|
|
//c++ dll注入后和调用函数
//替换DWORD processId中的进程ID,const char* dllName中的DLL路径
//以下全为“炫彩IDE使用网友参考”
#include <Windows.h>
#include <TlHelp32.h>
FARPROC GetFunctionAddress(HMODULE hModule, const char* funcName) {
return GetProcAddress(hModule, funcName);
}
typedef void (*FuncType)(); // 假设DLL导出的函数不接受参数
int InjectDllAndCallFunction(DWORD processId, const char* dllName) {
HANDLE hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, processId);
if (hProcess == NULL) {
return 1; // 无法打开进程
}
LPVOID remoteBuf = VirtualAllocEx(hProcess, NULL, strlen(dllName) + 1, MEM_COMMIT, PAGE_READWRITE);
if (remoteBuf == NULL) {
CloseHandle(hProcess);
return 2; // 无法在目标进程分配内存
}
if (WriteProcessMemory(hProcess, remoteBuf, dllName, strlen(dllName) + 1, NULL) == 0) {
VirtualFreeEx(hProcess, remoteBuf, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 3; // 无法写入DLL路径到目标进程
}
HMODULE hModule = LoadLibraryA("kernel32.dll");
FARPROC loadLibraryAddr = GetProcAddress(hModule, "LoadLibraryA");
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)loadLibraryAddr, remoteBuf, 0, NULL);
if (hThread == NULL) {
VirtualFreeEx(hProcess, remoteBuf, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 4; // 无法创建远程线程
}
WaitForSingleObject(hThread, INFINITE);
DWORD dwExitCode;
GetExitCodeThread(hThread, &dwExitCode);
CloseHandle(hThread);
HMODULE dllModule = (HMODULE)dwExitCode;
if (dllModule == NULL) {
VirtualFreeEx(hProcess, remoteBuf, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 5; // LoadLibrary 调用失败
}
FuncType func = (FuncType)GetFunctionAddress(dllModule, "FunctionName"); // 替换FunctionName为DLL中函数的实际名称
if (func) {
func(); // 调用DLL中的函数
}
VirtualFreeEx(hProcess, remoteBuf, 0, MEM_RELEASE);
CloseHandle(hProcess);
return 0; // 成功
}
int main() {
DWORD processId = 12345; // 替换为目标进程的ID
const char* dllPath = "C:\\path\\to\\your\\dll.dll"; // DLL的完整路径
int result = InjectDllAndCallFunction(processId, dllPath);
// 根据result的值处理注入结果
return 0;
}
|
|
|Archiver|手机版|小黑屋|炫语言 | 炫彩界面库 | 用户所需, 正是我所做!
( 鄂ICP备2023014763号-1 )
发表于 2024-8-26 11:02:04