DLL注入的一个问题
// DLL
#include <windows.h>
BOOL APIENTRY DllMain( HANDLE hModule, DWORD dwReason, LPVOID lpReserved)
{
switch (dwReason)
{
case DLL_PROCESS_ATTACH:
{
MessageBox(NULL,"成功!",NULL,0);break;
}
case DLL_PROCESS_DETACH:break;
case DLL_THREAD_ATTACH:break;
case DLL_THREAD_DETACH:break;
}
return TRUE;
}
// exe
#include<stdio.h>
#include<windows.h>
#include<tlhelp32.h>
#include <string>
#include <iostream>
void ToLower(std::string& rkStr)
{
for(int i = 0;i < (int)rkStr.size();++i)
{
rkStr[i] = tolower(rkStr[i]);
}
}
DWORD idProcess = 0;;
HANDLE hProcessHandle = 0;
//枚举进程,反回指定进程名的pid
DWORD GetPid(const std::string& rkProcess)
{
PROCESSENTRY32 kPe32={ sizeof(PROCESSENTRY32) };
HANDLE hProcessShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hProcessShot==INVALID_HANDLE_VALUE)
{
return 0;
}
if(Process32First(hProcessShot,&kPe32))
{
std::string kExeFile;
do
{
kExeFile = kPe32.szExeFile;
ToLower(kExeFile);
if(kExeFile == rkProcess)
{
return kPe32.th32ProcessID;
}
}while(Process32Next(hProcessShot,&kPe32));
}
return 0;
}
// 远程插入DLL,成功返回1,失败返回0
int insert()
{
TOKEN_PRIVILEGES kTkp;
HANDLE hToken = NULL;
if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken))
{
// 修改进程权限
LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&kTkp.Privileges[0].Luid );
kTkp.PrivilegeCount=1;
kTkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
// 通知系统修改进程权限
AdjustTokenPrivileges(hToken,FALSE,&kTkp,sizeof(TOKEN_PRIVILEGES),NULL,NULL);
}
//将要注入的DLL
std::string kDllPath = "setdll.dll";
int iDllPathSize = kDllPath.size() + 1;
// 我老家的一个游戏平台 呵呵
std::string kExeFile = "ZSWLGame.exe";
ToLower(kExeFile);
//要注入的exe文件
idProcess = GetPid(kExeFile);
if(!idProcess)
{
std::cout<<"Can not find process!"<<std::endl;
return 0;
}
// 打开进程
hProcessHandle = OpenProcess(PROCESS_ALL_ACCESS,FALSE,idProcess);
if(hProcessHandle==NULL)
{
std::cout<<"OpenProcess error!"<<std::endl<<"ProcessID:"<<idProcess<<std::endl;
return 0;
}
// 向进程中申请空间
LPVOID pRemoteDllName = VirtualAllocEx(hProcessHandle,NULL,iDllPathSize,MEM_COMMIT,PAGE_READWRITE);
if(pRemoteDllName==NULL)
{
std::cout<<"VirtualAllocEx error!"<<std::endl;
return 0;
}
// 向进程写入DLL的路径
DWORD dwWrittenSize = 0;
if(!WriteProcessMemory(hProcessHandle,pRemoteDllName,(LPVOID)kDllPath.c_str(),(DWORD)kDllPath.size(),&dwWrittenSize))
{
std::cout<<"WriteProcessMemory error!"<<std::endl;
return 0;
}
//远程注入
DWORD dwThreadId = 0;
LPVOID pfFunc = &LoadLibraryA;
HANDLE hRemoteThread = CreateRemoteThread(hProcessHandle,NULL,0,(LPTHREAD_START_ROUTINE)pfFunc,pRemoteDllName,0,&dwThreadId);
if(!hRemoteThread)
{
std::cout<<"CreateRemoteThread error!"<<std::endl;
return 0;
}
//等到远程进程结束
DWORD dwRet = WaitForSingleObject(hRemoteThread,INFINITE);
VirtualFreeEx(hProcessHandle,pRemoteDllName,iDllPathSize,MEM_DECOMMIT);
CloseHandle(hRemoteThread);
CloseHandle(hProcessHandle);
return 1;
}
int main()
{
insert() ? std::cout<<"注入成功"<<std::endl : std::cout<<"注入失败"<<std::endl;
system("pause");
return 0;
}
// 总是显示"注入成功" 但是从来不出现窗口
// 请问是怎么一回事啊