A DLL (INJECT.DLL) and a calling program (Caller.exe) process for injection: Caller.exeProcedure Testhook; var pwnd, hchild, hwndinject: hwnd; msg: TMSG; begin // Find FindWindow with FindWindow via window title The main window handle of the program to be injected, PWND PWND: = FindWindow ('progman', nil); // Find the child window handle hCHILD HCHILD: = FINDWINDOWEX with FindWindowEx (Hmain, 0, NIL, NIL) (PWND, 0 , nil, nil); // getwindowThreadProcessid (hChild, nil) find to be injected with a thread dwThreadID: = getwindowThreadProcessid (hChild, nil); // call SetInjectHook method SetInjectHook inject.dll of (dwThreadID); // wait for return messages getmessage (MSG, 0, 0, 0); // Find the injected window hWndINject: = FINDWINDOW (NIL, 'INJECTFORM'); // Send control messages, use the handle of the target form as WPARAM, the control parameters are incorporated into sendMessage (HWNDINJECT, WM_APP, HCHILD, INTEGER (TRUE)); // Close the injected window SendMessage (hwndinject, wm_close, 0); // Waiting the window to close the Sleep (500); // Check if it is successfully closed Assert (not iswindow (hwndinject)); // remove the hook setdipshook (0);
// Next, the specific operation of Inject.dll's setInjectHook is specifically defined in the global definition of variable var g_hook: hHOOK = 0; g_dwthreadidinject: dword = 0; g_hinjectfrm: hwnd;
Function setInjectHook (DWTHREADID: DWORD): boolean; begin result: = false; // If the thread flag is used to remove the hook, otherwise dynamic library injection IF DWTHREADID <> 0 Then Begin assert (g_hhook = 0); // Save the ID to g_dwthreadIdInject g_dwthreadidIndInject g_dwthreadidIndInject: = getCurrentThreadIDID; / / The next getMessage hook to the target thread // getMSGProc is a function of the following defined, and creates a custom Form in the target thread during the first call. // This will control G_HHHOOK: = SETWINDOWSHOKEX (WH_GetMessage, getMsgProc, Hinstance, DWTHREADID); Result: = g_hhook <> null; if result dam // Send an empty Information for easy creation of this custom Form Result: = PostthreadMessage (DWTHREADID, WM_NULL, 0, 0); // Waiting for half a second to ensure that the caller can find this Form Sleep (500); Else Begin Assert (g_hook <> 0); // Remove the hooks Result: = UnHhookWindowsHookex (g_hook); g_hook: = 0; end; end; // Define a global flag VAR FFIRSTIME: Boolean = true; // This function is used to create a custom form while receiving the first message to facilitate remote control of function getmsgproc (Code: integer; wparam: wparam; lparam: lparam): LRESULT; stdcall; begin // If it is the first time IF ffirstttime the begin ffirsttime: = false; // Create Form INJECTFRM: = TINJEC Tfrm.create (nil); // Save Form Handle G_hinjectFRM: = INJECTFRM.Handle; End; // Call the default processing, this sentence can not forget Result: = CallNexthooKex (G_HHHHOOK, CODE, WPARAM, LPARAM); END;
