注入(二):修改导入表(c++)

最新推荐文章于 2022-03-21 13:57:31 发布
最新推荐文章于 2022-03-21 13:57:31 发布
阅读量1.4k 收藏 1
点赞数
分类专栏: 游戏

导入表注入:修改游戏EXE依赖dll树上找个结点,程序运行前加载,加载修改回导入表。
 优:游戏依赖库多,不易用完整性来查验,同时客户端版本不同,更易躲过检测
 缺点:文件操作明显,易被ProcessMonitor检测到

//BeModeImportTableExe.exe
void main(void)
{
	int i = 0;
	while(true)
	{
		__asm{
		mov eax,i
		inc eax
		}
	}
}


 

//修改导入表的exe
#include <Windows.h>

DWORD PEAlign(DWORD dwTarNum,DWORD dwAlignTo)
{	
	return(((dwTarNum+dwAlignTo-1)/dwAlignTo)*dwAlignTo);
}

//
//增加导入表项
//
BOOL AddNewSection(LPCTSTR lpStrModulePath, DWORD dwNewSectionSize)
{
	bool   bSuccess = false;
	LPVOID lpMemModule = NULL;
	LPBYTE lpData = NULL;
	HANDLE hFile = INVALID_HANDLE_VALUE, hFileMapping = INVALID_HANDLE_VALUE;
	PIMAGE_NT_HEADERS pNtHeader = NULL;
	PIMAGE_SECTION_HEADER pNewSection = NULL, pLastSection = NULL;

	OutputDebugString("[!] AddNewSection Enter!\n");

	//TODO:可能还涉及关闭windows文件保护
	__try
	{
		//pe文件映射到内存
		hFile = CreateFile(
			     lpStrModulePath,
				 GENERIC_READ | GENERIC_WRITE,
				 FILE_SHARE_READ | FILE_SHARE_WRITE,
				 NULL,
				 OPEN_EXISTING,
				 FILE_ATTRIBUTE_NORMAL,
				 NULL
				 );
		if ( INVALID_HANDLE_VALUE == hFile )
		{
			OutputDebugString("[-] AddNewSection CreateFile fail!\n");
			goto _EXIT_;
		}

		DWORD dwFileSize = GetFileSize(hFile, NULL);
		hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READWRITE/* | SEC_IMAGE*/, 0, dwFileSize, "WINSUN_MAPPING_FILE");
		if ( NULL == hFileMapping )
		{
			
			OutputDebugString("[-] AddNewSection CreateFileMapping fail!\n");
			goto _EXIT_;

		}

		lpMemModule = MapViewOfFile(hFileMapping, FILE_MAP_ALL_ACCESS, 0, 0, dwFileSize);
		if ( NULL == lpMemModule )
		{
			OutputDebugString("[-] AddNewSection MapViewOfFile fail!\n");
			goto _EXIT_;
		}

		lpData = (LPBYTE)lpMemModule;
		//判断是否是PE文件
        if (((PIMAGE_DOS_HEADER)lpData)->e_magic != IMAGE_DOS_SIGNATURE )
        {
			OutputDebugString("[-] AddNewSection PE Header MZ error!\n");
			goto _EXIT_;
        }

		pNtHeader = (PIMAGE_NT_HEADERS)(lpData + ((PIMAGE_DOS_HEADER)(lpData))->e_lfanew);
		if ( pNtHeader->Signature != IMAGE_NT_SIGNATURE )
		{
			OutputDebugString("[-] AddNewSection PE Header PE error!\n");
			goto _EXIT_;
		}
		
		//判断是否可以增加一个新节
		if ( ((pNtHeader->FileHeader.NumberOfSections + 1) * sizeof(IMAGE_SECTION_HEADER)) > (pNtHeader->OptionalHeader.SizeOfHeaders) )
		{
			OutputDebugString("[-] AddNewSection cannot add a new section!\n");
			goto _EXIT_;
		}

        pNewSection  = (PIMAGE_SECTION_HEADER)(pNtHeader+1) + pNtHeader->FileHeader.NumberOfSections;
		pLastSection = pNewSection - 1;

