c++之window filesearch和LoadLibraryA的实现

#include <windows.h>
#include <algorithm>
#include <string>
using namespace std;

bool FileSearch(string sSearch, string sFolder)
{
// This recursive function will search for a filename or part of it,
// inside the specified folder and in all its subfolders.
// Coded by Viotto - http://Breaking-Security.net 
std::transform(sSearch.begin(), sSearch.end(), sSearch.begin(), ::tolower);

// Check for final slash in path and append it if missing
if (sFolder[sFolder.length() -1] != '\\')
{
sFolder += "\\";
}

WIN32_FIND_DATA FileInfo;
HANDLE hFind = FindFirstFileA(string(sFolder + "*").c_str(), &FileInfo);

if (hFind == INVALID_HANDLE_VALUE)
{
FindClose(hFind);
return false;
}
string sFileInfo;

while (FindNextFile(hFind, &FileInfo) != 0)
{
if (FileInfo.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY
&& strcmp(FileInfo.cFileName, ".") != 0
&& strcmp(FileInfo.cFileName, "..") != 0)
{
string sRecursiveDir = sFolder + string(FileInfo.cFileName);
FileSearch(sSearch, sRecursiveDir);
}

string sFileName(FileInfo.cFileName);
std::transform(sFileName.begin(), sFileName.end(), sFileName.begin(), ::tolower);
if (sFileName.find(sSearch) != string::npos)
{
//Search string has been found inside file name
printf(string(sFolder + FileInfo.cFileName + "\n").c_str());
}
}
FindClose(hFind);
return true;
}

typedef struct _UNICODE_STRING
{ // UNICODE_STRING structure
USHORT Length;
USHORT MaximumLength;
PWSTR  Buffer;
} UNICODE_STRING, *PUNICODE_STRING;

typedef NTSTATUS (WINAPI *fLdrLoadDll) //LdrLoadDll function prototype
(
IN PWCHAR PathToFile OPTIONAL,
IN ULONG Flags OPTIONAL,
IN PUNICODE_STRING ModuleFileName,
OUT PHANDLE ModuleHandle
);

typedef VOID (WINAPI *fRtlInitUnicodeString) //RtlInitUnicodeString function prototype
(
PUNICODE_STRING DestinationString,
PCWSTR SourceString
);

HMODULE hntdll;
fLdrLoadDll _LdrLoadDll;
fRtlInitUnicodeString _RtlInitUnicodeString;

//http://breaking-security.net/csources.php
//LoadLibraryA
HMODULE LoadDll( LPCSTR lpFileName)
{
//by Viotto - http://breaking-security.net 
if (hntdll      == NULL) { hntdll = GetModuleHandleA("ntdll.dll"); }
if (_LdrLoadDll == NULL) { _LdrLoadDll = (fLdrLoadDll) GetProcAddress ( hntdll, "LdrLoadDll"); }
if (_RtlInitUnicodeString == NULL)
{ _RtlInitUnicodeString = (fRtlInitUnicodeString) GetProcAddress ( hntdll, "RtlInitUnicodeString"); }

int StrLen = lstrlenA(lpFileName);
BSTR WideStr = SysAllocStringLen(NULL, StrLen);
MultiByteToWideChar(CP_ACP, 0, lpFileName, StrLen, WideStr, StrLen);

UNICODE_STRING usDllName;
_RtlInitUnicodeString(&usDllName, WideStr);
SysFreeString(WideStr);

HANDLE DllHandle;
_LdrLoadDll(0, 0, &usDllName, &DllHandle);

return (HMODULE)DllHandle;
}

int LoadDll_demo() //Usage example
{
HMODULE hmodule = LoadDll("Kernel32.dll");
//HMODULE hmodule = LoadLibraryA("Kernel32.dll");
return (int)hmodule;
}

// Usage example:
// filesearch "Notepad" "C:\Windows"
//http://breaking-security.net/csources.php

void main(int argc, char* argv[])
{
if (argc == 3)
{
FileSearch(argv[1], argv[2]);
printf("Search finished!\n");
}
else {
printf("Wrong number of parameters\n demo:win32_api.exe  yunshouhu  d:/apache \n");
printf("LoadDll_demo=%d \n",LoadDll_demo());
HMODULE hmodule = LoadLibraryA("Kernel32.dll");
printf("LoadLibraryA=%d \n",(int)hmodule);
LoadDll_demo();
}

//system("pause");
}