设为首页收藏本站
切换到宽版

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
热搜: 活动 交友 discuz
炫语言 | 炫彩界面库 | 用户所需, 正是我所做!»论坛 综合区 娱乐闲聊 C++ dll注入外挂写法,炫彩IDE参考适用
返回列表 发新帖
查看: 218|回复: 0

C++ dll注入外挂写法,炫彩IDE参考适用

[复制链接]
xuig_123

5

主题

10

回帖

58

积分

注册会员

积分
58
发表于 2024-8-26 10:55:30 | 显示全部楼层 |阅读模式
// 你的DLL主要代码入口点
extern "C" __declspec(dllexport) void InjectedFunction() {
    // 这里写入你想在目标进程执行的代码
    MessageBox(NULL, L"DLL Injected!", L"Injected", MB_OK);
}




//以下是你的------外挂部分 (Injector.cpp)



#include <Windows.h>
#include <TlHelp32.h>
#include <iostream>

DWORD FindProcessId(const wchar_t* processName) {
    DWORD processId = 0;
    HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    PROCESSENTRY32 structure;
    structure.dwSize = sizeof(PROCESSENTRY32);

    if (Process32First(snapshot, &structure)) {
        do {
            if (!wcscmp(structure.szExeFile, processName)) {
                processId = structure.th32ProcessID;
                break;
            }
        } while (Process32Next(snapshot, &structure));
    }

    CloseHandle(snapshot);
    return processId;
}

BOOL InjectDLL(DWORD processId, const wchar_t* dllPath) {
    HANDLE processHandle = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, processId);
    if (processHandle == NULL) {
        return FALSE;
    }

    LPVOID remoteBuf = VirtualAllocEx(processHandle, NULL, wcslen(dllPath) * 2 + 1, MEM_COMMIT, PAGE_READWRITE);
    if (remoteBuf == NULL) {
        CloseHandle(processHandle);
        return FALSE;
    }

    if (WriteProcessMemory(processHandle, remoteBuf, (LPVOID)dllPath, wcslen(dllPath) * 2 + 2, NULL) == 0) {
        VirtualFreeEx(processHandle, remoteBuf, 0, MEM_RELEASE);
        CloseHandle(processHandle);
        return FALSE;
    }

    HMODULE moduleHandle = GetModuleHandleW(L"kernel32.dll");
    PTHREAD_START_ROUTINE threadFunc = (PTHREAD_START_ROUTINE)GetProcAddress(moduleHandle, "LoadLibraryW");

    HANDLE hThread = CreateRemoteThread(processHandle, NULL, 0, threadFunc, remoteBuf, 0, NULL);
    if (hThread == NULL) {
        VirtualFreeEx(processHandle, remoteBuf, 0, MEM_RELEASE);
        CloseHandle(processHandle);
        return FALSE;
    }

    WaitForSingleObject(hThread, INFINITE);
    CloseHandle(hThread);
    VirtualFreeEx(processHandle, remoteBuf, 0, MEM_RELEASE);
    CloseHandle(processHandle);
    return TRUE;
}

int main() {
    DWORD processId = FindProcessId(L"notepad.exe"); // 目标进程名
    if (processId == 0) {
        std::cout << "Process not found!" << std::endl;
        return 1;
    }

    wchar_t dllPath[MAX_PATH];
    GetCurrentDirectoryW(MAX_PATH, dllPath);
    wcscat_s(dllPath, L"\\InjectDLL.dll"); // 假设DLL已经生成在程序目录

    if (InjectDLL(processId, dllPath)) {
        std::cout << "DLL Injected Successfully!" << std::endl;
    } else {
        std::cout << "


回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|Archiver|手机版|小黑屋|炫语言 | 炫彩界面库 | 用户所需, 正是我所做! ( 鄂ICP备2023014763号-1 )

GMT+8, 2025-1-29 07:21 , Processed in 0.068491 second(s), 20 queries .

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表