#include
typedef struct _UNICODE_STRING { // UNICODE_STRING structure
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING;
typedef UNICODE_STRING *PUNICODE_STRING;
typedef NTSTATUS (WINAPI *fLdrLoadDll) //LdrLoadDll function prototype
(
IN PWCHAR PathToFile OPTIONAL,
IN ULONG Flags OPTIONAL,
IN PUNICODE_STRING ModuleFileName,
OUT PHANDLE ModuleHandle
);
typedef VOID (WINAPI *fRtlInitUnicodeString) //RtlInitUnicodeString function prototype
(
PUNICODE_STRING DestinationString,
PCWSTR SourceString
);
HMODULE hntdll;
fLdrLoadDll _LdrLoadDll;
fRtlInitUnicodeString _RtlInitUnicodeString;
HMODULE LoadDll( LPCSTR lpFileName) -
{
if (hntdll == NULL) { hntdll = GetModuleHandleA("ntdll.dll"); }
if (_LdrLoadDll == NULL) { _LdrLoadDll = (fLdrLoadDll) GetProcAddress ( hntdll, "LdrLoadDll"); }
if (_RtlInitUnicodeString == NULL)
{ _RtlInitUnicodeString = (fRtlInitUnicodeString) GetProcAddress ( hntdll, "RtlInitUnicodeString"); }
int StrLen = lstrlenA(lpFileName);
BSTR WideStr = SysAllocStringLen(NULL, StrLen);
MultiByteToWideChar(CP_ACP, 0, lpFileName, StrLen, WideStr, StrLen);
UNICODE_STRING usDllName;
_RtlInitUnicodeString(&usDllName, WideStr);
SysFreeString(WideStr);
HANDLE DllHandle;
_LdrLoadDll(0, 0, &usDllName, &DllHandle);
return (HMODULE)DllHandle;
}
typedef void (* _u)();
int main()
{
HMODULE hMydll = LoadDll("C:\\ww.dll");
_u ss = (_u)GetProcAddress(hMydll,"tt");
ss();
return 0;
}
扫一扫
1408
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
