//注射
void CInjectDlg::OnButtonInject()
{
int nPid=0;
WCHAR szDllPath[MAX_PATH]={0};
int nDllNameSize=0;
//获取选择的进程PID
nPid=m_CtrCboProcess.GetUserChoosePid();
if (nPid<8)
{
MessageBox(L"Can't inject to this process!",L"Error",MB_OK+MB_ICONEXCLAMATION);
return;
}
//获取dll信息,路径和文件名长度Byte
nDllNameSize=m_CtrEditPath.GetDllInfo(szDllPath);
//准备工作完成,开始工作
//////////////////////////////////////////////////////////////////////////
HANDLE hRemoteProcess=NULL;
WCHAR* pszDllNameBuff=NULL;
HANDLE hRemoteThread=NULL;
HMODULE hKernel32 =GetModuleHandle(L"Kernel32");
LPTHREAD_START_ROUTINE pLoadLibrary=(LPTHREAD_START_ROUTINE)GetProcAddress(hKernel32,"LoadLibraryW");
__try
{
hRemoteProcess=OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE,\
FALSE,nPid);
if (NULL==hRemoteProcess)
{
ShowErrorInfo(L"OpenProcess Error!");
__leave;
}
pszDllNameBuff=(WCHAR*)VirtualAllocEx(hRemoteProcess,NULL,nDllNameSize,MEM_COMMIT,PAGE_READWRITE);
if (NULL==pszDllNameBuff)
{
ShowErrorInfo(L"VirtualAllocEx buff error!");
__leave;
}
if (!WriteProcessMemory(hRemoteProcess,pszDllNameBuff,szDllPath,nDllNameSize,NULL))
{
ShowErrorInfo(L"VWriteProcessMemory error!");
__leave;
}
// 鸡冻人心的时刻
hRemoteThread=CreateRemoteThread(hRemoteProcess,NULL,0,pLoadLibrary,pszDllNameBuff,0,NULL);
if (NULL==hRemoteThread)
{
ShowErrorInfo(L"CreateRemoteThread error!");
__leave;
}
WaitForSingleObject(hRemoteThread,INFINITE);
}
__finally
{
if (NULL!=pszDllNameBuff)
{
VirtualFreeEx(hRemoteProcess,pszDllNameBuff,0,MEM_RELEASE);
}
if (NULL!=hRemoteProcess)
{
CloseHandle(hRemoteProcess);
hRemoteProcess=NULL;
}
}
}
//卸载
void CInjectDlg::OnButtonUnload()
{
int nPid=0;
HANDLE hModuleSnap=NULL;
MODULEENTRY32 stModuleEntry={0};
BOOL bFlag=TRUE;
WCHAR szDllPath[MAX_PATH]={0};
HMODULE hFindModule=NULL;
stModuleEntry.dwSize=sizeof(stModuleEntry);
m_CtrEditPath.GetDllInfo(szDllPath); //获取dll路径
nPid=m_CtrCboProcess.GetUserChoosePid(); //获取选择的进程PID
hModuleSnap=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,nPid);
bFlag=Module32FirstW(hModuleSnap,&stModuleEntry);
for(;bFlag;)
{
if (0==wcsicmp(szDllPath,stModuleEntry.szExePath))
{
hFindModule=stModuleEntry.hModule;
}
bFlag=Module32NextW(hModuleSnap,&stModuleEntry);
}
//准备工作完成,开始工作
//////////////////////////////////////////////////////////////////////////
HANDLE hRemoteProcess=NULL;
HANDLE hRemoteThread=NULL;
LPTHREAD_START_ROUTINE pFreeLibrary=NULL;
pFreeLibrary=(LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(L"Kernel32"),"FreeLibrary");
__try
{
hRemoteProcess=OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE,\
FALSE,nPid);
if (NULL==hRemoteProcess)
{
ShowErrorInfo(L"OpenProcess Error!");
__leave;
}
// 鸡冻人心的时刻
hRemoteThread=CreateRemoteThread(hRemoteProcess,NULL,0,pFreeLibrary,hFindModule,0,NULL);
if (NULL==hRemoteThread)
{
ShowErrorInfo(L"CreateRemoteThread error!");
__leave;
}
WaitForSingleObject(hRemoteThread,INFINITE);
}
__finally
{
if (NULL!=hRemoteProcess)
{
CloseHandle(hRemoteProcess);
hRemoteProcess=NULL;
}
}
}
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· AI技术革命,工作效率10个最佳AI工具