远程加载与卸载DLL
来源:互联网 发布:spring cloud node 编辑:程序博客网 时间:2024/06/05 07:14
- DWORD GetProcessIdByName(LPCTSTR szProcess)//注意要加exe后缀
- {
- DWORD dwRet=0;
- HANDLE hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
- PROCESSENTRY32 pe32;
- pe32.dwSize=sizeof(PROCESSENTRY32);
- Process32First(hSnapshot,&pe32);
- do
- {
- if (_tcscmp(pe32.szExeFile,szProcess)==0)
- {
- dwRet=pe32.th32ProcessID;
- break;
- }
- } while (Process32Next(hSnapshot,&pe32));
- CloseHandle(hSnapshot);
- return dwRet;
- }
- BOOL Inject(LPCTSTR szModule, DWORD dwID)
- {
- HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, dwID);
- if ( !hProcess ) {
- return FALSE;
- }
- int cByte = (_tcslen(szModule)+1) * sizeof(TCHAR);
- LPVOID pAddr = VirtualAllocEx(hProcess, NULL, cByte, MEM_COMMIT, PAGE_READWRITE);
- if ( !pAddr || !WriteProcessMemory(hProcess, pAddr, szModule, cByte, NULL)) {
- return FALSE;
- }
- #ifdef _UNICODE
- PTHREAD_START_ROUTINE pfnStartAddr = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(_T("Kernel32")), "LoadLibraryW");
- #else
- PTHREAD_START_ROUTINE pfnStartAddr = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(_T("Kernel32")), "LoadLibraryA");
- #endif
- //Kernel32.dll总是被映射到相同的地址
- if ( !pfnStartAddr ) {
- return FALSE;
- }
- DWORD dwThreadID = 0;
- HANDLE hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, pfnStartAddr, pAddr, 0, &dwThreadID);
- if ( !hRemoteThread ) {
- return FALSE;
- }
- WaitForSingleObject(hRemoteThread,INFINITE);
- VirtualFreeEx(hProcess,pAddr,cByte,MEM_COMMIT);
- CloseHandle(hRemoteThread);
- CloseHandle(hProcess);
- return TRUE;
- }
简单提权函数
- BOOL EnablePrivilege(LPCTSTR lpszPrivilegeName, BOOL bEnable)
- {
- HANDLE hToken = NULL;
- TOKEN_PRIVILEGES tp;
- LUID luid;
- if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY | TOKEN_READ, &hToken))
- return FALSE;
- if(!LookupPrivilegeValue(NULL, lpszPrivilegeName, &luid))
- return TRUE;
- tp.PrivilegeCount = 1;
- tp.Privileges[0].Luid = luid;
- tp.Privileges[0].Attributes = (bEnable) ? SE_PRIVILEGE_ENABLED : 0;
- AdjustTokenPrivileges(hToken, FALSE, &tp, NULL, NULL, NULL);
- CloseHandle(hToken);
- return (GetLastError() == ERROR_SUCCESS);
- }
- BOOL UnLoadDll(LPCTSTR szDllName, DWORD dwID)//要卸载的DLL名,进程PID
- {
- HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, dwID);
- if ( !hProcess ) {
- return FALSE;
- }
- int cByte = (_tcslen(szDllName)+1) * sizeof(TCHAR);
- LPVOID pAddr = VirtualAllocEx(hProcess, NULL, cByte, MEM_COMMIT, PAGE_READWRITE);
- if ( !pAddr || !WriteProcessMemory(hProcess, pAddr, szDllName, cByte, NULL)) {
- return FALSE;
- }
- #ifdef _UNICODE
- PTHREAD_START_ROUTINE pfnStartAddr = (PTHREAD_START_ROUTINE)GetModuleHandleW;
- #else
- PTHREAD_START_ROUTINE pfnStartAddr = (PTHREAD_START_ROUTINE)GetModuleHandleA;
- #endif
- //Kernel32.dll总是被映射到相同的地址
- if ( !pfnStartAddr ) {
- return FALSE;
- }
- DWORD dwThreadID = 0,dwFreeId=0,dwHandle;
- HANDLE hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, pfnStartAddr, pAddr, 0, &dwThreadID);
- if ( !hRemoteThread ) {
- return FALSE;
- }
- WaitForSingleObject(hRemoteThread,INFINITE);
- // 获得GetModuleHandle的返回值
- GetExitCodeThread(hRemoteThread,&dwHandle);
- CloseHandle(hRemoteThread);
- // 使目标进程调用FreeLibrary,卸载DLL
- #ifdef _UNICODE
- PTHREAD_START_ROUTINE pfnFreeAddr = (PTHREAD_START_ROUTINE)FreeLibrary;
- #else
- PTHREAD_START_ROUTINE pfnFreeAddr = (PTHREAD_START_ROUTINE)FreeLibrary;
- #endif
- HANDLE hFreeThread = CreateRemoteThread(hProcess, NULL, 0, pfnFreeAddr,(LPVOID)dwHandle,0,&dwFreeId);
- if ( !hFreeThread ) {
- return FALSE;
- }
- WaitForSingleObject(hFreeThread,INFINITE);
- VirtualFreeEx(hProcess,pAddr,cByte,MEM_COMMIT);
- CloseHandle(hFreeThread);
- CloseHandle(hProcess);
- return TRUE;
- }
- 远程加载与卸载DLL
- 远程加载与卸载DLL
- DLL远程注入与卸载
- 远程注入与卸载DLL
- C++ 远程Dll加载,卸载示例代码
- DLL远程注入与卸载(C++)
- C++ DLL远程注入与卸载函数
- C++ DLL远程注入与卸载函数
- 远程DLL注入、卸载
- 初学C++ 远程线程注入DLL与卸载
- VB 远程注入卸载DLL
- 卸载远程线程中的DLL
- 动态加载和卸载DLL
- C#动态加载卸载DLL
- C# 动态加载卸载 DLL
- DLL 加载和卸载顺序
- DLL注入与卸载
- VB远程注入卸载DLL代码
- 编程之美2.21——只考加法的面试题
- Hybrid开发的优化策略
- threadstart 一个参数和两个参数
- ASP.NET使用ajax时js失效问题解决
- 关于file_operations结构体
- 远程加载与卸载DLL
- eclipse启动tomcat访问不到主页
- 相信自己
- 从库上的下的代码,部署到Tomcat7 异常
- App Store审查指南
- 关于boost 库 shared_ptr 智能指针的循环引用【2013.10.22】
- 动态显示,隐藏status bar
- 用c#读取excel文件缺少第一行数据解决方法
- linux shell编程for循环