Classin反反截图注入

学弟classin看课界面没法截图，是反截图，考虑dll注入
思路参考：
https://bbs.kanxue.com/thread-288463.htm
https://www.cnblogs.com/petyr/articles/19001342

DLL:

#include "pch.h"
#include <windows.h>
#include <string>

// 遍历窗口的回调函数
BOOL CALLBACK EnumProc(HWND hwnd, LPARAM lp) {
    DWORD dwProcessId;
    GetWindowThreadProcessId(hwnd, &dwProcessId);

    // 只处理属于当前进程的窗口
    if (dwProcessId == GetCurrentProcessId()) {
        // 重置属性：0 代表 WDA_NONE
        SetWindowDisplayAffinity(hwnd, 0);
    }
    return TRUE;
}

DWORD WINAPI ResetThread(LPVOID lpParam) {
    // 注入成功后弹出 Debug 对话框
    MessageBoxA(NULL, "DLL 已成功注入目标进程！", "Debug Info", MB_OK | MB_ICONINFORMATION);

    while (TRUE) {
        // 100ms足够 防止循环重置
        EnumWindows(EnumProc, 0);
        Sleep(100);
    }
    return 0;
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) {
    if (ul_reason_for_call == DLL_PROCESS_ATTACH) {
        DisableThreadLibraryCalls(hModule);
        HANDLE hThread = CreateThread(NULL, 0, ResetThread, NULL, 0, NULL);
        if (hThread) CloseHandle(hThread);
    }
    return TRUE;
}

程序：

#include <windows.h>
#include <iostream>
#include <string>

using namespace std;

// 检查目标进程是否为 32 位 (WOW64)
bool IsProcessX86(HANDLE hProcess) {
    BOOL isWow64 = FALSE;
    if (IsWow64Process(hProcess, &isWow64)) {
        return isWow64; // 如果是 WOW64，则目标是 32 位
    }
    return false;
}

bool IsInjectedX64() {
#ifdef _WIN64
    return true;
#else
    return false;
#endif
}

bool InjectDLL(DWORD pid, string dllName) {
    char currentDir[MAX_PATH];
    GetModuleFileNameA(NULL, currentDir, MAX_PATH);
    string pathStr = currentDir;
    string fullDllPath = pathStr.substr(0, pathStr.find_last_of("\\/")) + "\\" + dllName;

    cout << "[*] 尝试注入 DLL: " << fullDllPath << endl;

    HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
    if (!hProc) {
        cout << "[-] OpenProcess 失败: " << GetLastError() << endl;
        return false;
    }

    // 检查架构兼容性
    bool targetIsX86 = IsProcessX86(hProc);
    bool currentIsX64 = IsInjectedX64();

    if (currentIsX64 != !targetIsX86) {
        cout << "[!] 警告：注入器架构(" << (currentIsX64 ? "x64" : "x86")
            << ") 与目标进程架构(" << (targetIsX86 ? "x86" : "x64") << ") 不匹配！" << endl;
        cout << "[!] 请使用对应架构编译的注入器。" << endl;
    }

    void* loc = VirtualAllocEx(hProc, NULL, fullDllPath.length() + 1, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
    if (!loc) return false;

    WriteProcessMemory(hProc, loc, fullDllPath.c_str(), fullDllPath.length() + 1, NULL);

    // 获取 LoadLibraryA 地址
    LPVOID loadLibAddr = (LPVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");

    HANDLE hThread = CreateRemoteThread(hProc, NULL, 0, (LPTHREAD_START_ROUTINE)loadLibAddr, loc, 0, NULL);
    if (hThread) {
        CloseHandle(hThread);
        CloseHandle(hProc);
        return true;
    }

    CloseHandle(hProc);
    return false;
}

int main() {
    system("chcp 936 > nul");

    for (int i = 5; i > 0; i--) {
        cout << "\r[*] 请在 " << i << " 秒内切换并置顶 ClassIn 窗口..." << flush;
        Sleep(1000);
    }
    cout << endl;

    HWND hwnd = GetForegroundWindow();
    DWORD pid = 0;
    GetWindowThreadProcessId(hwnd, &pid);

    HANDLE hProcCheck = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid);
    if (!hProcCheck) {
        cout << "[-] 无法获取进程信息。" << endl;
        return 1;
    }

    string targetDll;
    if (IsProcessX86(hProcCheck)) {
        cout << "[+] 检测到目标进程为 32位 (x86)" << endl;
        targetDll = "ci_bypass-x86.dll";
    }
    else {
        cout << "[+] 检测到目标进程为 64位 (x64)" << endl;
        targetDll = "ci_bypass-x64.dll";
    }
    CloseHandle(hProcCheck);

    if (InjectDLL(pid, targetDll)) {
        cout << "注入成功！" << endl;
    }
    else {
        cout << "注入失败，请检查 DLL 是否存在。" << endl;
    }

    system("pause");
    return 0;
}

---

classin是32位的。