Delay(1200); //延迟 自己写的函数
preyhwnD = GetMousePointHwnd(); //获得鼠标指向窗口进程句柄 自己写的函数 preythreadpiD = ::GetWindowThreadProcessId(preyhwnD,&preyprocessiD);
preyhandlE = ::OpenProcess(PROCESS_ALL_ACCESS,FALSE,preyprocessiD);
GetCurrentDirectory(512lu,diR);
sprintf_s(dllnamE,512,"%s//VirtualAllocEx.dll",diR);
sizechar_C = lstrlen(dllnamE);
sizebyte_C =sizechar_C * sizeof(char);
lplibstR = (char *)::VirtualAllocEx(preyhandlE,NULL,sizebyte_C+1,MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(preyhandlE,lplibstR,dllnamE,sizebyte_C+1,NULL)
lpthreadliB =(PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("Kernel32.dll"),"LoadLibraryA");
hthreaD = CreateRemoteThread(preyhandlE,NULL,0,(PTHREAD_START_ROUTINE)lpthreadliB,lplibstR,0,NULL);
我在dll的入口写了个MessageBox 但是没反应 不是注入了dll吗?求救啊
preyhwnD = GetMousePointHwnd(); //获得鼠标指向窗口进程句柄 自己写的函数 preythreadpiD = ::GetWindowThreadProcessId(preyhwnD,&preyprocessiD);
preyhandlE = ::OpenProcess(PROCESS_ALL_ACCESS,FALSE,preyprocessiD);
GetCurrentDirectory(512lu,diR);
sprintf_s(dllnamE,512,"%s//VirtualAllocEx.dll",diR);
sizechar_C = lstrlen(dllnamE);
sizebyte_C =sizechar_C * sizeof(char);
lplibstR = (char *)::VirtualAllocEx(preyhandlE,NULL,sizebyte_C+1,MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(preyhandlE,lplibstR,dllnamE,sizebyte_C+1,NULL)
lpthreadliB =(PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("Kernel32.dll"),"LoadLibraryA");
hthreaD = CreateRemoteThread(preyhandlE,NULL,0,(PTHREAD_START_ROUTINE)lpthreadliB,lplibstR,0,NULL);
我在dll的入口写了个MessageBox 但是没反应 不是注入了dll吗?求救啊
DWORD GetProcessID(TCHAR pProcessName[])
{
BOOL bRet;
HANDLE hProcessSnap;
DWORD ProcessID = -1;
PROCESSENTRY32 pe;
pe.dwSize = sizeof(pe); hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hProcessSnap == INVALID_HANDLE_VALUE)
{
return -1;
}
bRet = Process32First(hProcessSnap, &pe);
while(bRet)
{
if(lstrcmpi(pe.szExeFile, pProcessName) == 0)
{
ProcessID = pe.th32ProcessID;
break;
} bRet = Process32Next(hProcessSnap, &pe);
}
CloseHandle(hProcessSnap);
return ProcessID;
}BOOL Inject(TCHAR szDllPath[])
{
DWORD pid = 0;
int ret = 0;
pid = GetProcessID("explorer.exe");
if(pid == -1)
{
return FALSE;
} HANDLE hProcess = NULL;
HANDLE hRemoteThread = NULL;
void *pLibRemote = NULL;
DWORD hLibModule = 0;
HMODULE hKernel32 = NULL; hKernel32 = GetModuleHandle("Kernel32");
if(hKernel32 == NULL)
{
return FALSE;
} hProcess = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid);
if(hProcess == NULL)
{
return FALSE;
} pLibRemote = VirtualAllocEx(hProcess, NULL,sizeof(szDllPath),MEM_COMMIT,PAGE_READWRITE); ret = WriteProcessMemory(hProcess,pLibRemote,(void *) szDllPath,sizeof(szDllPath),NULL);
if(ret == 0)
{
return FALSE;
} hRemoteThread = CreateRemoteThread(hProcess,NULL, 0,(LPTHREAD_START_ROUTINE)GetProcAddress(hKernel32, "LoadLibraryA"),pLibRemote,0,NULL); WaitForSingleObject(hRemoteThread, INFINITE); GetExitCodeThread(hRemoteThread, &hLibModule); CloseHandle(hRemoteThread);
VirtualFreeEx(hProcess, pLibRemote, sizeof(szDllPath), MEM_RELEASE); CloseHandle(hProcess);
return TRUE;
}
然后在Dll入口中写入MessageBox就可以了。
不行啊 还是入口没放应