		
		DWORD rsize,vsize,roffset,voffset;
		//对齐偏移和RVA
		rsize=PEAlign(dwNewSectionSize,
				pNtHeader->OptionalHeader.FileAlignment);

		roffset=PEAlign(pLastSection->PointerToRawData+pLastSection->SizeOfRawData,
				pNtHeader->OptionalHeader.FileAlignment);
		
		vsize=PEAlign(dwNewSectionSize,
				pNtHeader->OptionalHeader.SectionAlignment);

		voffset=PEAlign(pLastSection->VirtualAddress+pLastSection->Misc.VirtualSize,
				pNtHeader->OptionalHeader.SectionAlignment);

		//填充新节表
		memcpy(pNewSection->Name, "WINSUN", strlen("WINSUN"));
		pNewSection->VirtualAddress = voffset;
		pNewSection->PointerToRawData = roffset;
		pNewSection->Misc.VirtualSize = vsize;
		pNewSection->SizeOfRawData = rsize;
		pNewSection->Characteristics = IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE;

		//修改IMAGE_NT_HEADERS,增加新节表
		pNtHeader->FileHeader.NumberOfSections++;
		pNtHeader->OptionalHeader.SizeOfImage += vsize;
		pNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size = 0;
		pNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress = 0;

		//增加新节到文件尾部
		DWORD dwWriteBytes;
		SetFilePointer(hFile,0,0,FILE_END);
		PBYTE pbNewSectionContent = new BYTE[rsize];
		ZeroMemory(pbNewSectionContent, rsize);
		bSuccess = WriteFile(hFile, pbNewSectionContent, rsize, &dwWriteBytes, NULL);
		if (!bSuccess)
		{
			MessageBox(NULL,"新增节失败","error",MB_OK);
			goto _EXIT_;
		}
		
	}
	__except(EXCEPTION_EXECUTE_HANDLER)
	{
        OutputDebugString("[-] AddImportTableItem  Exception!\n");
		return false;
	}
  OutputDebugString("[!] AddNewSection Exit!\n");
	bSuccess = true;
_EXIT_:

	if ( hFile )
	{
         CloseHandle(hFile);
	}

	if ( lpMemModule)
	{
		UnmapViewOfFile(lpMemModule);
	}

	if ( hFileMapping )
	{
		CloseHandle(hFileMapping);
	}
	return true;
}

//
PIMAGE_SECTION_HEADER ImageRVA2Section(PIMAGE_NT_HEADERS pImgNTHeader, DWORD dwRVA)
{
	int i;
	PIMAGE_SECTION_HEADER pSectionHeader  = (PIMAGE_SECTION_HEADER)(pImgNTHeader+1);
	for(i=0;i<pImgNTHeader->FileHeader.NumberOfSections;i++)
	{
		if((dwRVA>=(pSectionHeader+i)->VirtualAddress) && (dwRVA<=((pSectionHeader+i)->VirtualAddress+(pSectionHeader+i)->SizeOfRawData)))
		{
			return ((PIMAGE_SECTION_HEADER)(pSectionHeader+i));
		}
	}
	return(NULL);
}


//
// calulates the Offset from a RVA
// Base    - base of the MMF
// dwRVA - the RVA to calculate
// returns 0 if an error occurred else the calculated Offset will be returned
DWORD RVA2Offset(PIMAGE_NT_HEADERS pImgNTHeader, DWORD dwRVA)
{
	DWORD _offset;
	PIMAGE_SECTION_HEADER section;
	section=ImageRVA2Section(pImgNTHeader,dwRVA);//ImageRvaToSection(pimage_nt_headers,Base,dwRVA);
	if(section==NULL)
	{
		return(0);
	}
	_offset=dwRVA+section->PointerToRawData-section->VirtualAddress;
	return(_offset);
}

