//注入DLL 至窗口进程中
//HWND hwnd : 远程窗口进程 HWND
//LPCSTR dllName : 要注入的DLL Name
BOOL InjectDllToProcess(HWND hwnd , LPCSTR dllName){
DWORD processId;
GetWindowThreadProcessId(hwnd,&processId);
//打开进程,并设置完全访问权
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,processId);
if(hProcess == NULL){
return FALSE;
}
//将当前程序执行路径 附为 dll 路径
char dll[500];
GetCurrentDirectoryA(sizeof(dll),dll);
strcat_s(dll,"//");
strcat_s(dll,dllName);
//计算 dll 名称字符串长度
size_t size = strlen(dll) + 1;
//远程中分配
LPVOID parmAddr = VirtualAllocEx(hProcess,NULL,size,MEM_COMMIT,PAGE_READWRITE);
//将 dll 名称写入 远程进程
DWORD d;
if(!WriteProcessMemory(hProcess,parmAddr,dll,size,&d)){
return FALSE;
}
//读取 LoadLibraryA 地址
PROC funAddr = GetProcAddress(GetModuleHandleA("kernel32") , "LoadLibraryA");
if(NULL == funAddr){
return FALSE;
}
//建立远程 线程 加载 DLL.
HANDLE thread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)funAddr,parmAddr,0,NULL);
if(NULL == thread){
return FALSE;
}
//等待远程线程结束
WaitForSingleObject(thread,INFINITE);
CloseHandle(thread);
CloseHandle(hProcess);
return TRUE;
}
//注入DLL 至窗口进程中
//HWND hwnd : 远程窗口进程 HWND
//LPCSTR dllName : 要注入的DLL Name
BOOL InjectDllToProcess(HWND hwnd , LPCSTR dllName){
DWORD processId;
GetWindowThreadProcessId(hwnd,&processId);
//打开进程,并设置完全访问权
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,processId);
if(hProcess == NULL){
return FALSE;
}
//将当前程序执行路径 附为 dll 路径
char dll[500];
GetCurrentDirectoryA(sizeof(dll),dll);
strcat_s(dll,"//");
strcat_s(dll,dllName);
//计算 dll 名称字符串长度
size_t size = strlen(dll) + 1;
//远程中分配
LPVOID parmAddr = VirtualAllocEx(hProcess,NULL,size,MEM_COMMIT,PAGE_READWRITE);
//将 dll 名称写入 远程进程
DWORD d;
if(!WriteProcessMemory(hProcess,parmAddr,dll,size,&d)){
return FALSE;
}
//读取 LoadLibraryA 地址
PROC funAddr = GetProcAddress(GetModuleHandleA("kernel32") , "LoadLibraryA");
if(NULL == funAddr){
return FALSE;
}
//建立远程 线程 加载 DLL.
HANDLE thread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)funAddr,parmAddr,0,NULL);
if(NULL == thread){
return FALSE;
}
//等待远程线程结束
WaitForSingleObject(thread,INFINITE);
CloseHandle(thread);
CloseHandle(hProcess);
return TRUE;
}
转载于:https://www.cnblogs.com/hcmsxy/archive/2008/07/18/2164070.html
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
