//卸载DLL
BOOL CInjectDllFinal::UninjectTargetProcess()
{
BOOL bRet;
//提升自身权限
bRet = AdjustProcess();
if(!bRet)
return FALSE;
bRet = ProcessNameToProcessId();
if(!bRet)
return FALSE;
//定位kernel32.dll在当前进程中的虚拟地址
HMODULE hModule = ::GetModuleHandle(_T("Kernel32"));
if(hModule == NULL)
return FALSE; //定位FreeLiabrary在kernel32中的位置
PTHREAD_START_ROUTINE pfnFreeLibrary = (PTHREAD_START_ROUTINE)::GetProcAddress(hModule , LPCSTR("FreeLibrary"));
if(pfnFreeLibrary == NULL)
return FALSE;
//获取DLL在目标进程中的模块句柄
MODULEENTRY32 me = GetTargetDllModule();
//在目标进程中分配虚拟空间
HANDLE hTargetProcess = NULL;
hTargetProcess = ::OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE ,
FALSE ,
m_uTargetProcessId);
if(hTargetProcess == NULL)
return FALSE;
//创建远程线程进行注入
HANDLE hRemoteThread = ::CreateRemoteThread(hTargetProcess , NULL ,0 ,pfnFreeLibrary , me.modBaseAddr ,0 , NULL);
if(hRemoteThread == NULL)
{
return FALSE;
}
::WaitForSingleObject(hRemoteThread,INFINITE);
::CloseHandle(hRemoteThread);
::CloseHandle(hTargetProcess);
return TRUE;}当运行了之后,就弹出下面信息的对话框,然后被注入的explorer.exe就结束了!!!!为了帮助保护你的计算机,windows已经关闭了此程序
名称: WindowsExplorer
发行者: Microsoft Corporation这是怎么回事???
BOOL CInjectDllFinal::UninjectTargetProcess()
{
BOOL bRet;
//提升自身权限
bRet = AdjustProcess();
if(!bRet)
return FALSE;
bRet = ProcessNameToProcessId();
if(!bRet)
return FALSE;
//定位kernel32.dll在当前进程中的虚拟地址
HMODULE hModule = ::GetModuleHandle(_T("Kernel32"));
if(hModule == NULL)
return FALSE; //定位FreeLiabrary在kernel32中的位置
PTHREAD_START_ROUTINE pfnFreeLibrary = (PTHREAD_START_ROUTINE)::GetProcAddress(hModule , LPCSTR("FreeLibrary"));
if(pfnFreeLibrary == NULL)
return FALSE;
//获取DLL在目标进程中的模块句柄
MODULEENTRY32 me = GetTargetDllModule();
//在目标进程中分配虚拟空间
HANDLE hTargetProcess = NULL;
hTargetProcess = ::OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE ,
FALSE ,
m_uTargetProcessId);
if(hTargetProcess == NULL)
return FALSE;
//创建远程线程进行注入
HANDLE hRemoteThread = ::CreateRemoteThread(hTargetProcess , NULL ,0 ,pfnFreeLibrary , me.modBaseAddr ,0 , NULL);
if(hRemoteThread == NULL)
{
return FALSE;
}
::WaitForSingleObject(hRemoteThread,INFINITE);
::CloseHandle(hRemoteThread);
::CloseHandle(hTargetProcess);
return TRUE;}当运行了之后,就弹出下面信息的对话框,然后被注入的explorer.exe就结束了!!!!为了帮助保护你的计算机,windows已经关闭了此程序
名称: WindowsExplorer
发行者: Microsoft Corporation这是怎么回事???
你把人家的卸载了, 人家进程这个时候调用了某个API,是这个DLL导入的。
除了崩溃还能怎么样?