BOOL AddNewImportDescriptor(const char * szPEFilePath,char * szInjectDllName, char *szImportFuncName)
{
	BOOL bSuccess = FALSE;
	LPVOID lpMemModule = NULL;
	LPBYTE lpData = NULL;
	HANDLE hFile = INVALID_HANDLE_VALUE, hFileMapping = INVALID_HANDLE_VALUE;
	PIMAGE_NT_HEADERS pNtHeader = NULL;
	PIMAGE_IMPORT_DESCRIPTOR pstImportTable = NULL;
	PIMAGE_SECTION_HEADER    pstSectionHeader = NULL;
	__try
	{
			//pe文件映射到内存
		hFile = CreateFile(
			     szPEFilePath,
				 GENERIC_READ | GENERIC_WRITE,
				 FILE_SHARE_READ | FILE_SHARE_WRITE,
				 NULL,
				 OPEN_EXISTING,
				 FILE_ATTRIBUTE_NORMAL,
				 NULL
				 );
		if ( INVALID_HANDLE_VALUE == hFile )
		{
			OutputDebugString("[-] AddNewImportDescriptor CreateFile fail!\n");
			goto _EXIT_;
		}

		DWORD dwFileSize = GetFileSize(hFile, NULL);
		hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READWRITE/* | SEC_IMAGE*/, 0, dwFileSize, "WINSUN_MAPPING_FILE");
		if ( NULL == hFileMapping )
		{
			
			OutputDebugString("[-] AddNewImportDescriptor CreateFileMapping fail!\n");
			goto _EXIT_;

		}

		lpMemModule = MapViewOfFile(hFileMapping, FILE_MAP_ALL_ACCESS, 0, 0, dwFileSize);
		if ( NULL == lpMemModule )
		{
			OutputDebugString("[-] AddNewImportDescriptor MapViewOfFile fail!\n");
			goto _EXIT_;
		}

		lpData = (LPBYTE)lpMemModule;
		//判断是否是PE
        if (((PIMAGE_DOS_HEADER)lpData)->e_magic != IMAGE_DOS_SIGNATURE )
        {
			OutputDebugString("[-] AddNewImportDescriptor PE Header MZ error!\n");
			goto _EXIT_;
        }

		pNtHeader = (PIMAGE_NT_HEADERS)(lpData + ((PIMAGE_DOS_HEADER)(lpData))->e_lfanew);
		if ( pNtHeader->Signature != IMAGE_NT_SIGNATURE )
		{
			OutputDebugString("[-] AddNewImportDescriptor PE Header PE error!\n");
			goto _EXIT_;
		}
		pstImportTable = (PIMAGE_IMPORT_DESCRIPTOR)(lpData + RVA2Offset(pNtHeader,pNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress));
		BOOL bBoundImport = FALSE;
		if (pstImportTable->Characteristics == 0 && pstImportTable->FirstThunk != 0)
		{
			bBoundImport = TRUE;
			pNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size = 0;
			pNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress = 0;
		}
		
		pstSectionHeader = (PIMAGE_SECTION_HEADER)(pNtHeader+1)+pNtHeader->FileHeader.NumberOfSections-1;
		PBYTE pbNewSection = pstSectionHeader->PointerToRawData + lpData;
		int i = 0;
		while(pstImportTable->FirstThunk != 0)
		{
			memcpy(pbNewSection, pstImportTable, sizeof(IMAGE_IMPORT_DESCRIPTOR));
			pstImportTable++;
			pbNewSection += sizeof(IMAGE_IMPORT_DESCRIPTOR);
			i++;
		}
		memcpy(pbNewSection, (pbNewSection-sizeof(IMAGE_IMPORT_DESCRIPTOR)), sizeof(IMAGE_IMPORT_DESCRIPTOR));
	

		
		DWORD dwDelt = pstSectionHeader->VirtualAddress - pstSectionHeader->PointerToRawData;
		
		//avoid import not need table
		PIMAGE_THUNK_DATA pImgThunkData = (PIMAGE_THUNK_DATA)(pbNewSection + sizeof(IMAGE_IMPORT_DESCRIPTOR)*2);
		


		//import dll name
		PBYTE pszDllNamePosition = (PBYTE)(pImgThunkData + 2);
		memcpy(pszDllNamePosition, szInjectDllName, strlen(szInjectDllName));
		pszDllNamePosition[strlen(szInjectDllName)] = 0;

