[C#] 注入DLL

来源：http://xyzlht.blog.163.com/blog/static/69301417200882834211787/

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;

using System.Runtime.InteropServices;
using System.Diagnostics;


namespace WindowsFormsApplication1
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        [DllImport("kernel32.dll")] //声明API函数
        public static extern int VirtualAllocEx(IntPtr hwnd, int lpaddress, int size, int type, int tect);

        [DllImport("kernel32.dll")]
        public static extern int WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten);

        [DllImport("kernel32.dll")]
        public static extern int GetProcAddress(int hwnd, string lpname);

        [DllImport("kernel32.dll")]
        public static extern int GetModuleHandleA(string name);

        [DllImport("kernel32.dll")]
        public static extern int CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);

        private void button1_Click(object sender, EventArgs e)
        {
            int ok1;
            //int ok2;
            //int hwnd;
            int baseaddress;
            int temp = 0;
            int hack;
            int yan;
            string dllname;

            dllname = "c:\\dll.dll";
            int dlllength;
            dlllength = dllname.Length + 1;
            Process[] pname = Process.GetProcesses(); //取得所有进程

            foreach (Process name in pname) //遍历进程
            {
                //MessageBox.Show(name.ProcessName.ToLower());
                if (name.ProcessName.ToLower().IndexOf("notepad") != -1) //所示记事本，那么下面开始注入
                {
                    baseaddress = VirtualAllocEx(name.Handle, 0, dlllength, 4096, 4);   //申请内存空间
                    if (baseaddress == 0) //返回0则操作失败，下面都是
                    {
                        MessageBox.Show("申请内存空间失败！！");
                        Application.Exit();
                    }

                    ok1 = WriteProcessMemory(name.Handle, baseaddress, dllname, dlllength, temp); //写内存
                    if (ok1 == 0)
                    {
                        MessageBox.Show("写内存失败！！");
                        Application.Exit();
                    }

                    hack = GetProcAddress(GetModuleHandleA("Kernel32"), "LoadLibraryA"); //取得loadlibarary在kernek32.dll地址

                    if (hack == 0)
                    {
                        MessageBox.Show("无法取得函数的入口点！！");
                        Application.Exit();
                    }

                    yan = CreateRemoteThread(name.Handle, 0, 0, hack, baseaddress, 0, temp); //创建远程线程。

                    if (yan == 0)
                    {
                        MessageBox.Show("创建远程线程失败！！");
                        Application.Exit();
                    }
                    else
                    {
                        MessageBox.Show("已成功注入dll!!");
                    }
                }
            }
        }
    }
}

相关阅读:
努力的一分不会少
 C语言中的数组的访问方式
 代码的规划与规范化
 Manjaro中源码安装gcc7.1
周围都是敌人，方法总比问题多
 elementary os 0.4.1下编译GCC-7.1源码并安装成功
 C语言中的基础知识变量探讨
 19年的桌面KDE的风雨和陪伴，没有什么能够割舍
 《手把手教你学C语言》学习笔记（10）--- 程序的循环控制
 copy 的实现原理与深浅拷贝
原文地址：https://www.cnblogs.com/hcbin/p/1714134.html