c++ 程序注入程式碼
阿新 • • 發佈:2019-01-30
unicoce c語言 變數宣告要放在前面
使用多位元組字符集 c++BOOL WINAPI InjectIt(LPCTSTR DllPath, const DWORD dwRemoteProcessld)//注入主函式 { HANDLE hrp = NULL; LPTSTR psLibFileRemote = NULL; //計算LoadLibraryA的入口地址 PTHREAD_START_ROUTINE pfnStartAddr=(PTHREAD_START_ROUTINE) GetProcAddress(GetModuleHandle(TEXT("Kernel32")),"LoadLibraryW"); HANDLE hrt = NULL; printf("%p\n",pfnStartAddr); if((hrp=OpenProcess(PROCESS_CREATE_THREAD|//允許遠端建立執行緒 PROCESS_VM_OPERATION|//允許遠端VM操作 PROCESS_VM_WRITE,//允許遠端VM寫 FALSE,dwRemoteProcessld)) == NULL) { // OpenProcess Error printf("開啟目標程序失敗"); return FALSE; } printf("%0x\n",hrp); //使用VirtualAllocEx函式在遠端程序的記憶體地址空間分配DLL檔名緩衝 psLibFileRemote=(LPTSTR)VirtualAllocEx(hrp, NULL, (lstrlen(DllPath)+1)* sizeof(WCHAR), MEM_COMMIT, PAGE_READWRITE); if(psLibFileRemote == NULL) { // VirtualAllocEx Error printf("VirtualAllocEx Error"); return FALSE; } printf("%p\n",psLibFileRemote); //使用WriteProcessMemory函式將DLL的路徑名複製到遠端的記憶體空間 if(WriteProcessMemory(hrp, psLibFileRemote, (void *)DllPath, (lstrlen(DllPath)+1)* sizeof(WCHAR), NULL) == 0) { // WriteProcessMemory Error printf("WriteProcessMemory Error"); return FALSE; } if(pfnStartAddr == NULL) { // GetProcAddress Error! return FALSE; } printf("%p\n",pfnStartAddr); //pfnStartAddr地址就是LoadLibraryA的入口地址 if((hrt = CreateRemoteThread(hrp, NULL, 0, pfnStartAddr, psLibFileRemote, 0, NULL)) == NULL) { // CreateRemote Error printf("建立遠端執行緒失敗"); return FALSE; } printf("建立遠端執行緒成功"); return TRUE; }
BOOL WINAPI InjectIt(LPCTSTR DllPath, const DWORD dwRemoteProcessld)//注入主函式 { HANDLE hrp = NULL; if((hrp=OpenProcess(PROCESS_CREATE_THREAD|//允許遠端建立執行緒 PROCESS_VM_OPERATION|//允許遠端VM操作 PROCESS_VM_WRITE,//允許遠端VM寫 FALSE,dwRemoteProcessld)) == NULL) { // OpenProcess Error return FALSE; } LPTSTR psLibFileRemote = NULL; //使用VirtualAllocEx函式在遠端程序的記憶體地址空間分配DLL檔名緩衝 psLibFileRemote=(LPTSTR)VirtualAllocEx(hrp, NULL, lstrlen(DllPath)+1, MEM_COMMIT, PAGE_READWRITE); if(psLibFileRemote == NULL) { // VirtualAllocEx Error return FALSE; } //使用WriteProcessMemory函式將DLL的路徑名複製到遠端的記憶體空間 if(WriteProcessMemory(hrp, psLibFileRemote, (void *)DllPath, lstrlen(DllPath)+1, NULL) == 0) { // WriteProcessMemory Error return FALSE; } //計算LoadLibraryA的入口地址 PTHREAD_START_ROUTINE pfnStartAddr=(PTHREAD_START_ROUTINE) GetProcAddress(GetModuleHandle(TEXT("Kernel32")),"LoadLibraryA"); if(pfnStartAddr == NULL) { // GetProcAddress Error! return FALSE; } //pfnStartAddr地址就是LoadLibraryA的入口地址 HANDLE hrt = NULL; if((hrt = CreateRemoteThread(hrp, NULL, 0, pfnStartAddr, psLibFileRemote, 0, NULL)) == NULL) { // CreateRemote Error return FALSE; } return TRUE; }