[00026]-[2015-09-20]-[01]-[代码注入技术 --- 1 DLL的注入和卸载]
定义全局变量
DWORD m_dwPid;
CString m_dllPath;
[打开按钮响应函数]
void OnBtnOpen() { CFileDialog dlg(TRUE,//TRUE是创建打开文件对话框,FALSE则创建的是保存文件对话框 ".dll",//默认的打开文件的类型 NULL,//默认打开的文件名 OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT,//打开只读文件 "文本文件(*.dll)|*.dll|所有文件 (*.*)|*.*||");//所有可以打开的文件类型 if(dlg.DoModal()==IDOK) { CString m_FilePath = dlg.GetPathName();////////取出文件路径 m_dllpath = m_FilePath;//将文件的路径放入m_path UpdateData(FALSE); } }
[Dll_Inject()实现体]
void CDLL_Inject_TestDlg::Dll_Inject(DWORD dwPid, char *szDllName) { if(dwPid==0 || strlen(szDllName) == 0) { MessageBox("Dll_Inject fun parameters Error!"); return ; } char* pFunName = "LoadLibraryA"; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid); if(hProcess == NULL) { MessageBox("Open Process Failed !"); return; } int nDllNameLen = strlen(szDllName)+sizeof(char); PVOID pParameter_Addr = VirtualAllocEx(hProcess, NULL, nDllNameLen, MEM_COMMIT, PAGE_READWRITE); if(pParameter_Addr == NULL) { MessageBox("Alloc Memory in Process Failed !"); return; } DWORD dwWriteNum = 0; WriteProcessMemory(hProcess, pParameter_Addr, szDllName, nDllNameLen, &dwWriteNum); FARPROC pFunAddr = GetProcAddress(GetModuleHandle("kernel32.dll"), pFunName); HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunAddr, pParameter_Addr, 0, NULL); WaitForSingleObject(hThread, INFINITE); CloseHandle(hThread); CloseHandle(hProcess);; }
[Dll_Unload()实现体]
void CDLL_Inject_TestDlg::Dll_UnLoad(DWORD dwPid, char *szDllName) { if(dwPid==0 || strlen(szDllName) == 0) { MessageBox("Dll_UnLoad fun parameters Error!"); return ; } HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPid); if(hSnap == NULL) { MessageBox("Create Snap shot Failed !"); return ; } MODULEENTRY32 me = {0}; me.dwSize = sizeof(MODULEENTRY32); BOOL bFind = FALSE; BOOL bRet = Module32First(hSnap, &me); while(bRet) { if(strcmp(me.szExePath, szDllName)==0) { bFind = TRUE; break; } bRet = Module32Next(hSnap, &me); } CloseHandle(hSnap); if(bFind == FALSE) { MessageBox("No DLL to compatible !"); return; } char* pFunName = "FreeLibrary"; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid); FARPROC pFunAddr = (FARPROC)GetProcAddress(GetModuleHandle("kernel32.dll"), pFunName); HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunName, me.szModule, 0, NULL); WaitForSingleObject(hThread, INFINITE); CloseHandle(hThread); CloseHandle(hProcess); }
[【 INJECT 】按钮响应函数]
void CDLL_Inject_TestDlg::OnBtnInject() { // TODO: Add your control notification handler code here UpdateData(TRUE); char* pDllPath = (LPSTR)(LPCSTR)m_dllpath; Dll_Inject(m_dwpid, pDllPath); }
[【 UNLOAD 】按钮响应函数]
void CDLL_Inject_TestDlg::OnBtnUnload() { // TODO: Add your control notification handler code here UpdateData(TRUE); char* pDllPath = (LPSTR)(LPCSTR)m_dllpath; Dll_UnLoad(m_dwpid, pDllPath); }
