源码下载可用,向已知句柄的进程注入dll文件
#define _CRT_SECURE_NO_WARNINGS
#include <iostream>
#include <windows.h>
#include <stdio.h>
//#include <iostream>
void InjectDLL(DWORD PID, char* Path)
{
DWORD dwSize;
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, PID);
dwSize = strlen(Path) + 1;
LPVOID lpParamAddress = VirtualAllocEx(hProcess, 0, dwSize, PARITY_SPACE, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(hProcess, lpParamAddress, (PVOID)Path, dwSize, NULL);
HMODULE hModule = GetModuleHandleA("kernel32.dll");
LPTHREAD_START_ROUTINE lpStartAddress = (LPTHREAD_START_ROUTINE)GetProcAddress(hModule, "LoadLibraryA");
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, lpStartAddress, lpParamAddress, 0, NULL);
WaitForSingleObject(hThread, 1000);
CloseHandle(hThread);
}
int main()
{
char key_s[50];
int ppid;
strcpy_s(key_s, "d:\\dis_test\\dll_.dll");//获取需要注入的dll文件
InjectDLL(ppid, key_s); // 向进程中注入dll文件,ppid自行获取,为进程的句柄
return 0;
}
参考dll文件,这里的dll注入效果是实现弹窗
// dllmain.cpp : 定义 DLL 应用程序的入口点。
#include "pch.h"
#include <windows.h>
extern "C" __declspec(dllexport) void ShellCode()
{
LPCWSTR tmp1 = L"弹窗标题";
LPCWSTR tmp2 = L"弹窗内容";
MessageBox(NULL, tmp1, tmp2, MB_OK);
}
bool APIENTRY DllMain(HANDLE handle, DWORD dword, LPVOID lpvoid)
{
ShellCode();
return true;
}