我的使用createremotethread控制excel右键的源程序

 

利用CreateRemoteThread将dll写进excel.exe.利用SetWindowLong()改变excel中右键消息。dll源程序：#include <windows.h>

BOOL __stdcall DllMain(HANDLE,DWORD,LPVOID)
{
 return TRUE;
}
/*
#pragma data_seg("shared")
#pragma data_seg()
#pragma comment(linker,"/SECTION:shared,rws")
*/
WNDPROC g_lpfnOldWndProc;
HWND    g_hMsgWnd;
LRESULT APIENTRY HookExcelWndProc(HWND hWnd, UINT wMessage , WPARAM wParam, LPARAM lParam)
{ 
 try
 {
  switch (wMessage)
  {
  case WM_RBUTTONDOWN:
   MessageBox(g_hMsgWnd,"u click the r button","",MB_OK);
   return 1;
   break;
  case WM_CLOSE:
   ::ExitProcess (0);
   break;
   
  default:
   if (NULL == g_lpfnOldWndProc)
    return DefWindowProc(hWnd,wMessage,wParam,lParam);
   else
    return CallWindowProc(g_lpfnOldWndProc,hWnd,wMessage,wParam,lParam);
  }
 }
 catch(...)
 {
 }
 return 0;
}
LRESULT __stdcall HookExcelRightMenu(HWND hwnd)
{
 g_hMsgWnd = hwnd;
 g_lpfnOldWndProc=(WNDPROC)::SetWindowLong(hwnd,GWL_WNDPROC,(LONG)HookExcelWndProc);
    MSG msg;
 while( ::GetMessage( &msg, NULL, 0, 0 ))
 {
  TranslateMessage(&msg);
  DispatchMessage(&msg);  
 }
 return TRUE;
}
注入进程源程序:#include <windows.h>
#include <tlhelp32.h>
const int MAXINJECTSIZE = 10240;
typedef HMODULE (__stdcall  * LPLOADLIBRARY)(LPCTSTR);
typedef FARPROC (__stdcall * LPGETPROCADDRESS)(HMODULE,LPCTSTR);
typedef BOOL    (__stdcall * LPFREELIBRARY)(HMODULE);
typedef LRESULT (__stdcall * LPHookExcelRightMenu)(HWND);
typedef struct
{
 LPLOADLIBRARY  prcLoadLib;
 LPGETPROCADDRESS prcGetProcAddr;
 LPFREELIBRARY  prcFreeLib;
 TCHAR    szLibPath[MAX_PATH+1];
 HWND                hInjectWnd;
}INJECT_DLL,*LPINJECT_DLL;
DWORD GetProcessIdFromName(LPCTSTR name)
{
   PROCESSENTRY32 pe;
 DWORD id = 0; 
 HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
 pe.dwSize = sizeof(PROCESSENTRY32);
 if( !Process32First(hSnapshot,&pe) )
  return 0; 
 do
 {
  pe.dwSize = sizeof(PROCESSENTRY32);
  if( Process32Next(hSnapshot,&pe)==FALSE )
   break;
  if(stricmp(pe.szExeFile,name) == 0)
  {
   id = pe.th32ProcessID;
   break;
  }
  
 } while(1); 
 CloseHandle(hSnapshot); 
 return id;
}
void EnableDebugPriv( void )
{
 HANDLE hToken;
 LUID sedebugnameValue;
 TOKEN_PRIVILEGES tkp;
 
 if ( ! OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) )
  return;
 if ( ! LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue ) )
 {
  CloseHandle( hToken );
  return;
 }
 tkp.PrivilegeCount = 1;
 tkp.Privileges[0].Luid = sedebugnameValue;
 tkp.Privileges