wchar szdllname = l"/*要注入的dll的路徑*/";
if(szdllname[0] == null)
return -1;
// 1、開啟程序
handle hprocess = openprocess(process_all_access, false, /*程序pid*/);
if(hprocess == invalid_handle_value)
return -1;
// 2、在遠端程序中申請空間
lpvoid pszdllname = virtualallocex(hprocess, null, 4096, mem_commit, page_execute_readwrite);
if(null == pszdllname)
return -1;
// 3、向遠端程序中寫入資料
if(!writeprocessmemory(hprocess, pszdllname, szdllname, max_path, null))
return -1;
// 4、在遠端程序中建立遠端程序
handle hinjectthread = createremotethread(hprocess,
null,
0,(lpthread_start_routine)loadlibrary,
pszdllname,
null,
null);
if(null == hinjectthread)
return -1;
// 5、等待執行緒結束返回
dword dw = waitforsingleobject(hinjectthread, -1);
// 6、獲取執行緒退出碼, 即loadlibrary 的返回值 dll的首位址
dword dwexitcode;
getexitcodethread(hinjectthread, &dwexitcode);
hmodule hmod = (hmodule)dwexitcode;
// 7、釋放空間
if(!virtualfreeex(hprocess, pszdllname, 4096, mem_decommit))
return -1;
closehandle(hprocess);
遠端執行緒DLL注入
在其他程序中,建立乙個新的執行緒來loadlibrarya我們的dll。include include void main 給程序分配記憶體 lpvoid baseaddress char strdllname int len strlen strdllname 1 baseaddress virt...
DLL注入 遠端執行緒
dll include stdafx.h include include include bool apientry dllmain hmodule hmodule,dword ul reason for call,lpvoid lpreserved return true 注入器 include ...
遠端注入DLL
ool cinject injectdll char m path,dword m id 如果開啟程序成功,則在該程序中開闢記憶體空間 this m baseaddress virtualallocex m handle,null,1024,mem commit,page execute readw...