远程DLL注入
2014-02-11 11:34
477 查看
界面如下:
关键部分代码如下:
下载地址:
http://pan.baidu.com/s/1xk7Jw
关键部分代码如下:
void CInjectDllDlg::OnBnClickedButtonInject() { // TODO: 在此添加控件通知处理程序代码 UpdateData(TRUE); int iBufSize = WideCharToMultiByte(CP_ACP, 0, m_strPathName.GetBuffer(0), -1, NULL, 0, NULL, NULL); char *pszBuffer = new char[iBufSize]; WideCharToMultiByte(CP_ACP, 0, m_strPathName.GetBuffer(0), -1, pszBuffer, iBufSize, NULL, NULL); InjectDll(m_dwPid, pszBuffer); delete []pszBuffer; pszBuffer = NULL; } void CInjectDllDlg::OnBnClickedButtonUnload() { // TODO: 在此添加控件通知处理程序代码 UpdateData(TRUE); int iBufSize = WideCharToMultiByte(CP_ACP, 0, m_strPathName.GetBuffer(0), -1, NULL, 0, NULL, NULL); char *pszBuffer = new char[iBufSize]; WideCharToMultiByte(CP_ACP, 0, m_strPathName.GetBuffer(0), -1, pszBuffer, iBufSize, NULL, NULL); UnInjectDll(m_dwPid, pszBuffer); delete []pszBuffer; pszBuffer = NULL; } void CInjectDllDlg::InjectDll(DWORD dwPid, char* szDllName) { if (dwPid == 0 || strlen(szDllName) == 0) { return; } char *pFunName = "LoadLibraryA"; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid); if (NULL == hProcess) { return; } int iDllLen = strlen(szDllName) + sizeof(char); PVOID pDllAddr = VirtualAllocEx(hProcess, NULL, iDllLen, MEM_COMMIT, PAGE_READWRITE); if (NULL == pDllAddr) { CloseHandle(hProcess); return; } DWORD dwWriteNum = 0; WriteProcessMemory(hProcess, pDllAddr, szDllName, iDllLen, &dwWriteNum); FARPROC pFunAddr = GetProcAddress(GetModuleHandleA("kernel32.dll"), pFunName); HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunAddr, pDllAddr, 0, NULL); WaitForSingleObject(hThread, INFINITE); CloseHandle(hThread); CloseHandle(hProcess); } void CInjectDllDlg::UnInjectDll(DWORD dwPid, char* szDllName) { HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPid); MODULEENTRY32 Me32 = {0}; Me32.dwSize = sizeof(MODULEENTRY32); BOOL bRet = Module32First(hSnap, &Me32); while (bRet) { int iBufSize = WideCharToMultiByte(CP_ACP, 0, Me32.szExePath, -1, NULL, 0, NULL, NULL); char *pszBuffer = new char[iBufSize]; WideCharToMultiByte(CP_ACP, 0, Me32.szExePath, -1, pszBuffer, iBufSize, NULL, NULL); if (strcmp(pszBuffer, szDllName) == 0) { delete []pszBuffer; pszBuffer = NULL; break; } delete []pszBuffer; pszBuffer = NULL; bRet = Module32Next(hSnap, &Me32); } CloseHandle(hSnap); char *pFunName = "FreeLibrary"; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid); FARPROC pFunAddr = GetProcAddress(GetModuleHandleA("kernel32.dll"), pFunName); HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunAddr, Me32.hModule, 0, NULL); WaitForSingleObject(hThread, INFINITE); CloseHandle(hThread); CloseHandle(hProcess); }
下载地址:
http://pan.baidu.com/s/1xk7Jw
相关文章推荐
- 远程DLL注入C#
- 远程DLl注入
- 远程线程模板(DLL注入)
- Windows核心编程Dll注入之远程线程
- 远程线程插入(DLL注入)
- 远程DLL注入、卸载
- 【windows核心编程】远程线程DLL注入
- 远程DLL注入
- Dll注入:X86/X64 远程线程CreateRemoteThread 注入
- Dll注入技术之远程线程注入
- windows下 远程DLL注入
- 远程注入代码,一些过时的ring3技术(ASM、VC++、Delphi) (非Dll注入)
- 实战DELPHI:远程线程插入(DLL注入)
- Delphi利用CreateRemoteThread远程注入 详细 (非dll注入,是代码注入)
- 远程dll注入 C#
- 远程线程dll注入
- 拦截API-通过远程线程dll注入目标进程
- 远程线程DLL注入
- 远程进程的Dll注入[黑防]
- 实战DELPHI:远程线程插入(DLL注入)