Win8.1下的 Dll注入测试
来源:互联网 发布:教育部网络培训中心 编辑:程序博客网 时间:2024/05/14 23:50
1,OpenProcess获得要注入进程的句柄2,VirtualAllocEx在远程进程中开辟出一段内存,3,WriteProcessMemory将Dll的名字写入第二步开辟出的内存中。4,CreateRemoteThread将LoadLibraryW作为线程函数,参数为Dll的名称,创建新线程5,CloseHandle关闭线程句柄
<pre name="code" class="cpp">效果如图所示:
效果如图所示:<img src="http://img.blog.csdn.net/20150608131602100?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvbmliaXJ1X2hvbG1lcw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/Center" alt="" />
<img src="http://img.blog.csdn.net/20150608131622245?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvbmliaXJ1X2hvbG1lcw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/Center" alt="" />
<img src="http://img.blog.csdn.net/20150608131647044?watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvbmliaXJ1X2hvbG1lcw==/font/5a6L5L2T/fontsize/400/fill/I0JBQkFCMA==/dissolve/70/gravity/Center" alt="" />
void CMFCApplication5Dlg::OnBnClickedButton1(){CEdit* pBoxOne;CEdit* pBoxTwo;pBoxOne = (CEdit*)GetDlgItem(IDC_EDIT1);pBoxTwo = (CEdit*)GetDlgItem(IDC_EDIT2);CString szDllName;CString szPid;pBoxOne->GetWindowText(szDllName);pBoxTwo->GetWindowText(szPid);MessageBox(szDllName, _T("DllNmae"), MB_OK);MessageBox(szPid, _T("Pid"), MB_OK);DWORD dwPid = 0;dwPid = _ttoi(szPid);WCHAR *buffer = (WCHAR*)szDllName.GetBuffer(szDllName.GetLength());int bufsize = _tcslen(buffer)*sizeof(WCHAR)+sizeof(WCHAR);DWORD dwWriteNum = 0;HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);if (hProcess == NULL){AfxMessageBox(L"get Handle error!");} PVOID Addr = VirtualAllocEx(hProcess, NULL, bufsize, MEM_COMMIT, PAGE_READWRITE);if (Addr == NULL){AfxMessageBox(L"get Addr error!");}else AfxMessageBox(TEXT("申请成功"));if (!WriteProcessMemory(hProcess, Addr, buffer, bufsize, &dwWriteNum)){AfxMessageBox(TEXT("写入失败"));}else AfxMessageBox(TEXT("写入成功"));if (!GetModuleHandle(L"Kernel32.dll")){AfxMessageBox(TEXT("获取失败"));}FARPROC pFunAddr = GetProcAddress(GetModuleHandle(L"kernel32.dll"), "LoadLibraryW");if (!pFunAddr){AfxMessageBox(TEXT("GetProcAddress获取失败"));}DWORD dwNewThreadId = NULL;HANDLE hThread = CreateRemoteThreadEx(hProcess, NULL, 0,(LPTHREAD_START_ROUTINE)pFunAddr, Addr, 0, NULL, &dwNewThreadId);if (dwNewThreadId == NULL){ AfxMessageBox(TEXT("注入失败")); }else AfxMessageBox(TEXT("成功注入"));CloseHandle(hThread);CloseHandle(hProcess);CDialogEx::OnOK();} 0 0
- Win8.1下的 Dll注入测试
- win8.1下修复ieframe.dll的一种办法
- ring3下的注入dll
- QueueUserApc实现DLL注入的测试
- Ring3下的DLL注入工具
- Win7下DLL注入
- 更新了已经过测试-Windows下如何改写目标进程的窗口函数来注入DLL
- win8下相关系统测试
- 远程线程注入技术(1)之DLL的注入
- windows下 远程DLL注入
- WIN7下DLL劫持,注入
- DLL注入浅析(下)
- Dll文件的注入
- DLL的远程注入
- dll的注入
- dll注入的代码
- DLL的注入
- 简单的DLL注入
- HBase物理结构理解以及与ORACLE特性分析
- android 使用 shape
- 51nod 1352 集合计数(扩展欧几里得)
- 用例图
- mybatis批量插入、批量删除
- Win8.1下的 Dll注入测试
- apache出现open_basedir错误
- 命令行中java和javac、javap使用详解(java编译命令)
- android应用中常用的监听OnTouchListener、OnClickListener、OnLongClickListener
- 第六章:常量、宏、枚举及函数 第七章:数组、字符串
- 逐渐深入地理解Ajax
- cut命令,awk命令与sed命令
- hdu 1548 A strange lift
- 优化命题的对偶性(Duality)
