在windows扫雷进程下利用远线程技术注入扫雷dll。
创建远线程程序如下,调用前启动扫雷并获取其进程ID:
#include <stdio.h>
#include <windows.h>
BOOL injectProcess(DWORD processId, char* dllInjected)
{
HANDLE handle,threadHandle;
HMODULE hModule;
char* remoteString;
LPVOID ptrProc;
SIZE_T stringLen;
DWORD N, remoteThreadId;
hModule = GetModuleHandle("kernel32.dll");
#ifdef _DEBUG
printf("Hmodule:%d\n",hModule);
#endif
ptrProc = GetProcAddress(hModule, "LoadLibraryA"); //获取LoadLibraryA函数的地址
#ifdef _DEBUG
printf("ptrProc:%d\n",ptrProc);
#endif // _DEBUG
handle = 0;
threadHandle = 0;
remoteString = NULL;
handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE,processId);
if (handle == 0)
{
return FALSE;
}
stringLen = strlen(dllInjected)+1; //dll名长度
remoteString = (char*)VirtualAllocEx(handle, NULL, stringLen, MEM_COMMIT, PAGE_READWRITE); //申请分配内存
i