远程DLL注入C#

usingSystem;

usingSystem.Collections.Generic;

usingSystem.ComponentModel;

usingSystem.Data;

usingSystem.Diagnostics;

usingSystem.Drawing;

usingSystem.Linq;

usingSystem.Runtime.InteropServices;

usingSystem.Text;

usingSystem.Windows.Forms;

namespacehooktest01

{

publicpartialclassForm1:Form

{

[DllImport("kernel32.dll")]

publicstaticexternintVirtualAllocEx(IntPtrhwnd,Int32lpaddress,intsize,inttype,Int32tect);

[DllImport("kernel32.dll")]

publicstaticexternBooleanWriteProcessMemory(IntPtrhwnd,intbaseaddress,stringbuffer,intnsize,intfilewriten);

[DllImport("kernel32.dll")]

publicstaticexternintGetProcAddress(inthwnd,stringlpname);

[DllImport("kernel32.dll")]

publicstaticexternintGetModuleHandleA(stringname);

[DllImport("kernel32.dll")]

publicstaticexternIntPtrCreateRemoteThread(IntPtrhwnd,intattrib,intsize,intaddress,intpar,intflags,intthreadid);

[DllImport("kernel32.dll")]

publicstaticexternInt32WaitForSingleObject(IntPtrhHandle,UInt32dwMilliseconds);

[DllImport("kernel32.dll")]

publicstaticexternBooleanVirtualFree(IntPtrlpAddress,Int32dwSize,Int32dwFreeType);

Processpname;

UInt32INFINITE=0xFFFFFFFF;

Int32PAGE_EXECUTE_READWRITE=0x40;

Int32MEM_COMMIT=0x1000;

Int32MEM_RESERVE=0x2000;

Int32MEM_RELEASE=0x8000;

Int32AllocBaseAddress;

IntPtrhwnd;

stringdllname;

Int32Pid;

Booleanok;

Int32loadaddr;

IntPtrThreadHwnd;

publicForm1()

{

InitializeComponent();

}

privatevoidbutton1_Click(objectsender,EventArgse)

{

try

{

if(textBox1.Text==""||textBox1.Text==null)

{

MessageBox.Show("Pidisnull");return;

}

if(textBox2.Text==""||textBox2.Text==null)

{

MessageBox.Show("dllnameisnull");return;

}

Pid=Int32.Parse(textBox1.Text);

dllname=textBox2.Text;

}

catch(Exceptionerror)

{

MessageBox.Show(error.Message);return;

}

try

{

pname=Process.GetProcessById(Pid);

hwnd=pname.Handle;

}

catch(Exceptionerror)

{//当标示pid的进程不存在时发生异常；

MessageBox.Show(error.Message);return;

}

AllocBaseAddress=VirtualAllocEx(hwnd,0,dllname.Length+1,MEM_COMMIT+MEM_RESERVE,PAGE_EXECUTE_READWRITE);

if(AllocBaseAddress==0)

{

MessageBox.Show("virtualallocexfail");return;

}

ok=WriteProcessMemory(hwnd,AllocBaseAddress,dllname,dllname.Length+1,0);

if(!ok)

{

MessageBox.Show("writeprocessmemoryfail");return;

}

loadaddr=GetProcAddress(GetModuleHandleA("kernel32.dll"),"LoadLibraryA");

if(loadaddr==0)

{//取得LoadLibraryA的地址失败时返回

MessageBox.Show("getloadlibraryAfail");return;

}

ThreadHwnd=CreateRemoteThread(hwnd,0,0,loadaddr,AllocBaseAddress,0,0);

if(ThreadHwnd==IntPtr.Zero)

{

MessageBox.Show("createremotethreadfail");return;

}

WaitForSingleObject(ThreadHwnd,INFINITE);

MessageBox.Show("ok,youcanchecknow!!!");

VirtualFree(hwnd,0,MEM_RELEASE);

//下面开始枚举模块列表；

ProcessModuleCollectionpmodule=pname.Modules;

foreach(ProcessModuleprocessminpmodule)

{

listBox1.Items.Add(processm.FileName);

}

pname.Dispose();

}

//进程句柄

}

}

.csharpcode,.csharpcodepre
{
font-size:small;
color:black;
font-family:consolas,"CourierNew",courier,monospace;
background-color:#ffffff;
/*white-space:pre;*/
}
.csharpcodepre{margin:0em;}
.csharpcode.rem{color:#008000;}
.csharpcode.kwrd{color:#0000ff;}
.csharpcode.str{color:#006080;}
.csharpcode.op{color:#0000c0;}
.csharpcode.preproc{color:#cc6633;}
.csharpcode.asp{background-color:#ffff00;}
.csharpcode.html{color:#800000;}
.csharpcode.attr{color:#ff0000;}
.csharpcode.alt
{
background-color:#f4f4f4;
width:100%;
margin:0em;
}
.csharpcode.lnum{color:#606060;}