Dll注入器

#include <stdio.h>

#include <windows.h>

int main(int argc, char** argv)

{

   if(argc<3)

    {

       fprintf(stdout,"\nUsage : %s<pid><dll-path>\n\n",argv[0]);

       return 1;

    }

    DWORDPid,DllPathLen;

   if(sscanf(argv[1],"%u",&Pid)<=0 ) //Get Process Id

    {

       fprintf(stderr,"\n[-] ERROR: PidValue\n"),fflush(stderr);

       return 1;

    }

    if( DllPathLen = strlen(argv[2]),DllPathLen == 0 ) //Get Dll Path

    {

       fprintf(stderr,"\n[-] ERROR:DllPath\n"),fflush(stderr);

       return 1;

    }

    // Raise My Power

{

HANDLE hToken;

TOKEN_PRIVILEGES tkp;

tkp.PrivilegeCount =1;

if(OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken))

{

if(LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&tkp.Privileges[0].Luid))

{

AdjustTokenPrivileges(hToken,FALSE,&tkp,0X10,NULL,0);

}

}

if(hToken)CloseHandle(hToken);

}

    // Get ProcessHandle

    HANDLE hDstProc =OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE,TRUE,Pid);

    if(hDstProc==NULL)

    {

       fprintf(stderr,"\n[-] ERROR: in OpenProcess(),Pid %u\n",Pid),fflush(stderr);

       return 1;

    }

    // Get LoadLibraryAAddress

    fprintf(stdout,"\n[+]Pid: %u, Handle : 0Xx \n",Pid,hDstProc),fflush(stdout);

    LPTHREAD_START_ROUTINELibFunc =

      (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("Kernel32"),"LoadLibraryA");

    fprintf(stdout,"\n[+]LoadLibraryA Address : 0Xx\n",LibFunc),fflush(stdout);

    // Create Remote Heap,Set Dll Path

    DWORD Success =TRUE;

    char * DllPath = (char*)VirtualAllocEx(hDstProc,NULL,DllPathLen +1,MEM_COMMIT,PAGE_READWRITE);

    if(DllPath)

    {

fprintf(stdout,"\n[+] Create Memory in %u, Address :0Xx\n",Pid,DllPath);

      if(WriteProcessMemory(hDstProc,DllPath,argv[2],DllPathLen +1,NULL))

       {

          fprintf(stdout,"\n[+] Set Dll Path : %s\n",argv[2]);

       }

       else

       {

          fprintf(stderr,"\n[-] ERROR: in WriteProcessMemory(), Set Dll PathFailed\n");

           Success =FALSE;

       }

    }

    else

    {

       fprintf(stderr,"\n[-] ERROR: inVirtualAllocEx(), Get Memory\n");

       Success = FALSE;

    }

    //Start Dll Inject

    if(Success)

    {

       HANDLE hThread =CreateRemoteThread(hDstProc,NULL,0,LibFunc,DllPath,0,NULL);

       if(hThread)

       {

          fprintf(stdout,"\n[+] Create Remote Thread, Handle : 0Xx, DllInjection Success\n",hThread);

       }

       else

       {

          fprintf(stderr,"\n[-] in CreateRemoteThread(), Dll InjectionFailed\n");

           Success =FALSE;

       }

       CloseHandle(hThread);

      VirtualFreeEx(hDstProc,DllPath,0,MEM_RELEASE);

    }

    //Cleaning

   CloseHandle(hDstProc);

    return !Success;

}