C++编写的DLL注入源吗
关注+2009-11-02作者:
在学习C++中DLL部分时,常因为DLL程序难以直接运行而郁闷,但又感到DLL的确是一个强大的功能,后来自己写了一个专门用来注入DLL到其它进程的工具,大大方便了DLL的调试。你可以自己写一个DLL,然后用这个注入工具把它注入到新打开的一个记事本程序(当然你也可以注入到Explorer.exe中)中观察DLL的运行情况,观察完后只要关闭那个记事本程序即可。十分方便。
一。先用MFC创建一个对话框程序。如下图:
二。首选创建全局变量:
CString strDll;
CListBox *lb=new CListBox;
CString str;
CListBox *lb=new CListBox;
CString str;
三。各个Button的代码如下:
void CMyDlg::OnButton1()
{
// TODO: Add your control notification handler code here
CFileDialog cfd(TRUE,NULL,NULL,0,"动态链接库文件 (*.dll)|*.dll",NULL);
if(cfd.DoModal()==IDOK)
{
strDll=cfd.GetPathName();
SetDlgItemText(IDC_EDIT1,strDll);
}
}
{
// TODO: Add your control notification handler code here
CFileDialog cfd(TRUE,NULL,NULL,0,"动态链接库文件 (*.dll)|*.dll",NULL);
if(cfd.DoModal()==IDOK)
{
strDll=cfd.GetPathName();
SetDlgItemText(IDC_EDIT1,strDll);
}
}
void CMyDlg::OnButton2()
{
// TODO: Add your control notification handler code here
int i=lb->GetCurSel();
lb->GetText(i,str);
SetDlgItemText(IDC_EDIT2,str);
}
{
// TODO: Add your control notification handler code here
int i=lb->GetCurSel();
lb->GetText(i,str);
SetDlgItemText(IDC_EDIT2,str);
}
void CMyDlg::OnButton3()
{
// TODO: Add your control notification handler code here
CString strName;
GetDlgItemText(IDC_EDIT1,strDll);
GetDlgItemText(IDC_EDIT2,strName);
if(strName=="System" || strName=="[System Process]")
{
MessageBox("当前进程不能被注入!",NULL,MB_OK | MB_ICONERROR);
SetDlgItemText(IDC_EDIT2,"");
strName="";
return ;
}
if(strName=="注入工具.EXE")
{
MessageBox("你有病哇?注入到自己?",NULL,MB_OK | MB_ICONERROR);
SetDlgItemText(IDC_EDIT2,"");
strName="";
return;
}
if(strDll=="" || strName=="")
{
MessageBox("请正确输入!","错误",MB_OK | MB_ICONWARNING);
}
else
{
BOOL blIsfind=FALSE;
HANDLE hSnapshot=NULL;
DWORD dwProcessID;
PROCESSENTRY32 pe;
pe.dwSize=sizeof(PROCESSENTRY32);
HANDLE hProcess=NULL;
HANDLE hThread=NULL;
hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
Process32First(hSnapshot,&pe);
do
{
if(lstrcmpi(pe.szExeFile,strName)==0)
{
//MessageBox(strName+"程序正在运行!");
dwProcessID=pe.th32ProcessID;
blIsfind=TRUE;
break;
}
}while(Process32Next(hSnapshot,&pe));
if(blIsfind==FALSE)
{
MessageBox("没有发现"+strName+"程序!");
CloseHandle(hSnapshot);
exit(0);
}
CloseHandle(hSnapshot);
hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessID);
LPSTR lpDllName=(LPSTR)strDll.GetBuffer(strDll.GetLength());
DWORD dwSize,dwWritten;
dwSize=lstrlenA(lpDllName)+1;
LPVOID lpBuf=VirtualAllocEx(hProcess,NULL,dwSize,MEM_COMMIT,PAGE_READWRITE);
if(NULL==lpBuf)
{
CloseHandle(hProcess);
MessageBox("分配内存空间失败!");
exit(0);
}
if(WriteProcessMemory(hProcess,lpBuf,(LPVOID)lpDllName,dwSize,&dwWritten))
{
if(dwWritten!=dwSize)
{
VirtualFreeEx(hProcess,lpBuf,dwSize,MEM_DECOMMIT);
CloseHandle(hProcess);
MessageBox("写入内存失败!");
exit(0);
}
}
else
{
CloseHandle(hProcess);
}
DWORD dwID;
LPVOID pFunc=LoadLibraryA;
hThread=CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)pFunc,lpBuf,0,&dwID);
WaitForSingleObject(hThread,INFINITE);
VirtualFreeEx(hProcess,lpBuf,dwSize,MEM_DECOMMIT);
CloseHandle(hThread);
