windows目标进程注入dll

2021-01-16 00:14

阅读:557

标签:window   ssi   style   name   while   lib   file   步骤   seh   

在别的程序注入dll

步骤:
1,获取目标进程ID,CreateToolhelp32Snapshot()函数;
2,获取目标进程句柄,OpenProcess()函数;
3,目标进程要一块内存,VirtualAllocEx()函数,不是VirtualAlloc()函数;
4,往要来的目标内存写入要注入的dll文件名,WriteProcessMemory;
5,拿到kernel32模块句柄,GetModuleHandle()函数;
6,拿到kernel32模块里LoadLibraryA()函数地址,GetProcAddress()函数;
7,把dll注入目标进程,CreateRemoteThread()函数

获取进程ID的方法:

DWORD GetPid(const TCHAR* pDest)
{
    HANDLE hProcessHandle;
    PROCESSENTRY32 pe32 = {0};

    hProcessHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    if (hProcessHandle == INVALID_HANDLE_VALUE)
    {
        return FALSE;
    }
    pe32.dwSize = sizeof(PROCESSENTRY32);

    while (Process32Next(hProcessHandle,&pe32))
    {
        //printf("%s\n", pe32.szExeFile);
        if (wcscmp(pe32.szExeFile,pDest)==0)
        {    
            CloseHandle(hProcessHandle);
            return pe32.th32ProcessID;
            wcout ":"  endl;
        }
        
    }
    return 0;

}

注入过程,封装个方法:

BOOL LoadDll(DWORD pID,const TCHAR* pName)
{
    HANDLE hDestProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);

    DWORD pLEN = wcslen(pName)+1;
    LPVOID lpStart =  VirtualAllocEx(hDestProcess, NULL, pLEN, MEM_COMMIT, PAGE_READWRITE);
    BOOL bRET = WriteProcessMemory(hDestProcess, lpStart, pName, pLEN, NULL);
    if (!bRET)
    {
        cout "writeprocessmemory failed error : %d"  endl;
        CloseHandle(hDestProcess);
        return FALSE;
    }
    HMODULE hModule = GetModuleHandle(TEXT("Kernel32.dll"));
    if (!hModule)
    {
        cout "get kernel32 failed error :"  endl;
        CloseHandle(hDestProcess);
        return FALSE;
    }
    DWORD f = (DWORD)GetProcAddress(hModule, "LoadLibraryA");
    if (!f)
    {
        cout "get loadLibraryA failed error :"  endl;
        CloseHandle(hDestProcess);
        CloseHandle(hModule);
        return FALSE;
    }
    CreateRemoteThread(hDestProcess,NULL,0, (LPTHREAD_START_ROUTINE)f,lpStart,NULL,NULL);
    CloseHandle(hDestProcess);
    CloseHandle(hModule);
    return TRUE;
}

 

windows目标进程注入dll

标签:window   ssi   style   name   while   lib   file   步骤   seh   

原文地址:https://www.cnblogs.com/a-s-m/p/12232442.html


评论


亲,登录后才可以留言!