24. var
    
25. keyhhk: HHOOK ;
    
26. 
    
27. Function keyproc(icode,wp,lp:integer):DWORD;stdcall;   //键盘HOOK回调函数
    
28. begin
    
29.   if (icode=HC_ACTION) then
    
30.             begin
    
31.               if (wp=VK_HOME)and ((1 shl 31)and lp=0) then
    
32.               begin
    
33.              // MessageBox(0,'显示WG','显示WG',0);
    
34.              if form1=nil then  Form1:=Tform1.Create(nil);
    
35.                 form1.Visible:=not form1.Visible;
    
36.               end;
    
37.             end;
    
38. keyProc:=CallNextHookEx(keyhhk,icode,wp,lp);
    
39. end;
    
40. 
    
41. function FindProcess(AFileName: string): boolean; //判断gc.exe是否存在
    
42. var
    
43.        hSnapshot:   THandle;//用于获得进程列表
    
44.        lppe:   TProcessEntry32;//用于查找进程
    
45.        Found:   Boolean;//用于判断进程遍历是否完成
    
46.    begin
    
47.        Result   :=False;
    
48.        hSnapshot   :=   CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,   0);//获得系统进程列表
    
49.        lppe.dwSize   :=   SizeOf(TProcessEntry32);//在调用Process32First   API之前，需要初始化lppe记录的大小
    
50.        Found   :=   Process32First(hSnapshot,   lppe);//将进程列表的第一个进程信息读入ppe记录中
    
51.        while   Found   do
    
52.        begin
    
53.        if   ((UpperCase(ExtractFileName(lppe.szExeFile))=UpperCase(AFileName))   or
    
54.            (UpperCase(lppe.szExeFile   )=UpperCase(AFileName)))
    
55.        then
    
56.        begin
    
57.            Result   :=True;
    
58.        end;
    
59.        Found   :=   Process32Next(hSnapshot,   lppe);//将进程列表的下一个进程信息读入lppe记录中
    
60.        end;
    
61.    end;
    
62. 
    
63. 
    
64. function GetProcessID(ProcessName:string):DWORD;  //获取gc.exe进程ID
    
65. var
    
66.   lppe: TProcessEntry32;
    
67.   found : boolean;
    
68.   Hand : THandle;
    
69.   P:DWORD;
    
70.   s:string;
    
71. begin
    
72.   result:=0;
    
73.   Hand := CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
    
74.   found := Process32First(Hand,lppe);
    
75.   while found do
    
76.   begin
    
77.     s := string(lppe.szExeFile);
    
78.     if lppe.th32ProcessID>0 then
    
79.       p := lppe.th32ProcessID
    
80.     else
    
81.       p := 0;
    
82.     if UpperCase(ExtractFileName(s))=UpperCase(ExtractFileName(ProcessName)) then
    
83.     begin
    
84.       result:=p;
    
85.       break;
    
86.     end;
    
87.     found := Process32Next(Hand,lppe);
    
88.   end;
    
89. end;
    
90. 
    
91. 
    
92. Function installKeyProc():boolean;stdcall;
    
93. var
    
94. GameTid:THandle;
    
95. begin
    
96.     Result:=false;
    
97.                  if not FindProcess('gc.exe') then
    
98.      Exit;//如果游戏未打开则退出
    
99.     GameTid:=GetProcessID('gc.exe');
    
100.     keyhhk:=SetWindowsHookEx(WH_KEYBOARD,@Keyproc,GetModuleHandle('DllGamePro.dll'),GameTid);
     
101.     if keyhhk>0 then Result:=true;
     
102. end;
     
103. procedure DllEnterProc(reason:integer);
     
104. begin
     
105.    case reason of
     
106.    windows.DLL_PROCESS_ATTACH: begin end;
     
107.    windows.DLL_PROCESS_DETACH: begin Form1.Free;form1:=nil; end;
     
108.    end;
     
109. end;
     
110. 
     
111. 
     
112. exports   //导出函数
     
113. 
     
114.   installKeyProc;
     
115. 
     
116. begin
     
117. //Messagebox(0,'Loading','error',0);
     
118. dllProc:=@DllEnterProc;
     
119. end.

复制代码