C#注入DLL-C#注入器

最新推荐文章于 2024-09-07 09:21:45 发布

八爪鱼keepmoving8

最新推荐文章于 2024-09-07 09:21:45 发布

阅读量3.5k

点赞数

分类专栏： C# 工具微信逆向

本文链接：https://blog.csdn.net/keepmoving0407/article/details/115362861

版权

微信逆向同时被 3 个专栏收录

44 篇文章 24 订阅

订阅专栏

工具

6 篇文章 3 订阅

订阅专栏

5 篇文章 0 订阅

订阅专栏

今天一个朋友问我要c#注入器注入我的接口，于是我就写了这个程序

程序的界面很简单：

注入程序主要用到了系统的API，代码也不是很多，源码如下：

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.IO;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace Inject
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }
        //声明API函数
        [DllImport("kernel32.dll")] 
        public static extern int VirtualAllocEx(IntPtr hwnd, int lpaddress, int size, int type, int tect);

        [DllImport("kernel32.dll")]
        public static extern int WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten);

        [DllImport("kernel32.dll")]
        public static extern int GetProcAddress(int hwnd, string lpname);

        [DllImport("kernel32.dll")]
        public static extern int GetModuleHandleA(string name);

        [DllImport("kernel32.dll")]
        public static extern IntPtr CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);
        [DllImport("KERNEL32.DLL ")]
        public static extern int CloseHandle(IntPtr handle);

        [DllImport("user32.dll", EntryPoint = "FindWindow")]
        private extern static IntPtr FindWindow(string lpClassName, string lpWindowName);
        private void button1_Click(object sender, EventArgs e)
        {
            if(FindWindow("WeChatLoginWndForPC", null) != IntPtr.Zero)
            {
                MessageBox.Show("当前有微信登录窗口，请关闭后再注入");
                return ;
            }
            Process myProcess = new Process();
            ProcessStartInfo myProcessStartInfo = new ProcessStartInfo(textWechatPath.Text+"\\WeChat.exe");
            myProcess.StartInfo = myProcessStartInfo;
            myProcess.Start();
         
            while (FindWindow("WeChatLoginWndForPC", null)  ==IntPtr.Zero)
            {
                System.Threading.Thread.Sleep(500);
            }
            InjectDll(myProcess);
        }
       //************************************************************
        // 函数说明: 向进程注入DLL
        //扣：150311852
        //************************************************************
      private  int InjectDll(Process myProcess)
        {
            //获取当前工作目录下的dll
           string dllfile= System.Windows.Forms.Application.StartupPath+"\\wxapi.dll";
            if(!File.Exists(dllfile))
            {
                MessageBox.Show("DLL文件丢失");
                return 0;
            }
            //获取微信Pid

            //检测dll是否已经注入
            if (CheckIsInject(myProcess.Id))
            {
                //在微信进程中申请内存
                Int32 AllocBaseAddress = VirtualAllocEx(myProcess.Handle, 0, dllfile.Length+1, 4096, 4);
                if (AllocBaseAddress == 0)
                {
                    MessageBox.Show("内存分配失败", "错误");
                    return 0;
                }
                //写入dll路径到微信进程
                if (WriteProcessMemory(myProcess.Handle, AllocBaseAddress, dllfile, dllfile.Length + 1, 0) == 0)
                {
                    MessageBox.Show("DLL写入失败", "错误", 0);
                    return 0;
                }
                Int32 loadaddr = GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
                if (loadaddr == 0)
                {   
                    MessageBox.Show("取得LoadLibraryA的地址失败");
                    return 0;
                }
                IntPtr ThreadHwnd = CreateRemoteThread(myProcess.Handle, 0, 0, loadaddr, AllocBaseAddress, 0, 0);
                if (ThreadHwnd == IntPtr.Zero)
                {
                    MessageBox.Show("创建远程线程失败");
                    return 0;
                }
                CloseHandle(ThreadHwnd);
            }
            else
            {
                MessageBox.Show("dll已经注入，请退出所有微信重新注入！", "提示");
                return 0;
            }
            return myProcess.Id;
        }
        //************************************************************
        // 函数说明: 检测是否已经注入dll
        //扣：150311852
        //************************************************************
        private bool CheckIsInject(int wxProcessid)
        {
            Process[] mProcessList = Process.GetProcesses(); //取得所有进程

            foreach (Process mProcess in mProcessList) //遍历进程
            {
                if ( mProcess.Id== wxProcessid)
                {

                    ProcessModuleCollection myProcessModuleCollection = mProcess.Modules;
                    ProcessModule myProcessModule;
                    for (int i = 0; i < myProcessModuleCollection.Count; i++)
                    {
                        myProcessModule = myProcessModuleCollection[i];
                       if(myProcessModule.ModuleName=="wxapi.dll")
                        {
                            return false;
                        }
                    }
                }
                    
            }
            return true;
        }

        private void btnOpenFolder_Click(object sender, EventArgs e)
        {
            FolderBrowserDialog fbd = new FolderBrowserDialog();
            DialogResult result = fbd.ShowDialog();

            if (result == DialogResult.OK && !string.IsNullOrWhiteSpace(fbd.SelectedPath))
            {
                textWechatPath.Text = fbd.SelectedPath;
            }
        }
    }
}

程序整体比较简单，需要注意一点：