function InjectTo(const Host, Guest: string; const PID: DWORD = 0): DWORD;
var
{ 被注入的进程句柄,进程ID}
hRemoteProcess: THandle;
dwRemoteProcessId: DWORD; { 写入远程进程的内容大小 }
memSize: DWORD; { 写入到远程进程后的地址 }
pszLibFileRemote: Pointer; iReturnCode: Boolean;
TempVar: DWORD; { 指向函数LoadLibraryW的地址 }
pfnStartAddr: TFNThreadStartRoutine; { dll全路径,需要写到远程进程的内存中去 }
pszLibAFilename: PwideChar;
begin
Result := 0;
{ 设置权限 }
EnabledDebugPrivilege(True); { 为注入的dll文件路径分配内存大小,由于为WideChar,故要乘2 }
Getmem(pszLibAFilename, Length(Guest) * 2 + 1);
StringToWideChar(Guest, pszLibAFilename, Length(Guest) * 2 + 1); { 获取进程ID }
if PID > 0 then
dwRemoteProcessID := PID
else
GetMyProcessID(Host, False, dwRemoteProcessID); { 取得远程进程句柄,具有写入权限}
hRemoteProcess := OpenProcess(PROCESS_CREATE_THREAD + {允许远程创建线程}
PROCESS_VM_OPERATION + {允许远程VM操作}
PROCESS_VM_WRITE, {允许远程VM写}
FALSE, dwRemoteProcessId); { 用函数VirtualAllocex在远程进程分配空间,并用WriteProcessMemory中写入dll路径 }
memSize := (1 + lstrlenW(pszLibAFilename)) * sizeof(WCHAR);
pszLibFileRemote := PWIDESTRING(VirtualAllocEx(hRemoteProcess, nil, memSize, MEM_COMMIT, PAGE_READWRITE));
TempVar := 0;
iReturnCode := WriteProcessMemory(hRemoteProcess, pszLibFileRemote, pszLibAFilename, memSize, TempVar); if iReturnCode then
begin
pfnStartAddr := GetProcAddress(GetModuleHandle('Kernel32'), 'LoadLibraryW');这段代码我弄不明白啊,writeprocessmemory这个函数为什么还要写点什么东西吗?
进程注入照我想想么就CreateRemoteThrede创建一个线程么好了;
还要分配什么内存我想不明白,VirtualAllocex
var
{ 被注入的进程句柄,进程ID}
hRemoteProcess: THandle;
dwRemoteProcessId: DWORD; { 写入远程进程的内容大小 }
memSize: DWORD; { 写入到远程进程后的地址 }
pszLibFileRemote: Pointer; iReturnCode: Boolean;
TempVar: DWORD; { 指向函数LoadLibraryW的地址 }
pfnStartAddr: TFNThreadStartRoutine; { dll全路径,需要写到远程进程的内存中去 }
pszLibAFilename: PwideChar;
begin
Result := 0;
{ 设置权限 }
EnabledDebugPrivilege(True); { 为注入的dll文件路径分配内存大小,由于为WideChar,故要乘2 }
Getmem(pszLibAFilename, Length(Guest) * 2 + 1);
StringToWideChar(Guest, pszLibAFilename, Length(Guest) * 2 + 1); { 获取进程ID }
if PID > 0 then
dwRemoteProcessID := PID
else
GetMyProcessID(Host, False, dwRemoteProcessID); { 取得远程进程句柄,具有写入权限}
hRemoteProcess := OpenProcess(PROCESS_CREATE_THREAD + {允许远程创建线程}
PROCESS_VM_OPERATION + {允许远程VM操作}
PROCESS_VM_WRITE, {允许远程VM写}
FALSE, dwRemoteProcessId); { 用函数VirtualAllocex在远程进程分配空间,并用WriteProcessMemory中写入dll路径 }
memSize := (1 + lstrlenW(pszLibAFilename)) * sizeof(WCHAR);
pszLibFileRemote := PWIDESTRING(VirtualAllocEx(hRemoteProcess, nil, memSize, MEM_COMMIT, PAGE_READWRITE));
TempVar := 0;
iReturnCode := WriteProcessMemory(hRemoteProcess, pszLibFileRemote, pszLibAFilename, memSize, TempVar); if iReturnCode then
begin
pfnStartAddr := GetProcAddress(GetModuleHandle('Kernel32'), 'LoadLibraryW');这段代码我弄不明白啊,writeprocessmemory这个函数为什么还要写点什么东西吗?
进程注入照我想想么就CreateRemoteThrede创建一个线程么好了;
还要分配什么内存我想不明白,VirtualAllocex
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货