1: using System;
2: using System.Collections.Generic;
3: using System.ComponentModel;
4: using System.Data;
5: using System.Diagnostics;
6: using System.Drawing;
7: using System.Linq;
8: using System.Runtime.InteropServices;
9: using System.Text;
10: using System.Windows.Forms;
11:
12: namespace hooktest01
13: {
14: public partial class Form1 : Form
15: {
16: [DllImport("kernel32.dll")]
17: public static extern int VirtualAllocEx(IntPtr hwnd, Int32 lpaddress, int size, int type, Int32 tect);
18: [DllImport("kernel32.dll")]
19: public static extern Boolean WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten);
20: [DllImport("kernel32.dll")]
21: public static extern int GetProcAddress(int hwnd, string lpname);
22: [DllImport("kernel32.dll")]
23: public static extern int GetModuleHandleA(string name);
24: [DllImport("kernel32.dll")]
25: public static extern IntPtr CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);
26: [DllImport("kernel32.dll")]
27: public static extern Int32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds);
28: [DllImport("kernel32.dll")]
29: public static extern Boolean VirtualFree(IntPtr lpAddress, Int32 dwSize, Int32 dwFreeType);
30: Process pname;
31: UInt32 INFINITE = 0xFFFFFFFF;
32: Int32 PAGE_EXECUTE_READWRITE = 0x40;
33: Int32 MEM_COMMIT = 0x1000;
34: Int32 MEM_RESERVE = 0x2000;
35: Int32 MEM_RELEASE = 0x8000;
36: Int32 AllocBaseAddress;
37: IntPtr hwnd;
38: string dllname;
39: Int32 Pid;
40: Boolean ok;
41: Int32 loadaddr;
42: IntPtr ThreadHwnd;
43:
44:
45: public Form1()
46: {
47: InitializeComponent();
48: }
49:
50: private void button1_Click(object sender, EventArgs e)
51: {
52: try
53: {
54: if (textBox1.Text == "" || textBox1.Text == null)
55: {
56: MessageBox.Show("Pid is null"); return;
57: }
58: if (textBox2.Text == "" || textBox2.Text == null)
59: {
60: MessageBox.Show("dll name is null"); return;
61: }
62: Pid = Int32.Parse(textBox1.Text);
63: dllname = textBox2.Text;
64: }
65: catch(Exception error)
66: {
67: MessageBox.Show(error.Message); return;
68: }
69: try
70: {
71: pname = Process.GetProcessById(Pid);
72: hwnd = pname.Handle;
73: }
74: catch(Exception error)
75: { //当标示pid的进程不存在时发生异常;
76: MessageBox.Show (error.Message); return;
77: }
78: AllocBaseAddress= VirtualAllocEx(hwnd, 0, dllname.Length + 1, MEM_COMMIT+ MEM_RESERVE, PAGE_EXECUTE_READWRITE);
79: if (AllocBaseAddress == 0)
80: {
81: MessageBox.Show("virtualallocex fail"); return;
82: }
83: ok=WriteProcessMemory(hwnd, AllocBaseAddress, dllname, dllname.Length + 1,0);
84: if (!ok)
85: {
86: MessageBox.Show("writeprocessmemory fail"); return;
87: }
88: loadaddr = GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
89: if (loadaddr == 0)
90: { //取得LoadLibraryA的地址失败时返回
91: MessageBox.Show("get loadlibraryA fail"); return;
92: }
93: ThreadHwnd=CreateRemoteThread(hwnd, 0, 0, loadaddr, AllocBaseAddress,0, 0);
94: if (ThreadHwnd ==IntPtr.Zero)
95: {
96: MessageBox.Show("createremotethread fail"); return;
97: }
98:
99:
100: WaitForSingleObject(ThreadHwnd, INFINITE);
101: MessageBox.Show("ok ,you can check now!!!");
102: VirtualFree(hwnd, 0, MEM_RELEASE);
103: //下面开始枚举模块列表;
104: ProcessModuleCollection pmodule = pname.Modules;
105: foreach (ProcessModule processm in pmodule)
106: {
107: listBox1.Items.Add(processm.FileName);
108: }
109: pname.Dispose();
110: }
111: //进程 句柄
112:
113: }
114: }