注入簡單來說就是讓別人的程序執行 你想要讓他執行的dll
#include<iostream>
#include<Windows.h>
using namespace std;char szBuffer[] ="C:\\Users\\20622\\source\\repos\\Dll1\\Debug\\test.dll"; //dll路徑void RemoteThreadInject(DWORD Pid,PCHAR szPath)
{HANDLE hProcess = 0;DWORD dSizeofszPath = strlen(szPath) + 1;LPVOID pDllPath;HANDLE hThread = 0;//第一步打開指定進程獲取到指定進程的句柄hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, Pid);if (!hProcess){cout << "OpenProcess error" << GetLastError() << endl;return;}//第二步在指定進程分配內存pDllPath = VirtualAllocEx(hProcess, NULL, dSizeofszPath, MEM_COMMIT, PAGE_READWRITE);if (!pDllPath){cout << "VirtualAllocEx error" << GetLastError() << endl;return;}//第三步在分配出來的內存地址 寫入loadlibiary的參數if (!WriteProcessMemory(hProcess, pDllPath, szPath, dSizeofszPath, NULL)){cout << "WriteProcessMemory error" << GetLastError() << endl;return;}//第四步創建遠程線程hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, pDllPath, 0, NULL);if (!hThread){cout << "CreateRemoteThread error" << GetLastError() << endl;return;}
}int main()
{RemoteThreadInject(25804, szBuffer);}第一步 使用OpenProcess獲取目標進程的句柄? ?
hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, Pid);if (!hProcess){cout << "OpenProcess error" << GetLastError() << endl;return;}第二步 使用VirtualAllocEx在指定的進程分配內存
pDllPath = VirtualAllocEx(hProcess, NULL, dSizeofszPath, MEM_COMMIT, PAGE_READWRITE);if (!pDllPath){cout << "VirtualAllocEx error" << GetLastError() << endl;return;}第三步 使用WriteProcessMemory函數在指定進程寫入LoadLibiary的參數pDllPath
if (!WriteProcessMemory(hProcess, pDllPath, szPath, dSizeofszPath, NULL)){cout << "WriteProcessMemory error" << GetLastError() << endl;return;}第四步 使用CreateRemoteThread線程創建遠程線程運行LoadLibiary函數
他和CreateThread的區別就是三個參數的形式
這里要注意一下為什么在我們的進程可以直接使用LoadLibiary的地址呢? 因為這個地址是所有進程共享來的 我們得到的地址和他的地址是一樣的
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, pDllPath, 0, NULL);if (!hThread){cout << "CreateRemoteThread error" << GetLastError() << endl;return;} )
)
)
 | 變量和簡單數據類型)
)
 VOFA + ADC + OPAMP)
