http://download1.csdn.net/down3/20070616/16090226570.rar
1. LoadLibraryW
用LoadLibraryW(位于kernel32.dll中)来启动注入的DLL。但是由于注入的DLL是在远程调用的,所以需要先将DLL的文件名复制到远程地址空间中。
【1】VirtualAllocEx:在指定的内存空间动态申请内存:
The VirtualAllocEx function reserves, commits, or both, a region of memory within the virtual address space of a specified process. The function initializes the memory it allocates to zero.
The difference between the VirtualAllocEx function and the VirtualAlloc function is that VirtualAlloc allocates memory within the address space of the calling process, while VirtualAllocEx lets you specify a process.
LPVOID VirtualAllocEx(
HANDLE hProcess, // process within which to allocate memory
LPVOID lpAddress, // desired starting address of allocation
DWORD dwSize, // size, in bytes, of region to allocate
DWORD flAllocationType, // type of allocation
DWORD flProtect // type of access protection
);
【2】WriteProcessMemory:在指定的内存空间写内存,该区域必须是可写的
The WriteProcessMemory function writes memory in a specified process. The entire area to be written to must be accessible, or the operation fails.
BOOL WriteProcessMemory(
HANDLE hProcess, // handle to process whose memory is written to
LPVOID lpBaseAddress, // address to start writing to
LPVOID lpBuffer, // pointer to buffer to write data to
DWORD nSize, // number of bytes to write
LPDWORD lpNumberOfBytesWritten // actual number of bytes written
);
Parameters
hProcess
Identifies an open handle to a process whose memory is to be written to. The handle must have PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process.
lpBaseAddress
Points to the base address in the specified process to be written to. Before any data transfer occurs, the system verifies that all data in the base address and memory of the specified size is accessible for write access. If this is the case, the function proceeds; otherwise, the function fails.
lpBuffer
Points to the buffer that supplies data to be written into the address space of the specified process.
nSize
Specifies the requested number of bytes to write into the specified process.
lpNumberOfBytesWritten
Points to the actual number of bytes transferred into the specified process. This parameter is optional. If lpNumberOfBytesWritten is NULL, the parameter is ignored.
Return Values
If the function succeeds, the return value is nonzero.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
