远程线程注入

// remote06.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include "windows.h"


BOOL func(DWORD ProcessID,char* DllPathName)
{
    DWORD ThreadID = NULL;
    //1.获取进程句柄
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,ProcessID);
    if (hProcess == NULL)
    {
        OutputDebugString("OpenProcess失败!");
        CloseHandle(hProcess);
        return FALSE;
    }
    //2.计算DLL路径长度,并且加上0结尾长度strlen
    DWORD LenOfDllPathName = strlen(DllPathName)+1;

    
    //3.在目标进程分配内存VirtualAllocEx
    LPVOID lpAllocAddr = VirtualAllocEx(hProcess,NULL,LenOfDllPathName,MEM_COMMIT,PAGE_READWRITE);
    if (lpAllocAddr == NULL)
    {
        OutputDebugString("VirtualAllocEx失败!");
        CloseHandle(hProcess);
        return FALSE;
    }

    //4.拷贝DLL路径到目标进程新分配的内存WriteProcessMemory
    DWORD bRet = WriteProcessMemory(hProcess,lpAllocAddr,DllPathName,LenOfDllPathName,NULL);
    if (!bRet)
    {
        OutputDebugString("WriteProcessMemory失败!");
        CloseHandle(hProcess);
        return FALSE;
    }

    //5.获得模块地址GetModuleHandle
    HMODULE hml = GetModuleHandle("Kernel32.dll");
    if (hml == NULL)
    {
        OutputDebugString("GetModuleHandle失败!");
        CloseHandle(hProcess);
        return FALSE;
    }
    
    //6.获得LoadLibraryA函数地址GetProcAddress
    DWORD lpLoadAddr = (DWORD)GetProcAddress(hml,"LoadLibraryA");
    if (!lpLoadAddr)
    {
        OutputDebugString("GetProcAddress失败!");
        CloseHandle(hProcess);
        CloseHandle(hml);
        return FALSE;
    }
    
    //7.创建远程线程,加载DLL
    HANDLE hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)lpLoadAddr,lpAllocAddr,0,NULL);
    if (hThread == NULL)
    {
        OutputDebugString("CreateRemoteThread失败!");
        CloseHandle(hThread);
        CloseHandle(hml);
        CloseHandle(hProcess);
        return FALSE;
    }

    //关闭资源
    CloseHandle(hThread);
    CloseHandle(hml);
    CloseHandle(hProcess);

    return TRUE;

}
int main(int argc, char* argv[])
{

    func(进程ID,DLL路径);
    
    
    return 0;
}

 

posted @ 2020-06-15 19:08  温暖了寂寞  阅读(179)  评论(0编辑  收藏  举报