线程注入模块--C++

//　　这几天没日没夜的做一个项目，涉及到消息钩子、线程注入还有数据加密，

//　　经过不断地学习，消息钩子和线程注入模块均已实现，将核心代码贡献出来，

//　　希望大家能与大家共同进步，如哪位大虾有更好的方法，请多多指点，呵呵。

//　　不要用在病毒上面哦，VC6.0测试通过

#include <winsock2.h>
#include <stdio.h>
#include <tlhelp32.h>

#pragma comment (lib,"Advapi32.lib")

int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
　　　　 // 查找notepad.exe进程的pid //

DWORD pid;

HANDLE hSnapshot = NULL;

hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);

PROCESSENTRY32 pe;
pe.dwSize = sizeof(PROCESSENTRY32);

Process32First(hSnapshot,&pe);

do
{
if(stricmp(pe.szExeFile,"notepad.exe")==0)　　　　//写要注入的进程名
{
pid = pe.th32ProcessID;
break;
}
}
while(Process32Next(hSnapshot,&pe)==TRUE);

CloseHandle (hSnapshot);

　　　　 // 把dll注入notepad.exe进程 //

PWSTR pszLibFileRemote = NULL;
HANDLE hRemoteProcess = NULL,hRemoteThread = NULL;

hRemoteProcess = OpenProcess(
PROCESS_QUERY_INFORMATION | // Required by Alpha
PROCESS_CREATE_THREAD | // For CreateRemoteThread
PROCESS_VM_OPERATION | // For VirtualAllocEx/VirtualFreeEx
PROCESS_VM_WRITE, // For WriteProcessMemory
FALSE, pid);

if(hRemoteProcess==NULL)
{
::MessageBox(NULL,"无法打开该进程!",NULL,MB_OK);
return 0;
}
else
::MessageBox(NULL,"已打开该进程!",NULL,MB_OK);
char CurPath[256];
GetCurrentDirectory(256,CurPath);
strcat(CurPath,"//NoProcessDll.dll");

int len = (strlen(CurPath)+1)*2;
WCHAR wCurPath[256];
MultiByteToWideChar(CP_ACP,0,CurPath,-1,wCurPath,256);

pszLibFileRemote = (PWSTR)
VirtualAllocEx(hRemoteProcess, NULL, len, MEM_COMMIT, PAGE_READWRITE);

WriteProcessMemory(hRemoteProcess, pszLibFileRemote,
(PVOID) wCurPath, len, NULL);

PTHREAD_START_ROUTINE pfnThreadRtn = (PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryW");

hRemoteThread = CreateRemoteThread(hRemoteProcess, NULL, 0,
pfnThreadRtn, pszLibFileRemote, 0, NULL);

return 0;
}