• 通用 C# DLL 注入器injector(注入dll不限)


      为了方便那些不懂或者不想用C++的同志,我把C++的dll注入器源码转换成了C#的,这是一个很简单实用的注入器,用到了CreateRemoteThread,WriteProcessMemory ,VirtualAllocEx这几个Api

      1 using System;
      2 using System.Diagnostics;
      3 using System.IO;
      4 using System.Runtime.InteropServices;
      5 using System.Text;
      6 
      7 namespace GijSoft.DllInjection
      8 {
      9     public enum DllInjectionResult
     10     {
     11         DllNotFound,
     12         GameProcessNotFound,
     13         InjectionFailed,
     14         Success
     15     }
     16 
     17     public sealed class DllInjector
     18     {
     19         static readonly IntPtr INTPTR_ZERO = (IntPtr)0;
     20 
     21         [DllImport("kernel32.dll", SetLastError = true)]
     22         static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, uint dwProcessId);
     23 
     24         [DllImport("kernel32.dll", SetLastError = true)]
     25         static extern int CloseHandle(IntPtr hObject);
     26 
     27         [DllImport("kernel32.dll", SetLastError = true)]
     28         static extern IntPtr GetProcAddress(IntPtr hModule, string lpProcName);
     29 
     30         [DllImport("kernel32.dll", SetLastError = true)]
     31         static extern IntPtr GetModuleHandle(string lpModuleName);
     32 
     33         [DllImport("kernel32.dll", SetLastError = true)]
     34         static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, IntPtr dwSize, uint flAllocationType, uint flProtect);
     35 
     36         [DllImport("kernel32.dll", SetLastError = true)]
     37         static extern int WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] buffer, uint size, int lpNumberOfBytesWritten);
     38 
     39         [DllImport("kernel32.dll", SetLastError = true)]
     40         static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttribute, IntPtr dwStackSize, IntPtr lpStartAddress,
     41             IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
     42 
     43         static DllInjector _instance;
     44 
     45         public static DllInjector GetInstance
     46         {
     47             get
     48             {
     49                 if (_instance == null)
     50                 {
     51                     _instance = new DllInjector();
     52                 }
     53                 return _instance;
     54             }
     55         }
     56 
     57         DllInjector() { }
     58 
     59         public DllInjectionResult Inject(string sProcName, string sDllPath)
     60         {
     61             if (!File.Exists(sDllPath))
     62             {
     63                 return DllInjectionResult.DllNotFound;
     64             }
     65 
     66             uint _procId = 0;
     67 
     68             Process[] _procs = Process.GetProcesses();
     69             for (int i = 0; i < _procs.Length; i++)
     70             {
     71                 if (_procs[i].ProcessName == sProcName)
     72                 {
     73                     _procId = (uint)_procs[i].Id;
     74                     break;
     75                 }
     76             }
     77 
     78             if (_procId == 0)
     79             {
     80                 return DllInjectionResult.GameProcessNotFound;
     81             }
     82 
     83             if (!bInject(_procId, sDllPath))
     84             {
     85                 return DllInjectionResult.InjectionFailed;
     86             }
     87 
     88             return DllInjectionResult.Success;
     89         }
     90 
     91         bool bInject(uint pToBeInjected, string sDllPath)
     92         {
     93             IntPtr hndProc = OpenProcess((0x2 | 0x8 | 0x10 | 0x20 | 0x400), 1, pToBeInjected);
     94 
     95             if (hndProc == INTPTR_ZERO)
     96             {
     97                 return false;
     98             }
     99 
    100             IntPtr lpLLAddress = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
    101 
    102             if (lpLLAddress == INTPTR_ZERO)
    103             {
    104                 return false;
    105             }
    106 
    107             IntPtr lpAddress = VirtualAllocEx(hndProc, (IntPtr)null, (IntPtr)sDllPath.Length, (0x1000 | 0x2000), 0X40);
    108 
    109             if (lpAddress == INTPTR_ZERO)
    110             {
    111                 return false;
    112             }
    113 
    114             byte[] bytes = Encoding.ASCII.GetBytes(sDllPath);
    115 
    116             if (WriteProcessMemory(hndProc, lpAddress, bytes, (uint)bytes.Length, 0) == 0)
    117             {
    118                 return false;
    119             }
    120 
    121             if (CreateRemoteThread(hndProc, (IntPtr)null, INTPTR_ZERO, lpLLAddress, lpAddress, 0, (IntPtr)null) == INTPTR_ZERO)
    122             {
    123                 return false;
    124             }
    125 
    126             CloseHandle(hndProc);
    127 
    128             return true;
    129         }
    130     }
    131 }

    注意:使用时必须安装.netFramework

    不满足现状,用于挑战高峰!
  • 相关阅读:
    JNI编程基础
    C语言指针学习
    C语言字符串以及二维数组指针
    CPP数据类型本质以及变量本质分析
    junit在idea中的使用(2)--实践篇
    idea创建maven项目
    SourceTree的基本使用---团队开发/参与开源
    SourceTree的基本使用---基本介绍/本地开发
    流量分析系统---启动流程
    流量分析系统---redis
  • 原文地址:https://www.cnblogs.com/meyon/p/4009248.html
Copyright © 2020-2023  润新知