a4651387 2015-03-06 07:39 采纳率: 0%
浏览 2313

在win7下面写了个dll注入工具,调试没有问题,就是注入不进去,求助

附上代码:
void CsqdllDlg::OnBnClickedButton1()//注入
{
// TODO: Add your control notification handler code here
int pid;
CString char_pid,dllname;
m_UID.GetWindowText(char_pid);
m_DllNames.GetWindowText(dllname);
pid=atoi(char_pid);
InjectDll((DWORD)pid, (LPSTR)(LPCTSTR)dllname);
}

void CsqdllDlg::OnBnClickedButton2()//卸载
{
// TODO: Add your control notification handler code here
int pid;
CString char_pid,dllname;
m_UID.GetWindowText(char_pid);
m_DllNames.GetWindowText(dllname);
pid=atoi(char_pid);
UnInjectDll((DWORD)pid, (LPSTR)(LPCTSTR)dllname);
}

void CsqdllDlg::InjectDll(DWORD dwPid, char * szDllName)//注入
{
if (dwPid==0||strlen(szDllName)==0)
{
return ;
}
char *pFunName="LoadLibraryA";//载入dll
HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwPid);//开启进程,获取全部权限
if (hProcess==NULL)
{
return ;
}
int nDllLen=strlen(szDllName)+sizeof(char);
PVOID pDllAddr=VirtualAllocEx(hProcess,NULL,nDllLen,MEM_COMMIT,PAGE_READWRITE);//申请内存(虚拟的),为特定的页面区域分配内存中或磁盘的页面文件中的物理存储,区域包含可被系统执行的代码。试图读写该区域的操作将被拒绝
if (pDllAddr==NULL)
{
CloseHandle(hProcess);
return ;
}
DWORD dwWriteNum=0;
WriteProcessMemory(hProcess,pDllAddr,szDllName,nDllLen,&dwWriteNum);//写入dll地址
FARPROC pFunAddr=GetProcAddress(GetModuleHandle("kernel32.dll"),pFunName);//获取载入函数地址
HANDLE hThread=CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)pFunAddr,pDllAddr,0,NULL);//远程线程
WaitForSingleObject(hThread,INFINITE);//检测信号状态
CloseHandle(hThread);
CloseHandle(hProcess);

}

void CsqdllDlg::UnInjectDll(DWORD dwPid, char * szDllName)//卸载

{

HANDLE hSnap=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,dwPid);//获取系统快照
MODULEENTRY32 Me32={0};
Me32.dwSize=sizeof(MODULEENTRY32);
BOOL bRet=Module32First(hSnap,&Me32);//遍历进程,获取进程信息
while(bRet)
{
    if (strcmp(Me32.szExePath,szDllName)==0)
    {
        break;
    }
    bRet=Module32Next(hSnap,&Me32);//
}
CloseHandle(hSnap);
char *pFunName="FreeLibrary";//卸载dll
HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwPid);





FARPROC pFunAddr =GetProcAddress(GetModuleHandle("kernel32.dll"),pFunName);
HANDLE  hThread=CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)pFunAddr,Me32.hModule,0,NULL);
WaitForSingleObject(hThread,INFINITE);
CloseHandle(hThread);
CloseHandle(hProcess);

}

  • 写回答

1条回答 默认 最新

  • oyljerry 2015-03-06 12:50
    关注

    用管理员admin运行exe来执行注入

    评论

报告相同问题?

悬赏问题

  • ¥15 求解O-S方程的特征值问题给出边界层布拉休斯平行流的中性曲线
  • ¥15 谁有desed数据集呀
  • ¥20 手写数字识别运行c仿真时,程序报错错误代码sim211-100
  • ¥15 关于#hadoop#的问题
  • ¥15 (标签-Python|关键词-socket)
  • ¥15 keil里为什么main.c定义的函数在it.c调用不了
  • ¥50 切换TabTip键盘的输入法
  • ¥15 可否在不同线程中调用封装数据库操作的类
  • ¥15 微带串馈天线阵列每个阵元宽度计算
  • ¥15 keil的map文件中Image component sizes各项意思