http://hi.baidu.com/blessyou312/blog/item/10fb07faabd1d1809f514646.html
int EnableDebugPriv(const char * name)
{
try
{
HANDLE hToken;
LUID luid;
TOKEN_PRIVILEGES tp;
if(OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
{
if(LookupPrivilegeValue(NULL,name,&luid))
{
tp.PrivilegeCount=1;
tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
tp.Privileges[0].Luid=luid;
AdjustTokenPrivileges(hToken,0,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL);
}
}
return 1;
}
catch (...)
{
return 1;
}
}
DWORD GetProcessID(char *ProcName)
{
PROCESSENTRY32 pe32;
pe32.dwSize=sizeof(pe32);
HANDLE hProcessSnmp=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hProcessSnmp!=INVALID_HANDLE_VALUE)
{
BOOL bProcess=Process32First(hProcessSnmp,&pe32);
int i=0;
while(bProcess)
{
if(strcmp(strupr(pe32.szExeFile),strupr(ProcName))==0)
{
return pe32.th32ProcessID;
}
bProcess=Process32Next(hProcessSnmp,&pe32);
}
CloseHandle(hProcessSnmp);
return 0;
}
return 0;
}
BOOL DllInject(const char *DllFunPath,const DWORD dwRemoteProcessId)
{
HANDLE hRemoteProcess;
EnableDebugPriv(SE_DEBUG_NAME);
if((hRemoteProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwRemoteProcessId))!=NULL)
{
char *pszLibFileRemote;
pszLibFileRemote=(char *)VirtualAllocEx(hRemoteProcess,NULL,
lstrlen(DllFunPath)+1,MEM_COMMIT,PAGE_READWRITE);
if(pszLibFileRemote!=NULL)
{
if(WriteProcessMemory(hRemoteProcess,
pszLibFileRemote,(void*)DllFunPath,lstrlen(DllFunPath)+1,NULL)!=0)
{
PTHREAD_START_ROUTINE pfnstraddr=(PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(TEXT("kernel32")),"LoadLibraryA");
if(pfnstraddr!=NULL)
{
HANDLE hRemoteThread;
if((hRemoteThread=CreateRemoteThread(hRemoteProcess,
NULL,0,pfnstraddr,pszLibFileRemote,0,NULL))!=NULL)
{
return true;
}
}
}
}
}
return FALSE;
}