C语言编写的DLL注入工具源代码-C Sharp-TC辅助网_我爱辅助网_小刀娱乐网

C语言编写的DLL注入工具源代码

Ysjt、凌何

2019/06/14 22:29:39

娉ㄥ叆鏂瑰紡浣跨敤鐨勬槸浠ｇ爜娉ㄥ叆锛屽弬鑰冧簡銆婇嗗悜宸ョ▼鏍稿績鍘熺悊銆嬩腑鐨勭浉鍏充唬鐮併備唬鐮佹敞鍏ュ崰鐢ㄥ唴瀛樺皯骞堕毦浠ユ煡鎵剧棔杩癸紝鍦ㄤ唬鐮侀噺灏忕殑鏃跺欐瘮杈冨悎閫傘
涓嶈繃杩欒竟鏈変竴涓棶棰樺氨鏄湪鎵ц鐢ㄦ埛閫夋嫨鐨勫惎鍔ㄥ嚱鏁版椂鎴

// 鍙傛暟绫诲瀷
typedef struct _INJECTTHREAD_PARAM
{
FARPROC pFunc[3];
char szBuf[2][128];
} INJECTTHREAD_PARAM, *PINJECTTHREAD_PARAM;
// 姝ゅ嚱鏁颁互浠ｇ爜褰㈠紡娉ㄥ叆鐩爣杩涚▼
DWORD WINAPI InjectThreadProc(LPVOID param)
{
PINJECTTHREAD_PARAM pParam = (PINJECTTHREAD_PARAM)param;
HMODULE hModule;
FARPROC pFunc;
HANDLE hThread;
// 娉ㄥ叆鐨勪唬鐮侀噷涓嶈兘鐩存帴璋冪敤API鍑芥暟
// LoadLibraryA(szDllPath)
hModule = ((PFLOADLIBRARYA)pParam->pFunc[0])(pParam->szBuf[0]);
if (!hModule)
{
return 1;
}
// GetProcAddress(hModule, szFunc)
pFunc = ((PFGETPROCADDRESS)pParam->pFunc[1])(hModule, pParam->szBuf[1]);
if (!pFunc)
{
return 1;
}
// CreateThread()鎵ц鍔犺浇鏃惰杩愯鐨勫嚱鏁, 涓嶇煡閬撲娇鐢ㄨ繖绉嶆柟寮忓悎涓嶅悎閫
hThread = ((PFCREATETHREAD)pParam->pFunc[2])(NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, NULL, 0, NULL);
return 0;
}
BOOL InjectDll(DWORD dwPID, LPCSTR szDllPath, LPCSTR szFunc)
{
HMODULE hModule;
INJECTTHREAD_PARAM param;
HANDLE hProcess;
HANDLE hThread;
LPVOID pRemoteBuf[2];
DWORD dwSize;
hModule = GetModuleHandleW(L"kernel32.dll");
memset(露m, 0, sizeof(INJECTTHREAD_PARAM));
// 瑕佽繘琛屼唬鐮佹敞鍏, 灏卞繀闇瑕佹妸瑕佽皟鐢ㄥ弬鏁板厛鍐欏叆鐩爣杩涚▼
param.pFunc[0] = GetProcAddress(hModule, "LoadLibraryA");
param.pFunc[1] = GetProcAddress(hModule, "GetProcAddress");
param.pFunc[2] = GetProcAddress(hModule, "CreateThread");
strcpy_s(param.szBuf[0], strlen(szDllPath) + 1, szDllPath);
strcpy_s(param.szBuf[1], strlen(szFunc) + 1, szFunc);
if (!(hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID)))
{
return FALSE;
}
// 鍒ゆ柇鐜
if (Is64BitProcess(GetCurrentProcess()) != Is64BitProcess(hProcess))
{
MessageBox(NULL, TEXT("鎵撳紑鍔ㄦ侀摼鎺ュ簱鏂囦欢澶辫触"), TEXT("鎻愮ず"), MB_ICONERROR | MB_OK);
CloseHandle(hProcess);
return FALSE;
}
dwSize = sizeof(INJECTTHREAD_PARAM);
if (!(pRemoteBuf[0] = VirtualAllocEx(hProcess, NULL, dwSize, MEM_COMMIT, PAGE_READWRITE)))
{
return FALSE;
}
// 灏嗗叏閮ㄧ殑鍙傛暟浣滀负缁撴瀯浣撴暣涓啓鍏
if (!WriteProcessMemory(hProcess, pRemoteBuf[0], (LPVOID)露m, dwSize, NULL))
{
return FALSE;
}
dwSize = (DWORD)InjectDll - (DWORD)InjectThreadProc;
if (!(pRemoteBuf[1] = VirtualAllocEx(hProcess, NULL, dwSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE)))
{
return FALSE;
}
// 鍐嶅皢InjectThreadProc鐨勫嚱鏁颁唬鐮佸啓鍏ョ洰鏍囪繘绋
if (!WriteProcessMemory(hProcess, pRemoteBuf[1], (LPVOID)InjectThreadProc, dwSize, NULL))
{
return FALSE;
}
// pRemoteBuf[1]灏辨槸InjectThreadProc鍦ㄧ洰鏍囪繘绋嬩腑鐨勮捣濮嬪湴鍧, 宸茬粡琚啓鍏, pRemoteBuf[0]鍒欐槸鍐欏叆鐨勫弬鏁板湴鍧
if (!(hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pRemoteBuf[1], pRemoteBuf[0], 0, NULL)))
{
return FALSE;
}
WaitForSingleObject(hThread, INFINITE);
VirtualFreeEx(hProcess, pRemoteBuf[0], 0, MEM_RELEASE);
VirtualFreeEx(hProcess, pRemoteBuf[1], 0, MEM_RELEASE);
CloseHandle(hThread);
CloseHandle(hProcess);
return TRUE;
[align=left]
}

閫夋嫨璁╃洰鏍囪繘绋嬩娇鐢–reateThread鏉ヨ皟鐢╠ll鐨勫鍑哄嚱鏁帮紝杩欐牱鍋氭槸鍚﹀悎閫傦紵娴嬭瘯浜嗕竴浜涙殏鏃惰繕娌″彂鐜颁粈涔堥棶棰

进入原文参与互动