dll 远程线程注入

 

  
  
  
  
  1. bool EnableDebugPriv() 
  2.     HANDLE hToken; 
  3.     TOKEN_PRIVILEGES tp; 
  4.     LUID luid; 
  5.     if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken)) 
  6.         return false
  7.  
  8.     if(!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid))return false
  9.  
  10.     tp.PrivilegeCount = 1; 
  11.     tp.Privileges[0].Attributes =SE_PRIVILEGE_ENABLED; 
  12.     tp.Privileges[0].Luid = luid; 
  13.     if(!AdjustTokenPrivileges(hToken,0,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL) ) return false
  14.  
  15.     return true
  16.  
  17. // rundll32 yourdll,test 测试你的dll的功能是否正常 
  18. //dll绝对路径 和要注入的进程名 
  19. //dll里实现你想要做的任何事 
  20. bool InstallDll(std::string  mDllFullPath,DWORD   mProcessID) 
  21.     if (mProcessID == 0)return false
  22.     if(!EnableDebugPriv())return false
  23.     HANDLE hRemoteProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,mProcessID); 
  24.     if(hRemoteProcess == NULL)return false
  25.  
  26.     size_t length = mDllFullPath.size() + 1; 
  27.  
  28.     char *pszLibFileRemote = (char *)::VirtualAllocEx(hRemoteProcess, NULL, length, MEM_COMMIT, PAGE_READWRITE); 
  29.     if(pszLibFileRemote==NULL)return false
  30.  
  31.     if(WriteProcessMemory(hRemoteProcess,pszLibFileRemote,mDllFullPath.c_str(),length,NULL) == 0) 
  32.         return false
  33.  
  34.     PTHREAD_START_ROUTINE pfnStartAddr=(PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandleA("Kernel32"),"LoadLibraryA"); 
  35.     if(pfnStartAddr == NULL
  36.     { 
  37.         ::VirtualFreeEx(hRemoteProcess,pszLibFileRemote,length,MEM_RELEASE); 
  38.         return false
  39.     } 
  40.  
  41.     HANDLE hRemoteThread = CreateRemoteThread(hRemoteProcess,NULL,0,pfnStartAddr,pszLibFileRemote,0,NULL); 
  42.     if(hRemoteThread==NULL
  43.     { 
  44.         ::VirtualFreeEx(hRemoteProcess,pszLibFileRemote,length,MEM_RELEASE); 
  45.         return false
  46.     } 
  47.  
  48.     ::VirtualFreeEx(hRemoteProcess,pszLibFileRemote,length,MEM_RELEASE); 
  49.  
  50.     return true

 

你可能感兴趣的:(dll,远程线程注入)