该楼层疑似违规已被系统折叠 隐藏此楼查看此楼
/*-----------------------------这个是注入程序源代码----------------*/
#include
using namespace std;
BOOL CreateRemoteThreadInjectDll(DWORD dwProcessId,LPCWSTR lpwLibFile);
DWORD dwError = NOERROR;
DWORD dwPID = 0;
int main()
{
scanf("%d",&dwPID);
if(CreateRemoteThreadInjectDll(dwPID,L"InjectDll"))
cout<
else
cout<
}
BOOL CreateRemoteThreadInjectDll(DWORD dwProcessId,LPCWSTR lpwLibFile)
{
BOOL bRet = FALSE;
HANDLE hProcess = NULL , hThread = NULL;
LPVOID pszLibRemoteFile = NULL;
SIZE_T dwWritten = 0;
//打开进程
hProcess = OpenProcess(PROCESS_ALL_ACCESS,TRUE,dwProcessId);
if(hProcess == INVALID_HANDLE_VALUE)
{
dwError = GetLastError();
cout<
<
return FALSE;
}
int cch = 1 + lstrlenW(lpwLibFile);
int cb = cch * sizeof(WCHAR);
cout<
cout<
//申请空间
pszLibRemoteFile = VirtualAllocEx(hProcess,NULL,cb,
MEM_COMMIT, PAGE_READWRITE);
if(pszLibRemoteFile == NULL)
{
dwError = GetLastError();
cout<
<
return FALSE;
}
//写入内存
BOOL bw = WriteProcessMemory(hProcess,pszLibRemoteFile,
(PVOID)lpwLibFile,cb,&dwWritten);
if(dwWritten != cb)
{
cout<
}
if(!bw)
{
dwError = GetLastError();
cout<
return FALSE;
}
//获得LoadLibraryW()函数地址
PTHREAD_START_ROUTINE pfnThreadRnt =
(LPTHREAD_START_ROUTINE)GetProcAddress(
GetModuleHandleW(L"Kernel32"),"LoadLibraryW");
if(pfnThreadRnt == NULL)
{
dwError = GetLastError();
cout<
<
return FALSE;
}
//创建线程
hThread = CreateRemoteThread(hProcess,
NULL,
0,
pfnThreadRnt,
pszLibRemoteFile,
0,
NULL);
if (WAIT_FAILED == WaitForSingleObject(hThread,INFINITE))
{
cout<
dwError = GetLastError();
cout<
return FALSE;
}
CloseHandle(hThread);
return TRUE;
}
/*----------------------------------------------------------------------------------------------------*/
/*------------------------------------这个是被注入的DLL源代码----------------------------*/
#include
BOOL WINAPI DllMain(HINSTANCE hInstance,DWORD fdwReason,LPVOID lpReserved)
{
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
MessageBox(NULL,NULL,NULL,MB_OK);
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
} return TRUE;
}
/*--------------------------------------------------------------------------------------------------*/
程序运行后,输入PID,显示OK,即注入完成,但是什么反应都没有,按理说导入DLL不是应该出现个消息框吗?