		//确定IMAGE_IMPORT_BY_NAM的位置
		PIMAGE_IMPORT_BY_NAME pImgImportByName = (PIMAGE_IMPORT_BY_NAME)(pszDllNamePosition + strlen(szInjectDllName) + 1);
		

		//init IMAGE_THUNK_DATA
		pImgThunkData->u1.Ordinal = dwDelt + (DWORD)pImgImportByName - (DWORD)lpData ;


		//init IMAGE_IMPORT_BY_NAME
		pImgImportByName->Hint = 1;
		memcpy(pImgImportByName->Name, szImportFuncName, strlen(szImportFuncName)); //== dwDelt + (DWORD)pszFuncNamePosition - (DWORD)lpData ;
		pImgImportByName->Name[strlen(szImportFuncName)] = 0;
		//init OriginalFirstThunk
		if (bBoundImport)
		{
			((PIMAGE_IMPORT_DESCRIPTOR)pbNewSection)->OriginalFirstThunk = 0;
		}
		else
			((PIMAGE_IMPORT_DESCRIPTOR)pbNewSection)->OriginalFirstThunk = dwDelt + (DWORD)pImgThunkData - (DWORD)lpData;
		//init FirstThunk
		((PIMAGE_IMPORT_DESCRIPTOR)pbNewSection)->FirstThunk = dwDelt + (DWORD)pImgThunkData - (DWORD)lpData;
		//init Name
		((PIMAGE_IMPORT_DESCRIPTOR)pbNewSection)->Name = dwDelt + (DWORD)pszDllNamePosition-(DWORD)lpData;

		//改变导入表
		pNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress =  pstSectionHeader->VirtualAddress; 
		pNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size			 =  (i+1)*sizeof(IMAGE_IMPORT_DESCRIPTOR);
		
		
	}
	__except(EXCEPTION_EXECUTE_HANDLER)
	{
        OutputDebugString("[-] AddNewImportDescriptor  Exception!\n");
		return false;
	}

	_EXIT_:

	if ( hFile )
	{
         CloseHandle(hFile);
	}

	if ( lpMemModule)
	{
		UnmapViewOfFile(lpMemModule);
	}

	if ( hFileMapping )
	{
		CloseHandle(hFileMapping);
	}
	return true;
}

BOOL AddImportTable(const char * szPEFilePath, char * szInjectDllName,char *szFuncName)
{
	BOOL bSuccess = FALSE;
	try
	{
		//增加一个叫"WINSUN"的节
		bSuccess = AddNewSection(szPEFilePath, 256);
		if (!bSuccess)
		{
			MessageBox(NULL,"add new section fail", "error", MB_OK);
			return bSuccess;
		}
		//增加一个导入表
		AddNewImportDescriptor(szPEFilePath, szInjectDllName,szFuncName);
	}
	catch ( ... )//CException* e)
	{
		return bSuccess;
	}
	return bSuccess;
}

void BackupPE(char * pszPeFilePath)
{

	   CHAR szPath[MAX_PATH] = {0};
	   PCHAR pszPath = pszPeFilePath;

		pszPath = strrchr(pszPath, '\\');
		*pszPath = '\0';
		strcpy_s(szPath, strlen(pszPeFilePath)+1,pszPeFilePath);
		strcat_s(szPath, strlen("\\backup_")+1,"\\backup_");
		strcat_s(szPath, strlen(pszPath+1)+1,pszPath+1);
		*pszPath = '\\';

		CopyFile(pszPeFilePath, szPath, FALSE);
		strncpy(pszPeFilePath, szPath, MAX_PATH);
		return;
}

void main(int argc, char **argv)
{
	AddImportTable("BeModeImportTableExe.exe","WaiGua.dll","InjectFunc");
}
//WaiGua.dll
// dllmain.cpp : Defines the entry point for the DLL application.
#include <Windows.h>
#ifdef __cplusplus
extern "C"
{
#endif	

__declspec (dllexport) void InjectFunc(void);

#ifdef __cplusplus
}
#endif
 void InjectFunc(void)
 {
	  MessageBoxA(NULL, "Dll export Inject Success", "Dll Inject", MB_OKCANCEL);
 }
BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		MessageBoxA(NULL, "the simple inject success", "Dll Inject", MB_OKCANCEL);
		break;
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

