美国的华莱士

最基本的远程DLL注入

华莱士

·

HANDLE InjectDll(DWORD Pid, PCSTR DllPath) {
	HANDLE ProcessHandle = NULL;
	HANDLE ThreadHandle = NULL;
	PBYTE RemoteData = NULL;
	PVOID RemoteCode = NULL;
	DWORD DllPathSize = (DWORD)lstrlenA(DllPath) + 1;
	SIZE_T NumberOfBytesWritten;

	RemoteCode = (PVOID)GetProcAddress(GetModuleHandleA("Kernel32.dll"), "LoadLibraryA");
	ProcessHandle = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE |
		PROCESS_CREATE_THREAD,
		FALSE, Pid);
	if (ProcessHandle == NULL) {
		return NULL;
	}

	do {
		RemoteData = (PBYTE)VirtualAllocEx(ProcessHandle, NULL, DllPathSize,
			MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
		if (RemoteData == NULL)
			break;
		if (WriteProcessMemory(ProcessHandle, RemoteData, DllPath, DllPathSize,
			&NumberOfBytesWritten) == FALSE)
			break;
		ThreadHandle = CreateRemoteThread(ProcessHandle, NULL, 0, (LPTHREAD_START_ROUTINE)RemoteCode,
			RemoteData, 0, NULL);
	} while (0);

	if (ThreadHandle) {
		CloseHandle(ProcessHandle);
		return ThreadHandle;
	}
	if (RemoteCode)
		VirtualFreeEx(ProcessHandle, RemoteCode, 0, MEM_RELEASE);
	if (RemoteData)
		VirtualFreeEx(ProcessHandle, RemoteData, 0, MEM_RELEASE);
	CloseHandle(ProcessHandle);
	return NULL;
}

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注