创建进程注入DLL源码
创建进程注入DLL源码//创建进程注入DLL
BOOL CreateProcessWithDll(
LPCTSTR lpApplicationName,
LPTSTRlpCommandLine,
LPCTSTR lpCurrentDirectory,
LPCTSTR lpDllPath,
LPSTARTUPINFO lpStartupInfo,
LPPROCESS_INFORMATION
lpProcessInformation)
{
if (!CreateProcess(lpApplicationName, lpCommandLine, nullptr, nullptr, FALSE, CREATE_SUSPENDED, nullptr, lpCurrentDirectory, lpStartupInfo, lpProcessInformation))
return FALSE;
HANDLE hProcess = lpProcessInformation->hProcess;
HANDLE hThread = lpProcessInformation->hThread;
CONTEXT ct = { 0 };
ct.ContextFlags = CONTEXT_ALL;
GetThreadContext(hThread, &ct);
BYTE * pProcessMem = (BYTE *)::VirtualAllocEx(hProcess, NULL, 0x1000, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (!pProcessMem) return FALSE;
DWORD dwWrited = 0;
::WriteProcessMemory(hProcess, (pProcessMem + 0x100), lpDllPath, _tcslen(lpDllPath)*sizeof(TCHAR) +1, &dwWrited);
FARPROC pLoadLibrary = NULL;
#ifdef UNICODE
pLoadLibrary = (FARPROC)::GetProcAddress(::GetModuleHandle(_T("Kernel32")), "LoadLibraryW");
#else
pLoadLibrary = (FARPROC)::GetProcAddress(::GetModuleHandle(_T("Kernel32")), "LoadLibraryA");
#endif
BYTE shellcode[] = { 0x60, 0x9C, 0x68, 0x90, 0x90, 0x90, 0x90, 0xB8, 0x90, 0x90, 0x90, 0x90, 0xFF, 0xD0, 0x9D, 0x61, 0x68, 0x90, 0x90, 0x90, 0x90, 0xC3 };
DWORD *pdwAddr = NULL;
pdwAddr = (DWORD *)&shellcode; *pdwAddr = (DWORD)(pProcessMem + 0x100); //dllpath
pdwAddr = (DWORD *)&shellcode; *pdwAddr = (DWORD)pLoadLibrary;
pdwAddr = (DWORD *)&shellcode; *pdwAddr = (DWORD)ct.Eip;
::WriteProcessMemory(hProcess, pProcessMem, &shellcode, sizeof(shellcode), &dwWrited);
ct.Eip = (DWORD)pProcessMem;
::SetThreadContext(hThread, &ct);
ResumeThread(hThread);
return TRUE;
}
向楼主学习 一直在看 垃圾内容,路过为证。 顶顶更健康 元芳你怎么看? 帖子不错 万一火了呢 就不告诉你,就不告诉你,就不~告诉你! 回复就能得海币,我爱你!
页:
[1]