CloseHandle(hProcess);
MessageBox("注入成功!");
}
}
{
// TODO: Add your control notification handler code here
CString strName;
GetDlgItemText(IDC_EDIT1,strDll);
GetDlgItemText(IDC_EDIT2,strName);
if(strName=="System" || strName=="[System Process]")
{
MessageBox("当前进程不能被注入!",NULL,MB_OK | MB_ICONERROR);
SetDlgItemText(IDC_EDIT2,"");
strName="";
return ;
}
if(strName=="注入工具.EXE")
{
MessageBox("你有病哇?注入到自己?",NULL,MB_OK | MB_ICONERROR);
SetDlgItemText(IDC_EDIT2,"");
strName="";
return;
}
if(strDll=="" || strName=="")
{
MessageBox("请正确输入!","错误",MB_OK | MB_ICONWARNING);
}
else
{
BOOL blIsfind=FALSE;
HANDLE hSnapshot=NULL;
DWORD dwProcessID;
PROCESSENTRY32 pe;
pe.dwSize=sizeof(PROCESSENTRY32);
HANDLE hProcess=NULL;
HANDLE hThread=NULL;
hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
Process32First(hSnapshot,&pe);
do
{
if(lstrcmpi(pe.szExeFile,strName)==0)
{
//MessageBox(strName+"程序正在运行!");
dwProcessID=pe.th32ProcessID;
blIsfind=TRUE;
break;
}
}while(Process32Next(hSnapshot,&pe));
if(blIsfind==FALSE)
{
MessageBox("没有发现"+strName+"程序!");
CloseHandle(hSnapshot);
exit(0);
}
CloseHandle(hSnapshot);
hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessID);
LPSTR lpDllName=(LPSTR)strDll.GetBuffer(strDll.GetLength());
DWORD dwSize,dwWritten;
dwSize=lstrlenA(lpDllName)+1;
LPVOID lpBuf=VirtualAllocEx(hProcess,NULL,dwSize,MEM_COMMIT,PAGE_READWRITE);
if(NULL==lpBuf)
{
CloseHandle(hProcess);
MessageBox("分配内存空间失败!");
exit(0);
}
if(WriteProcessMemory(hProcess,lpBuf,(LPVOID)lpDllName,dwSize,&dwWritten))
{
if(dwWritten!=dwSize)
{
VirtualFreeEx(hProcess,lpBuf,dwSize,MEM_DECOMMIT);
CloseHandle(hProcess);
MessageBox("写入内存失败!");
exit(0);
}
}
else
{
CloseHandle(hProcess);
}
DWORD dwID;
LPVOID pFunc=LoadLibraryA;
hThread=CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)pFunc,lpBuf,0,&dwID);
WaitForSingleObject(hThread,INFINITE);
VirtualFreeEx(hProcess,lpBuf,dwSize,MEM_DECOMMIT);
CloseHandle(hThread);
CloseHandle(hProcess);
MessageBox("注入成功!");
}
}
void CMyDlg::OnButton4()
{
// TODO: Add your control notification handler code here
exit(0);
}
{
// TODO: Add your control notification handler code here
exit(0);
}
void CMyDlg::OnButton5()
{
// TODO: Add your control notification handler code here
reflash(); //reflash()过程应在调用之前,为了方便写在了后面
{
// TODO: Add your control notification handler code here
reflash(); //reflash()过程应在调用之前,为了方便写在了后面
}
void reflash()
{
int len=0;
len=lb->GetCount();
int i;
for(i=0;i<len;i++)
{
lb->DeleteString(0);
}
HANDLE hSnapshot=NULL;
PROCESSENTRY32 pe;
pe.dwSize=sizeof(PROCESSENTRY32);
hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
Process32First(hSnapshot,&pe);
do
{
lb->AddString(pe.szExeFile);
{
int len=0;
len=lb->GetCount();
int i;
for(i=0;i<len;i++)
{
lb->DeleteString(0);
}
HANDLE hSnapshot=NULL;
PROCESSENTRY32 pe;
pe.dwSize=sizeof(PROCESSENTRY32);
hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
Process32First(hSnapshot,&pe);
do
{
lb->AddString(pe.szExeFile);
}while(Process32Next(hSnapshot,&pe));
CloseHandle(hSnapshot);
}
CloseHandle(hSnapshot);
}