在其他程序中,建立乙個新的執行緒來loadlibrarya我們的dll。
#include
#include
void main()
//給程序分配記憶體
lpvoid baseaddress;
char *strdllname = ;
int len = strlen(strdllname) + 1;
baseaddress = virtualallocex(hprocess,null,len,mem_commit,page_readwrite);
//寫程序記憶體
if (writeprocessmemory(hprocess,baseaddress,strdllname,len,null) == false)
//建立遠端執行緒
farproc procaddress;
hmodule hmodule = getmodulehandle("kernel32.dll");
procaddress = getprocaddress(hmodule,"loadlibrarya");
handle hthread;
hthread = createremotethread(hprocess,
null,
0,(lpthread_start_routine)procaddress,
baseaddress,
0,null);
//等待執行緒完成
waitforsingleobject(hthread,infinite);
//釋放記憶體,關閉控制代碼
virtualfreeex(hprocess,baseaddress,0,mem_release);
closehandle(hthread);
closehandle(hprocess);
DLL注入 遠端執行緒
dll include stdafx.h include include include bool apientry dllmain hmodule hmodule,dword ul reason for call,lpvoid lpreserved return true 注入器 include ...
DLL注入之遠端執行緒注入
wchar szdllname l 要注入的dll的路徑 if szdllname 0 null return 1 1 開啟程序 handle hprocess openprocess process all access,false,程序pid if hprocess invalid handle...
遠端注入DLL
ool cinject injectdll char m path,dword m id 如果開啟程序成功,則在該程序中開闢記憶體空間 this m baseaddress virtualallocex m handle,null,1024,mem commit,page execute readw...