C++ DLL注入和代码注入
来源:互联网 发布:网络测试仪器 编辑:程序博客网 时间:2024/04/28 15:30
void InjectDLL(DWORD PID,char *Path)
{
DWORD dwSize;
HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);
dwSize=strlen(Path)+1;
LPVOID lpParamAddress=VirtualAllocEx(hProcess,0,dwSize,PARITY_SPACE,PAGE_EXECUTE_READWRITE);
WriteProcessMemory(hProcess,lpParamAddress,(PVOID)Path,dwSize,NULL);
HMODULE hModule=GetModuleHandleA("kernel32.dll");
LPTHREAD_START_ROUTINE lpStartAddress=(LPTHREAD_START_ROUTINE)GetProcAddress(hModule,"LoadLibraryA");
HANDLE hThread=CreateRemoteThread(hProcess,NULL,0,lpStartAddress,lpParamAddress,0,NULL);
WaitForSingleObject(hThread,1000);
CloseHandle(hThread);
}
{
DWORD dwSize;
HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);
dwSize=strlen(Path)+1;
LPVOID lpParamAddress=VirtualAllocEx(hProcess,0,dwSize,PARITY_SPACE,PAGE_EXECUTE_READWRITE);
WriteProcessMemory(hProcess,lpParamAddress,(PVOID)Path,dwSize,NULL);
HMODULE hModule=GetModuleHandleA("kernel32.dll");
LPTHREAD_START_ROUTINE lpStartAddress=(LPTHREAD_START_ROUTINE)GetProcAddress(hModule,"LoadLibraryA");
HANDLE hThread=CreateRemoteThread(hProcess,NULL,0,lpStartAddress,lpParamAddress,0,NULL);
WaitForSingleObject(hThread,1000);
CloseHandle(hThread);
}
另一种是直接注入代码,代码如下:
//函数名:InjectCode
//功能:封装远程注入的函数
//参数:进程ID
//参数:被注入函数指针<函数名>
//参数:参数
//参数:参数长度
void InjectCode(DWORD dwProcId,LPVOID mFunc, LPVOID Param, DWORD ParamSize)
{
HANDLE hProcess;//远程句柄
LPVOID mFuncAddr;//申请函数内存地址
LPVOID ParamAddr;//申请参数内存地址
HANDLE hThread; //线程句柄
DWORD NumberOfByte; //辅助返回值
CString str;
//打开被注入的进程句柄
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcId);
//申请内存
mFuncAddr = VirtualAllocEx(hProcess,NULL,128,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
ParamAddr = VirtualAllocEx(hProcess,NULL,ParamSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
//写内存
WriteProcessMemory(hProcess,mFuncAddr,mFunc,128, &NumberOfByte);
WriteProcessMemory(hProcess,ParamAddr,Param,ParamSize, &NumberOfByte);
//创建远程线程
hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)mFuncAddr,
ParamAddr,0,&NumberOfByte);
WaitForSingleObject(hThread, INFINITE); //等待线程结束
//释放申请有内存
VirtualFreeEx(hProcess,mFuncAddr,128,MEM_RELEASE);
VirtualFreeEx(hProcess,ParamAddr,ParamSize,MEM_RELEASE);
//释放远程句柄
CloseHandle(hThread);
CloseHandle(hProcess);
}
{
HANDLE hProcess;//远程句柄
LPVOID mFuncAddr;//申请函数内存地址
LPVOID ParamAddr;//申请参数内存地址
HANDLE hThread; //线程句柄
DWORD NumberOfByte; //辅助返回值
CString str;
//打开被注入的进程句柄
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcId);
//申请内存
mFuncAddr = VirtualAllocEx(hProcess,NULL,128,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
ParamAddr = VirtualAllocEx(hProcess,NULL,ParamSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
//写内存
WriteProcessMemory(hProcess,mFuncAddr,mFunc,128, &NumberOfByte);
WriteProcessMemory(hProcess,ParamAddr,Param,ParamSize, &NumberOfByte);
//创建远程线程
hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)mFuncAddr,
ParamAddr,0,&NumberOfByte);
WaitForSingleObject(hThread, INFINITE); //等待线程结束
//释放申请有内存
VirtualFreeEx(hProcess,mFuncAddr,128,MEM_RELEASE);
VirtualFreeEx(hProcess,ParamAddr,ParamSize,MEM_RELEASE);
//释放远程句柄
CloseHandle(hThread);
CloseHandle(hProcess);
}
- C++ DLL注入和代码注入
- DLL注入和代码注入学习心得
- DLL注入代码(C函数)的编写
- DLL注入代码
- DLL远程注入代码
- dll注入的代码
- C++:远程注入DLL
- 远程dll注入与代码注入
- 注入攻击-SQL注入和代码注入
- C# 线程注入和DLL注入
- dll远程注入部分代码
- [C++] - DLL远程注入实例
- DLL注入-APC注入
- DLL注入和API 拦截
- DLL注入和API拦截
- DLL注入和API拦截
- DLL注入和API拦截
- DLL注入
- _IO, _IOR, _IOW, _IOWR 宏的用法与解析
- 数据库的安全与保密
- 动态规划入门——Pascal's Travels
- 解决jquery中animate动画积累
- 面向对象编程,输入/输出,异常
- C++ DLL注入和代码注入
- “ATL::CStringT<BaseType,StringTraits>::operator +”: 3 个重载有相似的转换
- MVVM模式图解
- 隐马尔科夫模型
- 教你永久隐藏你的机密文件
- C++中inline函数
- subArray Related
- ubuntu下安装QT5及QtCreator
- 两道面试题