注入没问题,运行有问题,还有待调试。

pomelozero
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
C++软件调试技术】C++软件开发维护过程中典型软件异常问题的排查与总结
dvlinker的技术专栏
04-15 4万+
本文以问答的方式进行展开,罗列了C++软件日常开发和维护中遇到的多个软件调试问题及有代性的场景,给出详细的处置思路和处理办法,以供大家借鉴和参考。
DLL注入_修改导入(1)
余韵
11-09 1446
PE文件分析 (一) 替换DLL函数 通过修改PE文件导入导出来更改函数。单纯分析PE文件是一件比较无聊的事,通过修改可以更加灵活的利用和理解PE文件。这就像生活一样,总要有一些特别的事,才能更加有灵感。学习本身就是生活的一部分,如何让程序更加灵活,是一个比较值得去实践的事,可以更加接近计算机的一些思想。 () 环境 VC++ 6.0 为了减少复杂度,用VC++ 6.0编译sum.cpp su...
pe-inject 修改程序导入
04-02
编辑修改程序导入,增加自定义DLL PE-inject is a special library which allows developers to place their own code into Windows executable files (EXE, DLL, OCX and others). PE-inject was designed to be as simple as possible, to make modification of executables (so called PE-files) as easy as writing a "Hello world!" program. The knowledge of Assembler and Windows PE-EXE file format, which was essential before PE-inject came, is no longer required. To inject your code into foreign executables you only need to make a DLL file with functions you want to inject into PE file, call PE-inject function to place the DLL into the executable and the file is injected. From now on, everytime you run the executable, the injected code will be run first and after it finishes, the old application code will start. PE-inject doesn't need to write any data to harddrive, like some other solutions do. Therefore it can be also used for applications which require highest security, like PE-protection engines. From EXE password protectors, through PE compressors to PE anti-cracking protectors, everything is easy to implement. PE-inject has a really well designed interface, which allows you to use it for almost any purpose related with injection of code into PE-files. Even a virus-like code is possible!
改写PE文件导入加载DLL
03-18
通过改写PE文件的导入段,实现DLL的加载。PE文件的导入段记录了系统所要加载的DLL名,以及由该DLL所导出的,PE文件中所用到的函数信息。
PE引入修改实战
03-21 2273
 用处当然不小,如果你喜欢做病毒的话,利用本文章讲述的方法,可以让你的病毒在WINDOWS下畅通无阻。 ;===========================================;名 称: PE引入修改实战;用 途:;语 言: TASM32;日 期: 2002年7月21日;备 注:; 引入部份的代码查阅了Iczelion网站上一些; 外国朋友的代码,虽然不知道他们是哪国人,不;
手动添加导入修改EXE功能
天使也掉毛
10-30 5971
手动添加导入修改EXE功能
iat导入hook的c++源码
最新发布
09-14
当我们谈论“iat导入hook”时,我们实际上是在讨论一种技术,用于拦截和修改其他进程调用DLL函数的行为。这种技术常用于软件调试、注入、安全分析以及性能优化等领域。 IAT(Import Address Table)是每个PE...
PE 之导入解析和注入
windows小菜鸡的博客
08-19 655
