リモートスレッド注入c言語実装
2419 ワード
/************************************************************************/
/*
email:[email protected] */
/************************************************************************/
#include
#include
#include
/*
* : , DLL
* :dwProcessId ID
* lpszDllName DLL
*/
BOOL LoadDll(DWORD dwProcessId,LPTSTR lpszDllName)
{
HANDLE hProcess = NULL;
HANDLE hThread = NULL;
PSTR pszDllFile = NULL;
//
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessId);
if(hProcess == NULL)
return FALSE;
printf(" %d !
",dwProcessId);
//
int cch = 1 + strlen(lpszDllName);
pszDllFile = (PSTR)VirtualAllocEx(hProcess,
NULL,
cch,
MEM_COMMIT,
PAGE_READWRITE);
if(pszDllFile == NULL)
return FALSE;
printf(" !
");
// DLL
if((WriteProcessMemory(hProcess,
(PVOID)pszDllFile,
(PVOID)lpszDllName,
cch,
NULL)) == FALSE)
{
return FALSE;
}
printf(" !
");
// LoadLibrary
PTHREAD_START_ROUTINE pfnThreadRtn = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("kernel32"),"LoadLibraryA");
if(pfnThreadRtn == NULL)
return FALSE;
printf(" LoadLibrary !
");
//
hThread = CreateRemoteThread(hProcess,
NULL,
0,
pfnThreadRtn,
(PVOID)pszDllFile,
0,
NULL);
if(hThread == NULL)
return FALSE;
printf(" !
");
// ,
system("pause");
WaitForSingleObject(hThread,INFINITE);
VirtualFreeEx(hProcess,(PVOID)pszDllFile,0,MEM_RELEASE);
CloseHandle(hThread);
CloseHandle(hProcess);
return TRUE;
}
void main()
{
char lpDllName[MAX_PATH] = TEXT("mydll.dll");
// , ID
PROCESSENTRY32 ProcessEntry = { 0 };
HANDLE hProcessSnap;
ProcessEntry.dwSize = sizeof(PROCESSENTRY32);
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
BOOL bRet = Process32First(hProcessSnap,&ProcessEntry);
while(bRet)
{ // calc.exe,
if(strcmp("calc.exe",ProcessEntry.szExeFile) == 0)
{
LoadDll(ProcessEntry.th32ProcessID,lpDllName);
break;
}
bRet = Process32Next(hProcessSnap,&ProcessEntry);
}
} //自分で書いたmydll.dllはあなたのやりたいことをします.の