远程DLL注入、卸载
来源:互联网 发布:sql server decimal 编辑:程序博客网 时间:2024/05/22 17:38
Dll注入
//dwPid 为目标进程PID//szDllName 为要注入的DLL文件void CDllManageDlg::InjectDll(DWORD dwPid, CString szDllName){ if(dwPid == 0 || strlen(szDllName) == 0) return; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid); if(hProcess == NULL) return; //将CString转换为char * char *DllName = szDllName.GetBuffer(szDllName.GetLength()); szDllName.ReleaseBuffer(); int nDllLen = strlen(DllName) + sizeof(char); //在目标进程申请内存,返回目标进程申请到的内存块的起始地址 LPVOID pDllAddr = VirtualAllocEx(hProcess, NULL, nDllLen, MEM_COMMIT, PAGE_READWRITE); if(pDllAddr == NULL) { CloseHandle(hProcess); AfxMessageBox("注入失败!"); return; } //将要注入的Dll文件写入目标进程 DWORD dwWriteNum = 0; WriteProcessMemory(hProcess, pDllAddr, DllName, nDllLen, &dwWriteNum); //检索指定的动态链接库(DLL)中的输出库函数地址 LPVOID pFunAddr = LoadLibraryA; //创建一个远程线程 HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunAddr, pDllAddr, 0, NULL); // 等待LoadLibrary加载完毕 WaitForSingleObject(hThread, INFINITE); // 释放目标进程中申请的空间 VirtualFreeEx( hProcess, NULL, nDllLen, MEM_DECOMMIT ); CloseHandle(hThread); CloseHandle(hProcess);}
Dll卸载
void CDllManageDlg::UnInjectDll(DWORD dwPid, char *szDllName){ // 使目标进程调用GetModuleHandle,获得DLL在目标进程中的句柄 DWORD dwHandle; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid); LPVOID pFunc = GetModuleHandleA; char lpBuf[MAXBYTE]; HANDLE hThread = CreateRemoteThread( hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, lpBuf, 0, &dwPid ); // 等待GetModuleHandle运行完毕 WaitForSingleObject( hThread, INFINITE ); // 获得GetModuleHandle的返回值 GetExitCodeThread( hThread, &dwHandle ); // 释放目标进程中申请的空间 int dwSize = strlen(szDllName) + sizeof(char); VirtualFreeEx( hProcess, lpBuf, dwSize, MEM_DECOMMIT ); CloseHandle( hThread ); // 使目标进程调用FreeLibrary,卸载DLL pFunc = FreeLibrary; hThread = CreateRemoteThread( hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, (LPVOID)dwHandle, 0, &dwPid ); // 等待FreeLibrary卸载完毕 WaitForSingleObject( hThread, INFINITE ); CloseHandle( hThread ); CloseHandle( hProcess ); }
得到进程ID
DWORD CDllManageDlg::GetSelectPid(CString PName){ //获取当前进程快照 HANDLE snapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0 ); //查询进程 PROCESSENTRY32 processInfo; CString strProcessName = ""; DWORD nProcessID = 0; int nProcessTerminate = 0; //这句很重要,否则就无法获取到进程信息 processInfo.dwSize = sizeof( PROCESSENTRY32 ); //获取第一个进程 BOOL status = Process32First( snapShot, &processInfo ); while( status ) { //获取进程名字 strProcessName = processInfo.szExeFile; //查询比较是否选中的进程 if( strProcessName.CompareNoCase( PName ) == 0 ) { //获取进程ID nProcessID = processInfo.th32ProcessID; break; } //获取下一个进程 status = Process32Next( snapShot, &processInfo ); } return nProcessID;}
Dll注入按钮
void CDllManageDlg::OnButtonInject() { // TODO: Add your control notification handler code here UpdateData(TRUE); ProcessName = m_PName; //进程名 dwPid = GetSelectPid(ProcessName); //进程ID szDllName = m_DLL; //Dll路径及名字 InjectDll(dwPid, m_DLL);}
Dll卸载按钮
void CDllManageDlg::OnButtonUninject() { // TODO: Add your control notification handler code here //将CString转换为char * char *DllName = szDllName.GetBuffer(szDllName.GetLength()); szDllName.ReleaseBuffer(); UnInjectDll(dwPid, DllName);}
0 0
- 远程DLL注入、卸载
- DLL远程注入与卸载
- VB 远程注入卸载DLL
- 远程注入与卸载DLL
- VB远程注入卸载DLL代码
- DLL远程注入与卸载(C++)
- 远程线程注入和卸载DLL
- C++ DLL远程注入与卸载函数
- C++ DLL远程注入与卸载函数
- DLL的远程注入及卸载技术详解
- Win32汇编实现DLL的远程注入及卸载
- Win32汇编实现DLL的远程注入及卸载
- Win32汇编实现DLL的远程注入及卸载
- DLL的远程注入及卸载技术详解
- 初学C++ 远程线程注入DLL与卸载
- DLL的远程注入及卸载技术详解
- DLL注入,卸载
- DLL注入与卸载
- Activity初步1
- system("Pause")你会用吗
- 设计模式--观察者模式
- 学习计划2
- iOS判断输入框不为空格以及空
- 远程DLL注入、卸载
- DELPHI调用JAVA WEBSERVICE方法 出现 null object 异常的原因
- 119_素数算法之 埃氏筛
- myeclipse启用/关闭debug模式
- 关于使用BeanUtils.copyProperties拷贝时,时间类型为空时转换异常
- 173,动画方法
- myeclipse和eclipse的区别
- sbt编译spark源码
- 《计算机程序的构造与解释》习题自编代码(第1章)(未完待更)