?? zuru1.rar
字號:
DWORD CInsertDlg::GetProcessId()//獲取explorer.exe進程的ID
{
DWORD Pid=-1;
HANDLE hSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);//創建系統快照
PROCESSENTRY32 lPrs;
ZeroMemory(&lPrs,sizeof(lPrs));
lPrs.dwSize=sizeof(lPrs);
Process32First(hSnap,&lPrs);
if (strstr(targetFile,lPrs.szExeFile))//判斷進程信息是否是explorer.exe
{
Pid=lPrs.th32ProcessID;
return Pid;
}
while(1)
{
ZeroMemory(&lPrs,sizeof(lPrs));
lPrs.dwSize=(&lPrs,sizeof(lPrs));
if (!Process32Next(hSnap,&lPrs))//繼續枚舉進程信息
{
Pid=-1;
break;
}
if (strstr(targetFile,lPrs.szExeFile))
{
Pid=lPrs.th32ProcessID;
break;
}
}
return Pid;
}
void CInsertDlg::OnButton1()
{
DWORD Pid=-1;
Pid=GetProcessId();//得到進程ID
if (Insert(Pid))//執行遠程進程注入
{
}
else
{
return 0;}
}
BOOL CInsertDlg::Insert(DWORD dwProcessId)
{
HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessId);//得到對目標進程操作的所有權限
if (hProcess==NULL)
{
return FALSE;
}
char szModulePath[MAX_PATH];
GetModuleFileName(NULL,szModulePath,MAX_PATH);
PathRemoveFileSpec(szModulePath);
CString strModlePath = _T(szModulePath);
if(strModlePath[strModlePath.GetLength() - 1] != '\\')strModlePath += _T('\\');
strModlePath += _T("test.dll");//獲取DLL路徑
//為DLL路徑分配內存空間
LPVOID RemoteMemory = VirtualAllocEx(hProcess,NULL,strModlePath.GetLength() + 1,MEM_COMMIT,PAGE_READWRITE);
if (RemoteMemory==NULL)
{
return FALSE;
}
//將DLL路徑寫入目標進程的分配的內存
if (!WriteProcessMemory(hProcess,RemoteMemory,(void *)(LPCTSTR)strModlePath,strModlePath.GetLength() + 1,NULL))
{
return FALSE;
}
//得到LoadLibraryA函數的指針
PTHREAD_START_ROUTINE pfn=(PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("Kernel32")),"LoadLibraryA");
if (pfn==NULL)
{
return FALSE;
}
//在遠程進程里創建線程
HANDLE hThread=CreateRemoteThread(hProcess,NULL,0,pfn,RemoteMemory,0,NULL);
if (hThread==NULL)
{
return FALSE;
}
WaitForSingleObject(hThread,INFINITE);//等待線程的返回
VirtualFreeEx(hProcess,RemoteMemory,0,MEM_RELEASE);//釋放內存
CloseHandle(hThread);
CloseHandle(hProcess);
return TRUE;
}
}?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -