标签:bool class kernel 语言 single remote std dwr address
VC6.0创建一个Dll文件.
#include <windows.h> extern "C" __declspec(dllexport) void ShellCode() { MessageBox(NULL,"hello lyshark","MsgBox",MB_OK); } bool APIENTRY DllMain(HANDLE handle,DWORD dword,LPVOID lpvoid) { ShellCode(); return true; }
接着创建一个注入工具.
#include <windows.h> #include <stdio.h> #include <iostream> int GetProcessID(char *Name) { HWND Pid=::FindWindow(NULL,Name); DWORD Retn; ::GetWindowThreadProcessId(Pid,&Retn); return Retn; } void InjectDLL(DWORD PID,char *Path) { DWORD dwSize; HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID); dwSize=strlen(Path)+1; LPVOID lpParamAddress=VirtualAllocEx(hProcess,0,dwSize,PARITY_SPACE,PAGE_EXECUTE_READWRITE); WriteProcessMemory(hProcess,lpParamAddress,(PVOID)Path,dwSize,NULL); HMODULE hModule=GetModuleHandleA("kernel32.dll"); LPTHREAD_START_ROUTINE lpStartAddress=(LPTHREAD_START_ROUTINE)GetProcAddress(hModule,"LoadLibraryA"); HANDLE hThread=CreateRemoteThread(hProcess,NULL,0,lpStartAddress,lpParamAddress,0,NULL); WaitForSingleObject(hThread,1000); CloseHandle(hThread); } int main() { int ppid; ppid = ::GetProcessID("lyshark.exe"); // 取出进程PID printf("%x",&ppid); InjectDLL(ppid,"C:\hook.dll"); // 向进程中注入dll文件 return 0; }
标签:bool class kernel 语言 single remote std dwr address
原文地址:https://www.cnblogs.com/LyShark/p/11066063.html