1、导入 导入是在可选PE头得数据目录项得第项 其结构如下 其中name是一个RVA,是DLL的名字 OriginalFirstThunk指向INT,为 IMAGE_THUNK_DATA32的结构。这个结构的值中如果最高位为1 ,那么除去最高位的值函数的导出序号,否则为指向IMAGE_IMPORT_BY_NAME的RVA 其结构如下 其中Hint值无关紧要。 ** FirstThunk** 指向的是IAT,其内容结构与OriginalFirstThunk指向的INT一模一样 2、程序启动
移动导入/导入注入注入导入EXE无法运行的BUG解决方案)
qq_32067613的博客
12-09 339
除了移动导入导入注入的基础以外,重要的记录和解决一个bug。
VC编程--导入注入代码.rar
12-09
- **VC++编程实践**:使用Visual C++进行编程实践,创建注入代码并修改PE文件的导入。 - **工具与调试**:介绍一些用于分析和修改PE文件的工具,如OllyDbg、IDA Pro等,以及如何使用它们进行调试和注入操作。 这...
驱动开发实现修改导入注入dll
12-21
导入注入dll其实就是给程序的导入添加一个dll和相应函数,程序在被载入时,系统会自动加载该dll,从而实现dll注入。 我在驱动实现修改导入的方法就是使用PsSetLoadImageNotifyRoutine函数创建回调,在回调中修改导入
导入注入代码》文章代码VC源代码
03-15
itview.zip (87.1 KB) Import Table viewer pemaker6.zip (96.6 KB) PE Maker to redirect API by JMP pemaker7.zip (193 KB) PE Maker to redirect ShellAbout() zimport.zip (130 KB) Import Table runtime redirector 《导入注入代码》文章代码,本文介绍注入代码到PE(Portable Executable可移植的执行体)文件格式的Import Table(导入,也有译为“引入”)技术,其也被称为A
LoadPE工具(修改了可正常运行).rar
02-19
LoadPE工具(修改了可正常运行)."_"
修改PE文件引入实现加载DLL
威化饼的一隅
04-08 3040
文章目录内容简介DLL结构DLL的编译链接(VS命令行中)DLL的加载使用的DLL源代码PE文件关键结构MZ头NT映像头可选头部引入IDT、INT、IAT关系代码实现思路关键数据结构节IDT项验证结果 内容简介 编写Func.dll,并编写一个EXE程序,该程序能够加载Func.dll,并调用Func.dll中的导出函数,在加载Func.dll的时候,会弹出计算器calc.exe。 使用PE...
dump文件导入修复工具——Imports Fixer
一个热爱逆向,喜爱学习、分享的猿。
03-21 1145
最近在学习VMP脱壳,用到了该工具,记录分享一下。 功能: 根据进程的导入,在该进程的dump文件中分配一块空间,在文件中创建导入。 下载: 非开源 很多地方可以下载到,这里分享一个csdn下载地址: https://download.csdn.net/download/shadow20080578/85012603 使用前提: 1、导入被修复好的进程 2、导入没有被修复好的dump文件 使用方法: 打开主界面 1、在主界面上面选中导入被修复好的进程 2、主界
我的学习笔记之——修改导入HOOK API(ring3_iat_exe_hook_Messagebox)
zqf_office的专栏
10-23 679
IAT即Import Address Table 是PE(可以理解为EXE)的输入地址,我们知道一个程序运行时可以要调用多个模块,或都说要调用许多API函数,但这些函数不一定都在EXE本身中,例如你调用Messagebox来显示一个对话框时,你只需要调用它,你并没有编写Messagebox的函数的实现过程,Messagebox的函数的实现过程实际上是在user32.dll这个文件中,当这个程序
取得导入模块
wayaoqiang的专栏
04-25 554
#include "windows.h" #include "iostream.h" #include "Dbghelp.h" #include "Psapi.h" #pragma comment(lib,"Psapi.lib") #pragma comment(lib,"Dbghelp.lib") #pragma comment(linker, "/subsystem
修改导入载入DLL
白日梦
08-17 6726
关于修改EXE文件的导入,实际上是一个很古老的话题了(如果您是此中高手,请不要在这篇文章浪费时间了,如果您发现了其中的问题,还请多多指教).一些PE相关的软件,也都实现了这样的功能,例如Stud_PE.    Stud_PE通过添加一个新节并将导入连同添加的内容一并复制到新节的方法来实现对DLL的导入.    使用这样的方法只要是PE格式的EXE文件,都可以实现导入DLL的功能,但此方法,实现
[DLL注入的方法]进程创建期修改PE输入
diheqiu3577的博客
09-03 404
  进程创建期修改PE输入法的原理和静态修改PE输入完全相同,可以在R3/R0的各个阶段进行干预(必须在主线程运行之前)。 1.以读写方式打开目标文件: 2 //以读写方式打开目标文件 3 HANDLE hFile = CreateFile(szImageFilePath, 4 GENERIC_READ|GENERIC_WRITE, ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值