• 远程线程注入


    // remote06.cpp : Defines the entry point for the console application.
    //
    
    #include "stdafx.h"
    #include "windows.h"
    
    
    BOOL func(DWORD ProcessID,char* DllPathName)
    {
        DWORD ThreadID = NULL;
        //1.获取进程句柄
        HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,ProcessID);
        if (hProcess == NULL)
        {
            OutputDebugString("OpenProcess失败!");
            CloseHandle(hProcess);
            return FALSE;
        }
        //2.计算DLL路径长度,并且加上0结尾长度strlen
        DWORD LenOfDllPathName = strlen(DllPathName)+1;
    
        
        //3.在目标进程分配内存VirtualAllocEx
        LPVOID lpAllocAddr = VirtualAllocEx(hProcess,NULL,LenOfDllPathName,MEM_COMMIT,PAGE_READWRITE);
        if (lpAllocAddr == NULL)
        {
            OutputDebugString("VirtualAllocEx失败!");
            CloseHandle(hProcess);
            return FALSE;
        }
    
        //4.拷贝DLL路径到目标进程新分配的内存WriteProcessMemory
        DWORD bRet = WriteProcessMemory(hProcess,lpAllocAddr,DllPathName,LenOfDllPathName,NULL);
        if (!bRet)
        {
            OutputDebugString("WriteProcessMemory失败!");
            CloseHandle(hProcess);
            return FALSE;
        }
    
        //5.获得模块地址GetModuleHandle
        HMODULE hml = GetModuleHandle("Kernel32.dll");
        if (hml == NULL)
        {
            OutputDebugString("GetModuleHandle失败!");
            CloseHandle(hProcess);
            return FALSE;
        }
        
        //6.获得LoadLibraryA函数地址GetProcAddress
        DWORD lpLoadAddr = (DWORD)GetProcAddress(hml,"LoadLibraryA");
        if (!lpLoadAddr)
        {
            OutputDebugString("GetProcAddress失败!");
            CloseHandle(hProcess);
            CloseHandle(hml);
            return FALSE;
        }
        
        //7.创建远程线程,加载DLL
        HANDLE hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)lpLoadAddr,lpAllocAddr,0,NULL);
        if (hThread == NULL)
        {
            OutputDebugString("CreateRemoteThread失败!");
            CloseHandle(hThread);
            CloseHandle(hml);
            CloseHandle(hProcess);
            return FALSE;
        }
    
        //关闭资源
        CloseHandle(hThread);
        CloseHandle(hml);
        CloseHandle(hProcess);
    
        return TRUE;
    
    }
    int main(int argc, char* argv[])
    {
    
        func(进程ID,DLL路径);
        
        
        return 0;
    }
  • 相关阅读:
    AVL平衡二叉树
    算法集锦(二)
    算法集锦(一)
    选择问题 and 字谜游戏问题
    TF-IDF与余弦相似性的应用
    一致性哈希算法
    Cache缓存
    布隆过滤器
    信号
    设置用户ID和设置组ID
  • 原文地址:https://www.cnblogs.com/ganxiang/p/13135004.html
Copyright © 2020-2023  润新知