該樓層疑似違規已被系統折疊?隱藏此樓查看此樓

然后新建一個win32 application 的工程 新建c++ source file 寫入：

#include

#include

int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nShowCmd)

{

char DllName[MAX_PATH]="C:\\Program Files\\Microsoft Visual Studio\\MyProjects\\dll注入dll\\Debug\\dll注入dll.dll";//就是剛才寫的dll的地址+文件名

HANDLE hProcessSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);

PROCESSENTRY32 pe32={sizeof(pe32)};

if(Process32First(hProcessSnap,&pe32))

{

do

{

if(strcmp(pe32.szExeFile,"EXPLORER.EXE")==0) //我注入的是explorer

{

break;

}

}

while(Process32Next(hProcessSnap,&pe32));

}

DWORD TargetProcessId=pe32.th32ProcessID;

CloseHandle(hProcessSnap);

HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,TargetProcessId);

int cbSize=lstrlen(DllName)+1;

LPVOID lpRemoteDllName=VirtualAllocEx(hProcess,NULL,(DWORD)cbSize,MEM_COMMIT,PAGE_READWRITE);

WriteProcessMemory(hProcess,lpRemoteDllName,DllName,(DWORD)cbSize,NULL);

HMODULE hModule=GetModuleHandle("kernel32.dll");

LPTHREAD_START_ROUTINE pfnStartRoutine=(LPTHREAD_START_ROUTINE)GetProcAddress(hModule,"LoadLibraryA");

HANDLE hRemoteThread=CreateRemoteThread(hProcess,NULL,0,pfnStartRoutine,lpRemoteDllName,0,NULL);

WaitForSingleObject(hRemoteThread,INFINITE);

CloseHandle(hRemoteThread);

CloseHandle(hProcess);

return 0;

}

compile build之后執行，你就看到了一個messagebox，而在資源管理器中則沒有這個進程。

當然，殺毒軟件會報毒，說有木馬，別管就是了。有些低端的木馬是用了這個技術。