实现 Rundll.exe 的功能,代码很简单:
#include "stdafx.h"
#include <tchar.h>
#include <windows.h>
#include <iostream.h>
int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
HMODULE hModule;
LPVOID lpvfn;
if (argc < 3)
{
cout << "Not enough parameters passed." << endl;
return -1;
}
hModule = ::LoadLibrary(argv[1]);
if (hModule == NULL)
{
cout << "Load DLL \"" << argv[1] << "\" failed!" << endl;
return (int)GetLastError();
}
lpvfn = ::GetProcAddress(hModule, argv[2]);
if (lpvfn == NULL)
{
cout << "Can't found specific function \"" << argv[2] << "\"!" << endl;
return (int)GetLastError();
}
int iRetCode;
int arg = argc - 1;
TCHAR* szArg;
__asm push esp // save current 'esp'
while (arg > 2)
{
szArg = argv[arg];
bool bstring = false;
while(*szArg != _T('\0'))
{
if (!_istdigit(*szArg))
{
bstring = true;
break;
}
szArg ++;
}
if (bstring)
{
szArg = argv[arg];
__asm push szArg
}
else
{
long argl = _ttol(argv[arg]);
__asm push argl
}
arg --;
}
__asm call lpvfn
__asm pop esp
__asm mov iRetCode, eax
::FreeLibrary(hModule);
return iRetCode;
}
只支持 LONG 和 String 两种参数而且 String 中间不能有空格(不然会被认为是两个参数),如果要写的好一点应该自己判断参数类型及转换参数。
我测试的参数如下:
test.exe user32.dll MessageBoxA 0 This'sOK Caption 0
相当于调用:MessageBoxA(NULL, "This'sOK", "Caption", MB_OK);
