我用C++直接写一个程序 调用如下注入函数
InfusionFunc(LPVOID mFunc, LPVOID Param, DWORD ParamSize)
{
HANDLE hProcess;//远程句柄
LPVOID mFuncAddr;//申请函数内存地址
LPVOID ParamAddr;//申请参数内存地址
HANDLE hThread; //线程句柄
DWORD NumberOfByte; //辅助返回值
CString str; DWORD ThreadID;
GetWindowThreadProcessId(hwnd, &ThreadID); //打开被注入的进程句柄
hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION |PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ,FALSE,ThreadID);
//申请内存
mFuncAddr = VirtualAllocEx(hProcess,NULL,128,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
ParamAddr = VirtualAllocEx(hProcess,NULL,ParamSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
//写内存
WriteProcessMemory(hProcess,mFuncAddr,mFunc,1024*2, &NumberOfByte);
WriteProcessMemory(hProcess,ParamAddr,Param,ParamSize, &NumberOfByte);
//创建远程线程
hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)mFuncAddr,
ParamAddr,0,&NumberOfByte);
WaitForSingleObject(hThread, INFINITE); //等待线程结束
//释放申请有内存
VirtualFreeEx(hProcess,mFuncAddr,128,MEM_RELEASE);
VirtualFreeEx(hProcess,ParamAddr,ParamSize,MEM_RELEASE);
//释放远程句柄
CloseHandle(hThread);
CloseHandle(hProcess);
}
没有问题,都可以使用但是我把他写成了功能写成了DLL 再使用C#来调用,只要一调用,被注入的程序就直接死掉了,这个是怎么回事
InfusionFunc(LPVOID mFunc, LPVOID Param, DWORD ParamSize)
{
HANDLE hProcess;//远程句柄
LPVOID mFuncAddr;//申请函数内存地址
LPVOID ParamAddr;//申请参数内存地址
HANDLE hThread; //线程句柄
DWORD NumberOfByte; //辅助返回值
CString str; DWORD ThreadID;
GetWindowThreadProcessId(hwnd, &ThreadID); //打开被注入的进程句柄
hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION |PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ,FALSE,ThreadID);
//申请内存
mFuncAddr = VirtualAllocEx(hProcess,NULL,128,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
ParamAddr = VirtualAllocEx(hProcess,NULL,ParamSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
//写内存
WriteProcessMemory(hProcess,mFuncAddr,mFunc,1024*2, &NumberOfByte);
WriteProcessMemory(hProcess,ParamAddr,Param,ParamSize, &NumberOfByte);
//创建远程线程
hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)mFuncAddr,
ParamAddr,0,&NumberOfByte);
WaitForSingleObject(hThread, INFINITE); //等待线程结束
//释放申请有内存
VirtualFreeEx(hProcess,mFuncAddr,128,MEM_RELEASE);
VirtualFreeEx(hProcess,ParamAddr,ParamSize,MEM_RELEASE);
//释放远程句柄
CloseHandle(hThread);
CloseHandle(hProcess);
}
没有问题,都可以使用但是我把他写成了功能写成了DLL 再使用C#来调用,只要一调用,被注入的程序就直接死掉了,这个是怎么回事
你应该注入将mFunc 写到DLL中,然后让对方程序调用 LoadLibrary 将你的DLL加载到他内存中,然后再进入的时候调用你的myFunc