线程注入模块--C++
2010-05-12 14:07
267 查看
// 这几天没日没夜的做一个项目,涉及到消息钩子、线程注入还有数据加密,
// 经过不断地学习,消息钩子和线程注入模块均已实现,将核心代码贡献出来,
// 希望大家能与大家共同进步,如哪位大虾有更好的方法,请多多指点,呵呵。
// 不要用在病毒上面哦,VC6.0测试通过
#include <winsock2.h>
#include <stdio.h>
#include <tlhelp32.h>
#pragma comment (lib,"Advapi32.lib")
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
// 查找notepad.exe进程的pid //
DWORD pid;
HANDLE hSnapshot = NULL;
hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
PROCESSENTRY32 pe;
pe.dwSize = sizeof(PROCESSENTRY32);
Process32First(hSnapshot,&pe);
do
{
if(stricmp(pe.szExeFile,"notepad.exe")==0) //写要注入的进程名
{
pid = pe.th32ProcessID;
break;
}
}
while(Process32Next(hSnapshot,&pe)==TRUE);
CloseHandle (hSnapshot);
// 把dll注入notepad.exe进程 //
PWSTR pszLibFileRemote = NULL;
HANDLE hRemoteProcess = NULL,hRemoteThread = NULL;
hRemoteProcess = OpenProcess(
PROCESS_QUERY_INFORMATION | // Required by Alpha
PROCESS_CREATE_THREAD | // For CreateRemoteThread
PROCESS_VM_OPERATION | // For VirtualAllocEx/VirtualFreeEx
PROCESS_VM_WRITE, // For WriteProcessMemory
FALSE, pid);
if(hRemoteProcess==NULL)
{
::MessageBox(NULL,"无法打开该进程!",NULL,MB_OK);
return 0;
}
else
::MessageBox(NULL,"已打开该进程!",NULL,MB_OK);
char CurPath[256];
GetCurrentDirectory(256,CurPath);
strcat(CurPath,"//NoProcessDll.dll");
int len = (strlen(CurPath)+1)*2;
WCHAR wCurPath[256];
MultiByteToWideChar(CP_ACP,0,CurPath,-1,wCurPath,256);
pszLibFileRemote = (PWSTR)
VirtualAllocEx(hRemoteProcess, NULL, len, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hRemoteProcess, pszLibFileRemote,
(PVOID) wCurPath, len, NULL);
PTHREAD_START_ROUTINE pfnThreadRtn = (PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryW");
hRemoteThread = CreateRemoteThread(hRemoteProcess, NULL, 0,
pfnThreadRtn, pszLibFileRemote, 0, NULL);
return 0;
}
// 经过不断地学习,消息钩子和线程注入模块均已实现,将核心代码贡献出来,
// 希望大家能与大家共同进步,如哪位大虾有更好的方法,请多多指点,呵呵。
// 不要用在病毒上面哦,VC6.0测试通过
#include <winsock2.h>
#include <stdio.h>
#include <tlhelp32.h>
#pragma comment (lib,"Advapi32.lib")
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
// 查找notepad.exe进程的pid //
DWORD pid;
HANDLE hSnapshot = NULL;
hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
PROCESSENTRY32 pe;
pe.dwSize = sizeof(PROCESSENTRY32);
Process32First(hSnapshot,&pe);
do
{
if(stricmp(pe.szExeFile,"notepad.exe")==0) //写要注入的进程名
{
pid = pe.th32ProcessID;
break;
}
}
while(Process32Next(hSnapshot,&pe)==TRUE);
CloseHandle (hSnapshot);
// 把dll注入notepad.exe进程 //
PWSTR pszLibFileRemote = NULL;
HANDLE hRemoteProcess = NULL,hRemoteThread = NULL;
hRemoteProcess = OpenProcess(
PROCESS_QUERY_INFORMATION | // Required by Alpha
PROCESS_CREATE_THREAD | // For CreateRemoteThread
PROCESS_VM_OPERATION | // For VirtualAllocEx/VirtualFreeEx
PROCESS_VM_WRITE, // For WriteProcessMemory
FALSE, pid);
if(hRemoteProcess==NULL)
{
::MessageBox(NULL,"无法打开该进程!",NULL,MB_OK);
return 0;
}
else
::MessageBox(NULL,"已打开该进程!",NULL,MB_OK);
char CurPath[256];
GetCurrentDirectory(256,CurPath);
strcat(CurPath,"//NoProcessDll.dll");
int len = (strlen(CurPath)+1)*2;
WCHAR wCurPath[256];
MultiByteToWideChar(CP_ACP,0,CurPath,-1,wCurPath,256);
pszLibFileRemote = (PWSTR)
VirtualAllocEx(hRemoteProcess, NULL, len, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hRemoteProcess, pszLibFileRemote,
(PVOID) wCurPath, len, NULL);
PTHREAD_START_ROUTINE pfnThreadRtn = (PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryW");
hRemoteThread = CreateRemoteThread(hRemoteProcess, NULL, 0,
pfnThreadRtn, pszLibFileRemote, 0, NULL);
return 0;
}
相关文章推荐
- R3修改线程上下文EIP实现的无模块注入
- R3修改线程上下文EIP实现的无模块注入
- Maven模块化开发,无法注入其它模块中的接口
- [C++]多线程: 教你写第一个线程
- UNIX上C++程序设计守则(信号和线程)(下)
- spring boot 多模块管理时,依赖注入bean失败
- C++线程访问类成员
- Ice读书笔记--C++线程与并发(一)
- DLL模块:C++在VS下创建、调用dll
- Windows Via C/C++:线程的睡眠和切换
- c++ 线程
- Windows via C/C++:线程的执行时间
- C++多线程框架(一)--------- new一下就启动一个线程
- C++ Primer Plus学习:第七章 函数-C++的编程模块(1)
- apache2.2支持worker,rewrite模块,支持线程
- 关于c++ 线程创建的线程运行函数和线程运行函数的参数(即pthread_creat()第3,4个参数)
- 如何向其他线程的地址空间中注入代码并在这个线程的上下文中执行之
- 线程与threading模块(python)
- Delphi 钩子 注入线程(2)
- (原)Mac下Apache添加限制IP线程模块:mod_limitipconn.so