【发布时间】:2015-06-30 21:58:47
【问题描述】:
这么长时间以来,我一直在试图找出问题所在。 我见过一些人分配:
GetProcAddress(GetModuleHandle("KERNEL32.dll"), "LoadLibraryA")
我想知道这是否是我必须做的,但我只是不明白那行代码究竟做了什么。和我的dll函数没有关系,为什么要加载呢?
主(控制台应用程序 A.K.A 注射器):
#include <iostream>
#include <windows.h>
#include <TlHelp32.h>
char* dllPath = "C:\\Users\\Kalist\\Desktop\\Projects\\DLL\\bin\\Debug\\DLL.dll";
typedef DWORD (WINAPI *pThreadFunc)();
char* ProcToInject = "calc.exe";
int main(){
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
HANDLE procSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
DWORD procID;
if(procSnap){
if(Process32First(procSnap, &pe32)){
do{
if(!strcmp(pe32.szExeFile, ProcToInject)){
procID = pe32.th32ProcessID;
break;
}
}while(Process32Next(procSnap, &pe32));
}
CloseHandle(procSnap);
}
HANDLE procAccess = OpenProcess(PROCESS_ALL_ACCESS, false, procID);
void* memSpace = VirtualAllocEx(procAccess, NULL, strlen(dllPath)+1, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
WriteProcessMemory(procAccess, memSpace, dllPath, strlen(dllPath)+1, NULL);
HINSTANCE getLibadd = LoadLibrary(dllPath);
pThreadFunc pThreadFuncVar = (pThreadFunc)GetProcAddress(getLibadd, "threadFunc");
CreateRemoteThread(procAccess, NULL, 0, (LPTHREAD_START_ROUTINE)pThreadFuncVar, memSpace, 0, NULL);
CloseHandle(procAccess);
}
DLL 远程进程:
#include <iostream>
#include <windows.h>
extern "C" DWORD WINAPI threadFunc(){
MessageBox(0, "Injection worked!", "Injection message", MB_OK);
return 0;
}
【问题讨论】:
标签: c++ winapi dll dll-injection