15,466
社区成员
发帖
与我相关
我的任务
分享各位谁能够提供一个插入进程的源代码?
我要写一个插入IE进程的程序,但是没有一点思路,给为能否提供一个插入进程的源代码,我在网上搜索一下,据说可以通过远程线程插入进程,我很想知道这种方法的实现。
...全文
请发表友善的回复…
发表回复
ibmconok 2008-05-22
- 打赏
- 举报
这个方法涉及到其它的类,所以只挑有用的给你了,刚才少贴了两个变量:)
szLibFile就是你的DLL文件名称。
就是在对方内存中开个空间,把DLL名称放进去,然后再用CreateRemoteThread来调用,因为CreateRemoteThread函数访问的是对方自己内存中的变量地址,所以要先在对方内存中开个小空间
szLibFile就是你的DLL文件名称。
就是在对方内存中开个空间,把DLL名称放进去,然后再用CreateRemoteThread来调用,因为CreateRemoteThread函数访问的是对方自己内存中的变量地址,所以要先在对方内存中开个小空间
ibmconok 2008-05-22
- 打赏
- 举报
char szLibFile[MAX_PATH];
::GetModuleFileNameA(
ModuleFromAddress(GetMsgProc),
szLibFile,
MAX_PATH
);
int cch = 1 + strlen(szLibFile);
szLibFile 就是你要动态插入的DLL的名称
::GetModuleFileNameA(
ModuleFromAddress(GetMsgProc),
szLibFile,
MAX_PATH
);
int cch = 1 + strlen(szLibFile);
szLibFile 就是你要动态插入的DLL的名称
李马 2008-05-22
- 打赏
- 举报
zshwlw 2008-05-22
- 打赏
- 举报
楼上的朋友有一点没有弄明白,'cch' 'szLibFile' 这两的变量的值怎样取得啊?
希望指点一下,或者能否把调用这个DoInjectModuleInto函数的完整代码贴出来?
希望指点一下,或者能否把调用这个DoInjectModuleInto函数的完整代码贴出来?
ibmconok 2008-05-22
- 打赏
- 举报
BOOL DoInjectModuleInto(DWORD pProcessId)
{
BOOL bResult = FALSE;
HANDLE hProcess = NULL;
HANDLE hThread = NULL;
PSTR pszLibFileRemote = NULL;
try
{
// Get a handle for the process we want to inject into
hProcess = ::OpenProcess(
PROCESS_ALL_ACCESS, // Specifies all possible access flags
FALSE,
pProcessId
);
if (hProcess == NULL)
__leave;
// Allocate space in the remote process for the pathname
pszLibFileRemote = (PSTR)::VirtualAllocEx(
hProcess,
NULL,
cch,
MEM_COMMIT,
PAGE_READWRITE
);
if (pszLibFileRemote == NULL)
__leave;
// Copy the DLL's pathname to the remote process's address space
if (!::WriteProcessMemory(
hProcess,
(PVOID)pszLibFileRemote,
(PVOID)szLibFile,
cch,
NULL))
__leave;
// Get the real address of LoadLibraryW in Kernel32.dll
PTHREAD_START_ROUTINE pfnThreadRtn = (PTHREAD_START_ROUTINE)
::GetProcAddress(::GetModuleHandle("Kernel32"), "LoadLibraryA");
if (pfnThreadRtn == NULL)
__leave;
// Create a remote thread that calls LoadLibraryW(DLLPathname)
hThread = ::CreateRemoteThread(
hProcess,
NULL,
0,
pfnThreadRtn,
(PVOID)pszLibFileRemote,
0,
NULL
);
if (hThread == NULL)
__leave;
// Wait for the remote thread to terminate
::WaitForSingleObject(hThread, INFINITE);
bResult = TRUE;
}
__finally
{
// Free the remote memory that contained the DLL's pathname
if (pszLibFileRemote != NULL)
::VirtualFreeEx(hProcess, (PVOID)pszLibFileRemote, 0, MEM_RELEASE);
if (hThread != NULL)
::CloseHandle(hThread);
if (hProcess != NULL)
::CloseHandle(hProcess);
}
return bResult;
}
{
BOOL bResult = FALSE;
HANDLE hProcess = NULL;
HANDLE hThread = NULL;
PSTR pszLibFileRemote = NULL;
try
{
// Get a handle for the process we want to inject into
hProcess = ::OpenProcess(
PROCESS_ALL_ACCESS, // Specifies all possible access flags
FALSE,
pProcessId
);
if (hProcess == NULL)
__leave;
// Allocate space in the remote process for the pathname
pszLibFileRemote = (PSTR)::VirtualAllocEx(
hProcess,
NULL,
cch,
MEM_COMMIT,
PAGE_READWRITE
);
if (pszLibFileRemote == NULL)
__leave;
// Copy the DLL's pathname to the remote process's address space
if (!::WriteProcessMemory(
hProcess,
(PVOID)pszLibFileRemote,
(PVOID)szLibFile,
cch,
NULL))
__leave;
// Get the real address of LoadLibraryW in Kernel32.dll
PTHREAD_START_ROUTINE pfnThreadRtn = (PTHREAD_START_ROUTINE)
::GetProcAddress(::GetModuleHandle("Kernel32"), "LoadLibraryA");
if (pfnThreadRtn == NULL)
__leave;
// Create a remote thread that calls LoadLibraryW(DLLPathname)
hThread = ::CreateRemoteThread(
hProcess,
NULL,
0,
pfnThreadRtn,
(PVOID)pszLibFileRemote,
0,
NULL
);
if (hThread == NULL)
__leave;
// Wait for the remote thread to terminate
::WaitForSingleObject(hThread, INFINITE);
bResult = TRUE;
}
__finally
{
// Free the remote memory that contained the DLL's pathname
if (pszLibFileRemote != NULL)
::VirtualFreeEx(hProcess, (PVOID)pszLibFileRemote, 0, MEM_RELEASE);
if (hThread != NULL)
::CloseHandle(hThread);
if (hProcess != NULL)
::CloseHandle(hProcess);
}
return bResult;
}
rageliu 2008-05-22
- 打赏
- 举报
全局hook
BHO
BHO
[精彩] 子进程及时知道父进程已经退出的最简单...
<br /> 父进程如果退出,子进程如何知道呢,最笨的方法,父子进程之间建立socket连接,然后建立心跳,没隔1秒测试一把,当然太笨了,通过管道
