- bool EnableDebugPriv()
- {
- HANDLE hToken;
- TOKEN_PRIVILEGES tp;
- LUID luid;
- if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
- return false;
- if(!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid))return false;
- tp.PrivilegeCount = 1;
- tp.Privileges[0].Attributes =SE_PRIVILEGE_ENABLED;
- tp.Privileges[0].Luid = luid;
- if(!AdjustTokenPrivileges(hToken,0,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL) ) return false;
- return true;
- }
- // rundll32 yourdll,test 测试你的dll的功能是否正常
- //dll绝对路径 和要注入的进程名
- //dll里实现你想要做的任何事
- bool InstallDll(std::string mDllFullPath,DWORD mProcessID)
- {
- if (mProcessID == 0)return false;
- if(!EnableDebugPriv())return false;
- HANDLE hRemoteProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,mProcessID);
- if(hRemoteProcess == NULL)return false;
- size_t length = mDllFullPath.size() + 1;
- char *pszLibFileRemote = (char *)::VirtualAllocEx(hRemoteProcess, NULL, length, MEM_COMMIT, PAGE_READWRITE);
- if(pszLibFileRemote==NULL)return false;
- if(WriteProcessMemory(hRemoteProcess,pszLibFileRemote,mDllFullPath.c_str(),length,NULL) == 0)
- return false;
- PTHREAD_START_ROUTINE pfnStartAddr=(PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandleA("Kernel32"),"LoadLibraryA");
- if(pfnStartAddr == NULL)
- {
- ::VirtualFreeEx(hRemoteProcess,pszLibFileRemote,length,MEM_RELEASE);
- return false;
- }
- HANDLE hRemoteThread = CreateRemoteThread(hRemoteProcess,NULL,0,pfnStartAddr,pszLibFileRemote,0,NULL);
- if(hRemoteThread==NULL)
- {
- ::VirtualFreeEx(hRemoteProcess,pszLibFileRemote,length,MEM_RELEASE);
- return false;
- }
- ::VirtualFreeEx(hRemoteProcess,pszLibFileRemote,length,MEM_RELEASE);
- return true;
- }
转载于:https://blog.51cto.com/venglu/1185199
883
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
