多字节和宽字节: https://www.cnblogs.com/chen-cai/p/9151588.html
https://bbs.pediy.com/thread-168137.htm
#include <windows.h>
#include "stdio.h"
#include <tchar.h>
void InjectDLL(HANDLE hProcess, const char* libName)
{
char dllPath[MAX_PATH + 1] = { 0 };
strcpy_s(dllPath, libName);
static HMODULE kernel32 = GetModuleHandleA("kernel32.dll");
if (kernel32 == NULL)
{
printf("Couldn't get handle for kernel32.dll");
return;
}
void *remoteMem =
VirtualAllocEx(hProcess, NULL, sizeof(dllPath), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (remoteMem)
{
BOOL success = WriteProcessMemory(hProcess, remoteMem, (void *)dllPath, sizeof(dllPath), NULL);
if (success)
{
HANDLE hThread = CreateRemoteThread(
hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(kernel32, "LoadLibraryA"),
remoteMem, 0, NULL);
if (hThread)
{
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
else
{
printf("Couldn't create remote thread for LoadLibraryW: %u", GetLastError());
}
}
else
{
printf("Couldn't write remote memory %p with dllPath '%ls': %u", remoteMem, dllPath,
GetLastError());
}
VirtualFreeEx(hProcess, remoteMem, 0, MEM_RELEASE);
}
else
{
printf("Couldn't allocate remote memory for DLL '%ls': %u", libName, GetLastError());
}
}
void main()
{
auto pid = 9640;
HANDLE hProcess =
OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION |
PROCESS_VM_WRITE | PROCESS_VM_READ | SYNCHRONIZE,
FALSE, pid);
InjectDLL(hProcess, "C:\\xxxx\\DllTTTTTTTTT.dll");
}
这里是因为 宽字节(Unicode)和多字节(ascii)的问题
这里用多字节就行 ascii
LoadLibraryA
LoadLibraryW
// 这两个函数根据字节来的,字节不一样,用法不一样
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
