|
|
- #include <windows.h>
- #include <iostream>
- #include <TLHELP32.H>
- using namespace std;
- int main()
- {
- char* TargetProcess="notepad.exe"; //目标进程
- char* TargetDllPath="d:\\play.dll"; //目标DLL路径
- DWORD pid=-1; //进程ID
- HANDLE hSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); //获取进程快照
- PROCESSENTRY32 pe; //进程信息
- ZeroMemory(&pe,sizeof(pe));
- pe.dwSize=sizeof(pe);
- BOOL bProcess= Process32First(hSnap,&pe); //获取首个进程信息
- while (bProcess)
- {
- cout<<pe.szExeFile<<endl;
- if (strstr(TargetProcess,pe.szExeFile))
- {
- pid=pe.th32ProcessID;
- break;
- }
- bProcess= Process32Next(hSnap,&pe);
- }
- CloseHandle(hSnap);
- LPTHREAD_START_ROUTINE pLoadLibrary=(LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("kernel32.dll"),"LoadLibraryA"); //获取函数地址
- if (pLoadLibrary==NULL)
- {
- cout<<"获取函数地址失败\n!";
- }
- else
- {
- cout<<pLoadLibrary<<endl;
- HANDLE hProcess= OpenProcess(PROCESS_ALL_ACCESS,false,pid); //打开进程
- if (hProcess)
- {
- LPVOID DllAddress= VirtualAllocEx(hProcess,NULL,strlen(TargetDllPath),MEM_COMMIT,PAGE_READWRITE); //申请空间
- if (DllAddress==NULL)
- {
- cout<<"申请空间失败!\n";
- }
- else
- {
- cout<<DllAddress<<endl;
- if (WriteProcessMemory(hProcess,DllAddress,TargetDllPath,strlen(TargetDllPath),NULL))
- {
- DWORD dwThreadId;
- HANDLE hThread;
- hThread= CreateRemoteThread(hProcess,NULL,0,pLoadLibrary,TargetDllPath,0,&dwThreadId); //创建远程线程
- if (hThread==NULL)
- {
- cout<<"创建远程线程失败!\n";
- }
- else
- {
- cout<<"创建远程线程成功!\n";
- WaitForSingleObject(hThread,INFINITE); //等待线程返回
- VirtualFreeEx(hProcess,DllAddress,strlen(TargetDllPath),MEM_RELEASE); //释放空间
- CloseHandle(hThread); //关闭线程句柄
- CloseHandle(hProcess); //关闭进程句柄
- }
- }
- else
- {
- cout<<"写入DLL路径失败!\n";
- }
- }
- }
- else
- {
- cout<<"打开进程失败!\n";
- }
- }
- system("pause");
- return 0;
- }
|
|
粤公网安备 44522102000125 增值电信业务经营许可证 粤B2-20192173
发表于 2015-6-10 10:28:34
主题置顶卡
沉默卡
变色卡
扫一扫,关注易界动态