#include
#include
#include
using namespace std;
typedef VOID (*PFUNMSG)(char*);
DWORD GetProcId(char *szProcessName){
BOOL bRet;
PROCESSENTRY32 pe32;
HANDLE hSnap;
hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
pe32.dwSize = sizeof(pe32);
bRet = Process32First(hSnap, &pe32);
while(bRet){
//strupr()转化为大写
if( strcmp(strupr(pe32.szExeFile),strupr(szProcessName)) == 0 ){
return pe32.th32ProcessID;
}
bRet = Process32Next(hSnap, &pe32);
}
return 0;
}
VOID InjectDll(DWORD dwPid, char *szDllName)
{
if( dwPid == 0 || lstrlen(szDllName) == 0)
{
cout<<lstrlen(szDllName)<<"\t"<<dwPid ;
return ;
}
char *pFunName = "LoadLibraryA";
HANDLE hProcess = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE,FALSE, dwPid);
if(hProcess == NULL)
{
cout<<"打开进程失败";
return ;
}
int nDllLen = lstrlen(szDllName) + sizeof(char);
PVOID pDllAddr = VirtualAllocEx(hProcess,NULL,nDllLen,MEM_COMMIT,PAGE_READWRITE);
if ( pDllAddr == NULL)
{
CloseHandle (hProcess);
cout<<"获取虚拟内存地址失败"<<endl;
return ;
}
DWORD dwWriteNum = 0;
WriteProcessMemory(hProcess, pDllAddr, szDllName, nDllLen, &dwWriteNum);
FARPROC pFunAddr = GetProcAddress(GetModuleHandle("kernel32.dll"),pFunName);
HANDLE hThread = CreateRemoteThread(hProcess,NULL, 0, (LPTHREAD_START_ROUTINE)pFunAddr, pDllAddr, 0, NULL);
cout<<"hThread";
WaitForSingleObject(hThread,INFINITE);
CloseHandle(hThread);
CloseHandle(hProcess);
cout<<"InjectDll结束"<<endl;
system("pause");
}
char szDllName[200];
TCHAR szProcessName[200];
DWORD dwpid = 0;
void main(){
HMODULE hModule = LoadLibrary("C:\Users\Li Panda\Desktop\Dll.dll");
cout<<hModule;
if( hModule == NULL)
{
MessageBox(NULL,"( ⊙ o ⊙ )啊!","没找着",MB_OK);
return ;
}//这边尝试了一下,发现DLL是能用的
cout<<"输入DLL完整路径"<
cin>>szDllName;
cin.ignore(1000, '\n');
cout<<"输入进程名称"<
cin>>szProcessName;
dwpid = GetProcId(szProcessName);
InjectDll(dwpid, szDllName);
}
最后一行InjectDll 函数最后cout一个injectdll结束
每次点开程序都能injectdll结束
(目标程序是notepad.exe)
然而并没有出发DLL_PROCESS_ATTACH中写的函数
求救
