DLL 注入:DrawText 和 TextOut 不会返回所有文本

DLL Injection: DrawText and TextOut doesn't return all text

本文关键字:返回 文本 TextOut 注入 DrawText DLL      更新时间:2023-10-16

我成功地将DLL注入程序中。但是,我想从列表框中获取信息。WM_GETTEXT不工作,所以我不得不进行dll注入。我收到了大量的文本,但从所需的控件中我一无所获。

这是我的代码:

#include <Windows.h>
#include "detours.h"
#include <tchar.h>
#include <stdio.h>
// Function pointer to the original (un-detoured) DrawText API
int (WINAPI * Real_DrawText)(HDC a0, LPCWSTR a1, int a2, LPRECT a3, UINT a4) = DrawTextW;
int (WINAPI * Real_TextOut)(HDC hdc, int nXStart, int nYStart, LPCTSTR lpString, int cchString) = TextOutW;

void writeToFile(LPCWSTR text)
{
    FILE *out;
    if (!(out = fopen("C:\OUTPUT\out.txt", "a+"))) {
        MessageBox (0,  TEXT("ERROR FILE"),  TEXT("ERROR FILE"), MB_ICONINFORMATION);
        return;
    }
    fwprintf(out, text);
    fclose(out);
}
// Our custom version of DrawText
int WINAPI Mine_DrawText(HDC hdc, LPCWSTR text,  int nCount, LPRECT lpRect, UINT uOptions)
{
    int rv = Real_DrawText(hdc, text, nCount, lpRect, uOptions);

    WideCharToMultiByte(CP_ACP, WC_DEFAULTCHAR, text, -1, txt, 0, NULL, NULL);
    writeToFile(text);
    return rv;
}
int WINAPI Mine_TextOut(HDC hdc, int nXStart, int nYStart, LPCTSTR lpString, int cchString) {
    int rv = Real_TextOut(hdc, nXStart, nYStart, lpString, cchString);
    writeToFile(lpString);
    return rv;
}
// Install the DrawText detour whenever this DLL is loaded into any process...
BOOL APIENTRY DllMain( HANDLE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved  )
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        MessageBox (0,  TEXT("From DLLn"),  TEXT("Process Attach"), MB_ICONINFORMATION);
        DetourTransactionBegin(); 
        DetourUpdateThread(GetCurrentThread());
        DetourAttach(&(PVOID&)Real_DrawText, Mine_DrawText); // <- magic
        DetourAttach(&(PVOID&)Real_TextOut, Mine_TextOut);
        DetourTransactionCommit();
        break;
    case DLL_PROCESS_DETACH:
        MessageBox (0,  TEXT("From DLLn"),  TEXT("Process Detach"), MB_ICONINFORMATION);
        DetourTransactionBegin(); 
        DetourUpdateThread(GetCurrentThread());
        DetourDetach(&(PVOID&)Real_DrawText, Mine_DrawText);
        DetourTransactionCommit();
        break;
    }
    return TRUE;
}

我的问题是:有什么是我遗漏的吗?我的意思是,还有其他方法可以从应用程序中获取文本吗?因为当我做研究时,这应该会给我程序中的所有文本。

非常感谢你的帮助!

你真正想做什么?你似乎想抓取另一个程序中运行的列表框的内容。您是否尝试过简单地将LB_GETTEXT消息发送到列表框?

相关文章: