无痕注入dll_[LAB]一种无痕Dll模块注入方式
#include "stdafx.h"#include "MFC.h"#include "MFCDlg.h"#include "afxdialogex.h"#include
#ifdef _DEBUG#define new DEBUG_NEW#endif
//1.获取进程句柄HANDLE GetThePidOfTargetProcess(HWND hwnd)
{
DWORD pid;
GetWindowThreadProcessId(hwnd, &pid);
HANDLE hProcee = ::OpenProcess(PROCESS_ALL_ACCESS | PROCESS_CREATE_THREAD, 0, pid);
return hProcee;
}
//2.提升权限void Up()
{
HANDLE hToken;
LUID luid;
TOKEN_PRIVILEGES tp;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid);
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
tp.Privileges[0].Luid = luid;
AdjustTokenPrivileges(hToken, 0, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
}
//3.进程注入BOOL DoInjection(char *DllPath, HANDLE hProcess)
{
DWORD BufSize = strlen(DllPath) + 1;
LPVOID AllocAddr = VirtualAllocEx(hProcess, NULL, BufSize, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess, AllocAddr, DllPath, BufSize, NULL);
PTHREAD_START_ROUTINE pfnStartAddr = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryA");
HANDLE hRemoteThread;
hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, pfnStartAddr, AllocAddr, 0, NULL);
if (hRemoteThread)
{
MessageBox(NULL, TEXT("注入成功"), TEXT("提示"), MB_OK);
return true;
}
else
{
MessageBox(NULL, TEXT("注入失败"), TEXT("提示"), MB_OK);
return false;
}
}
class CAboutDlg : public CDialogEx
{
public:
CAboutDlg();
// 对话框数据#ifdef AFX_DESIGN_TIMEenum { IDD = IDD_ABOUTBOX };
#endif
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持
// 实现protected:
DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialogEx(IDD_ABOUTBOX)
{
}
void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
CDialogEx::DoDataExchange(pDX);
}
BEGIN_MESSAGE_MAP(CAboutDlg, CDialogEx)
END_MESSAGE_MAP()
CMFCDlg::CMFCDlg(CWnd* pParent /*=NULL*/)
: CDialogEx(IDD_MFC_DIALOG, pParent)
{
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CMFCDlg::DoDataExchange(CDataExchange* pDX)
{
CDialogEx::DoDataExchange(pDX);
}
BEGIN_MESSAGE_MAP(CMFCDlg, CDialogEx)
ON_WM_SYSCOMMAND()
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
ON_BN_CLICKED(IDOK, &CMFCDlg::OnBnClickedOk)
ON_BN_CLICKED(IDC_BUTTON1, &CMFCDlg::OnBnClickedButton1)
ON_BN_CLICKED(IDCANCEL, &CMFCDlg::OnBnClickedCancel)
ON_BN_CLICKED(IDC_BUTTON2, &CMFCDlg::OnBnClickedButton2)
END_MESSAGE_MAP()
BOOL CMFCDlg::OnInitDialog()
{
CDialogEx::OnInitDialog();
// 将“关于...”菜单项添加到系统菜单中。
// IDM_ABOUTBOX 必须在系统命令范围内。ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
ASSERT(IDM_ABOUTBOX < 0xF000);
CMenu* pSysMenu = GetSystemMenu(FALSE);
if (pSysMenu != NULL)
{
BOOL bNameValid;
CString strAboutMenu;
bNameValid = strAboutMenu.LoadString(IDS_ABOUTBOX);
ASSERT(bNameValid);
if (!strAboutMenu.IsEmpty())
{
pSysMenu->AppendMenu(MF_SEPARATOR);
pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
}
}
// 设置此对话框的图标。 当应用程序主窗口不是对话框时,框架将自动// 执行此操作SetIcon(m_hIcon, TRUE);// 设置大图标SetIcon(m_hIcon, FALSE);// 设置小图标
// TODO: 在此添加额外的初始化代码
return TRUE; // 除非将焦点设置到控件,否则返回 TRUE}
void CMFCDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
if ((nID & 0xFFF0) == IDM_ABOUTBOX)
{
CAboutDlg dlgAbout;
dlgAbout.DoModal();
}
else
{
CDialogEx::OnSysCommand(nID, lParam);
}
}
void CMFCDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // 用于绘制的设备上下文
SendMessage(WM_ICONERASEBKGND, reinterpret_cast(dc.GetSafeHdc()), 0);
// 使图标在工作区矩形中居中int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// 绘制图标dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialogEx::OnPaint();
}
}
HCURSOR CMFCDlg::OnQueryDragIcon()
{
return static_cast(m_hIcon);
}
void CMFCDlg::OnBnClickedOk()
{
//MessageBox(_T("你好,世界!!!"), _T("提示:"), MB_OK);
}
void CMFCDlg::OnBnClickedButton1()//无痕{
//HWND hwnd = FindWindowExA(NULL, NULL, NULL, "MFC");
//Up();
//HANDLE hP = GetThePidOfTargetProcess(hwnd);
//DoInjection("C:\\Users\\HHZ\\Desktop\\HideDll\\Release\\HideDll.dll", hP);
}
void CMFCDlg::OnBnClickedButton2()//有痕{
//HWND hwnd = FindWindowExA(NULL, NULL, NULL, "MFC");
//Up();
//HANDLE hP = GetThePidOfTargetProcess(hwnd);
//DoInjection("C:\\Users\\HHZ\\Desktop\\ShowDll\\Release\\ShowDll.dll", hP);
}
void CMFCDlg::OnBnClickedCancel()
{
// TODO: 在此添加控件通知处理程序代码CDialogEx::OnCancel();
}