c++之window filesearch和LoadLibraryA的实现

#include 
#include 
#include 
using namespace std;

bool FileSearch(string sSearch, string sFolder)
{
    // This recursive function will search for a filename or part of it,
    // inside the specified folder and in all its subfolders.
    // Coded by Viotto - http://Breaking-Security.net

    std::transform(sSearch.begin(), sSearch.end(), sSearch.begin(), ::tolower);

    // Check for final slash in path and append it if missing
    if (sFolder[sFolder.length() -1] != '\\')
    {
        sFolder += "\\";
    }

    WIN32_FIND_DATA FileInfo;
    HANDLE hFind = FindFirstFileA(string(sFolder + "*").c_str(), &FileInfo);

    if (hFind == INVALID_HANDLE_VALUE)
    {
        FindClose(hFind);
        return false;
    }
    string sFileInfo;

    while (FindNextFile(hFind, &FileInfo) != 0)
    {
        if (FileInfo.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY
            && strcmp(FileInfo.cFileName, ".") != 0
            && strcmp(FileInfo.cFileName, "..") != 0)
        {
            string sRecursiveDir = sFolder + string(FileInfo.cFileName);
            FileSearch(sSearch, sRecursiveDir);
        }

        string sFileName(FileInfo.cFileName);
        std::transform(sFileName.begin(), sFileName.end(), sFileName.begin(), ::tolower);
        if (sFileName.find(sSearch) != string::npos)
        {
            //Search string has been found inside file name
            printf(string(sFolder + FileInfo.cFileName + "\n").c_str());
        }
    }
    FindClose(hFind);
    return true;
}


typedef struct _UNICODE_STRING
{ // UNICODE_STRING structure
         USHORT Length;
         USHORT MaximumLength;
         PWSTR  Buffer;
} UNICODE_STRING, *PUNICODE_STRING;

typedef NTSTATUS (WINAPI *fLdrLoadDll) //LdrLoadDll function prototype
    (
         IN PWCHAR PathToFile OPTIONAL,
         IN ULONG Flags OPTIONAL,
         IN PUNICODE_STRING ModuleFileName,
         OUT PHANDLE ModuleHandle
    );


typedef VOID (WINAPI *fRtlInitUnicodeString) //RtlInitUnicodeString function prototype
    (
         PUNICODE_STRING DestinationString,
         PCWSTR SourceString
    );



HMODULE hntdll;
fLdrLoadDll _LdrLoadDll;
fRtlInitUnicodeString _RtlInitUnicodeString;

//http://breaking-security.net/csources.php
//LoadLibraryA
HMODULE LoadDll( LPCSTR lpFileName)
{
   //by Viotto - http://breaking-security.net

   if (hntdll      == NULL) { hntdll = GetModuleHandleA("ntdll.dll"); }
   if (_LdrLoadDll == NULL) { _LdrLoadDll = (fLdrLoadDll) GetProcAddress ( hntdll, "LdrLoadDll"); }
   if (_RtlInitUnicodeString == NULL)
   { _RtlInitUnicodeString = (fRtlInitUnicodeString) GetProcAddress ( hntdll, "RtlInitUnicodeString"); }

   int StrLen = lstrlenA(lpFileName);
   BSTR WideStr = SysAllocStringLen(NULL, StrLen);
   MultiByteToWideChar(CP_ACP, 0, lpFileName, StrLen, WideStr, StrLen);

   UNICODE_STRING usDllName;
   _RtlInitUnicodeString(&usDllName, WideStr);
   SysFreeString(WideStr);

   HANDLE DllHandle;
   _LdrLoadDll(0, 0, &usDllName, &DllHandle);

   return (HMODULE)DllHandle;
}


int LoadDll_demo() //Usage example
{
   HMODULE hmodule = LoadDll("Kernel32.dll");
   //HMODULE hmodule = LoadLibraryA("Kernel32.dll");
   return (int)hmodule;
}

// Usage example:
// filesearch "Notepad" "C:\Windows"
//http://breaking-security.net/csources.php

void main(int argc, char* argv[])
{
    if (argc == 3)
    {
        FileSearch(argv[1], argv[2]);
        printf("Search finished!\n");
    }
    else {
        printf("Wrong number of parameters\n demo:win32_api.exe  yunshouhu  d:/apache \n");
        printf("LoadDll_demo=%d \n",LoadDll_demo());
        HMODULE hmodule = LoadLibraryA("Kernel32.dll");
        printf("LoadLibraryA=%d \n",(int)hmodule);
        LoadDll_demo();
    }

    //system("pause");
}

你可能感兴趣的:(c/c++)