| dll 远程线程注入 | 您所在的位置:网站首页 › 远程线程注入dll › dll 远程线程注入 |
dll 远程线程注入
|
dll 远程线程注入
原创
luwenji309 2013-04-24 11:53:39 博主文章分类:c++/mfc ©著作权 文章标签 dll 远程线程注入 文章分类 C/C++ 编程语言 ©著作权归作者所有:来自51CTO博客作者luwenji309的原创作品,请联系作者获取转载授权,否则将追究法律责任dll 远程线程注入https://blog.51cto.com/venglu/1185199bool EnableDebugPriv() { HANDLE hToken; TOKEN_PRIVILEGES tp; LUID luid; if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken)) return false; if(!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid))return false; tp.PrivilegeCount = 1; tp.Privileges[0].Attributes =SE_PRIVILEGE_ENABLED; tp.Privileges[0].Luid = luid; if(!AdjustTokenPrivileges(hToken,0,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL) ) return false; return true; } // rundll32 yourdll,test 测试你的dll的功能是否正常 //dll绝对路径 和要注入的进程名 //dll里实现你想要做的任何事 bool InstallDll(std::string mDllFullPath,DWORD mProcessID) { if (mProcessID == 0)return false; if(!EnableDebugPriv())return false; HANDLE hRemoteProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,mProcessID); if(hRemoteProcess == NULL)return false; size_t length = mDllFullPath.size() + 1; char *pszLibFileRemote = (char *)::VirtualAllocEx(hRemoteProcess, NULL, length, MEM_COMMIT, PAGE_READWRITE); if(pszLibFileRemote==NULL)return false; if(WriteProcessMemory(hRemoteProcess,pszLibFileRemote,mDllFullPath.c_str(),length,NULL) == 0) return false; PTHREAD_START_ROUTINE pfnStartAddr=(PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandleA("Kernel32"),"LoadLibraryA"); if(pfnStartAddr == NULL) { ::VirtualFreeEx(hRemoteProcess,pszLibFileRemote,length,MEM_RELEASE); return false; } HANDLE hRemoteThread = CreateRemoteThread(hRemoteProcess,NULL,0,pfnStartAddr,pszLibFileRemote,0,NULL); if(hRemoteThread==NULL) { ::VirtualFreeEx(hRemoteProcess,pszLibFileRemote,length,MEM_RELEASE); return false; } ::VirtualFreeEx(hRemoteProcess,pszLibFileRemote,length,MEM_RELEASE); return true; } 赞 收藏 评论 分享 微博 QQ 微信 上一篇:获取进程加载的dll模块 下一篇:c++ socket 下载网页文件 |
【本文地址】
公司简介
联系我们