今天一个朋友问我要c#注入器注入我的接口,于是我就写了这个程序
程序的界面很简单:
注入程序主要用到了系统的API,代码也不是很多,源码如下:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.IO;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace Inject
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
//声明API函数
[DllImport("kernel32.dll")]
public static extern int VirtualAllocEx(IntPtr hwnd, int lpaddress, int size, int type, int tect);
[DllImport("kernel32.dll")]
public static extern int WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten);
[DllImport("kernel32.dll")]
public static extern int GetProcAddress(int hwnd, string lpname);
[DllImport("kernel32.dll")]
public static extern int GetModuleHandleA(string name);
[DllImport("kernel32.dll")]
public static extern IntPtr CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);
[DllImport("KERNEL32.DLL ")]
public static extern int CloseHandle(IntPtr handle);
[DllImport("user32.dll", EntryPoint = "FindWindow")]
private extern static IntPtr FindWindow(string lpClassName, string lpWindowName);
private void button1_Click(object sender, EventArgs e)
{
if(FindWindow("WeChatLoginWndForPC", null) != IntPtr.Zero)
{
MessageBox.Show("当前有微信登录窗口,请关闭后再注入");
return ;
}
Process myProcess = new Process();
ProcessStartInfo myProcessStartInfo = new ProcessStartInfo(textWechatPath.Text+"\\WeChat.exe");
myProcess.StartInfo = myProcessStartInfo;
myProcess.Start();
while (FindWindow("WeChatLoginWndForPC", null) ==IntPtr.Zero)
{
System.Threading.Thread.Sleep(500);
}
InjectDll(myProcess);
}
//************************************************************
// 函数说明: 向进程注入DLL
//扣:150311852
//************************************************************
private int InjectDll(Process myProcess)
{
//获取当前工作目录下的dll
string dllfile= System.Windows.Forms.Application.StartupPath+"\\wxapi.dll";
if(!File.Exists(dllfile))
{
MessageBox.Show("DLL文件丢失");
return 0;
}
//获取微信Pid
//检测dll是否已经注入
if (CheckIsInject(myProcess.Id))
{
//在微信进程中申请内存
Int32 AllocBaseAddress = VirtualAllocEx(myProcess.Handle, 0, dllfile.Length+1, 4096, 4);
if (AllocBaseAddress == 0)
{
MessageBox.Show("内存分配失败", "错误");
return 0;
}
//写入dll路径到微信进程
if (WriteProcessMemory(myProcess.Handle, AllocBaseAddress, dllfile, dllfile.Length + 1, 0) == 0)
{
MessageBox.Show("DLL写入失败", "错误", 0);
return 0;
}
Int32 loadaddr = GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
if (loadaddr == 0)
{
MessageBox.Show("取得LoadLibraryA的地址失败");
return 0;
}
IntPtr ThreadHwnd = CreateRemoteThread(myProcess.Handle, 0, 0, loadaddr, AllocBaseAddress, 0, 0);
if (ThreadHwnd == IntPtr.Zero)
{
MessageBox.Show("创建远程线程失败");
return 0;
}
CloseHandle(ThreadHwnd);
}
else
{
MessageBox.Show("dll已经注入,请退出所有微信重新注入!", "提示");
return 0;
}
return myProcess.Id;
}
//************************************************************
// 函数说明: 检测是否已经注入dll
//扣:150311852
//************************************************************
private bool CheckIsInject(int wxProcessid)
{
Process[] mProcessList = Process.GetProcesses(); //取得所有进程
foreach (Process mProcess in mProcessList) //遍历进程
{
if ( mProcess.Id== wxProcessid)
{
ProcessModuleCollection myProcessModuleCollection = mProcess.Modules;
ProcessModule myProcessModule;
for (int i = 0; i < myProcessModuleCollection.Count; i++)
{
myProcessModule = myProcessModuleCollection[i];
if(myProcessModule.ModuleName=="wxapi.dll")
{
return false;
}
}
}
}
return true;
}
private void btnOpenFolder_Click(object sender, EventArgs e)
{
FolderBrowserDialog fbd = new FolderBrowserDialog();
DialogResult result = fbd.ShowDialog();
if (result == DialogResult.OK && !string.IsNullOrWhiteSpace(fbd.SelectedPath))
{
textWechatPath.Text = fbd.SelectedPath;
}
}
}
}
程序整体比较简单,需要注意一点:
要以x86编译,切记!!!
下载地址:https://download.csdn.net/download/keepmoving0407/16278129