15,471
社区成员
发帖
与我相关
我的任务
分享
TCHAR szTarget[MAX_PATH]=_T("war3.exe");
dwProcessID = FindTarget( szTarget );
if ( 0 != dwProcessID )
{
//KillTimer(nIDEvent);
if(bRun == false)
{
if ( !RemoteLoadLibrary( dwProcessID,_T("MHCD.dll" )) )
{
MessageBox(_T("加载dll失败,请关闭杀毒再试!"),_T("提示"),0);
}
else
{
bRun = true;
MessageBox(_T("D:\\Program Files\\Warcraft III\\MHCD.dll" ),_T("注入成功"),0);
CListMsg.ResetContent();
}
}
}
BOOL RemoteLoadLibrary( DWORD dwProcessID, LPCTSTR lpszDll )
{
// 打开目标进程
HANDLE hProcess = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, dwProcessID );
if(!hProcess)
{
//AfxMessageBox( (LPCTSTR)"OpenProcess失败。");
return FALSE;
}
// 向目标进程地址空间写入DLL名称
DWORD dwSize, dwWritten;
dwSize = lstrlen( lpszDll ) + 1;
LPVOID lpBuf = VirtualAllocEx( hProcess, NULL, dwSize, MEM_COMMIT, PAGE_READWRITE );
if ( NULL == lpBuf )
{
//AfxMessageBox( (LPCTSTR)"VirtualAllocEx失败1。");
CloseHandle( hProcess );
return FALSE;
}
//if ( WriteProcessMemory( hProcess, lpBuf, (LPVOID)lpszDll, dwSize, &dwWritten ) )
//原来是这样的。
if ( WriteProcessMemory( hProcess, lpBuf, lpszDll, dwSize, &dwWritten ) )
{
// 要写入字节数与实际写入字节数不相等,仍属失败
if ( dwWritten != dwSize )
{
// AfxMessageBox( (LPCTSTR)"VirtualAllocEx失败2。");
VirtualFreeEx( hProcess, lpBuf, dwSize, MEM_DECOMMIT );
CloseHandle( hProcess );
return FALSE;
}
}
else
{
//AfxMessageBox( (LPCTSTR)"WriteProcessMemory失败。");
CloseHandle( hProcess );
return FALSE;
}
// 使目标进程调用LoadLibrary,加载DLL
DWORD dwID;
LPVOID pFunc = LoadLibraryW;//原来是LoadLibraryA HANDLE hThread = CreateRemoteThread( hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, lpBuf, 0, &dwID );
// 等待LoadLibrary加载完毕
//WaitForSingleObject( hThread, INFINITE );
// 释放目标进程中申请的空间
//VirtualFreeEx( hProcess, lpBuf, dwSize, MEM_DECOMMIT );
if(hThread ==NULL)
{
CloseHandle( hThread );
CloseHandle( hProcess );
return false;
}
else
{
CloseHandle( hThread );
CloseHandle( hProcess );
return TRUE;
}
}