windows dll injection target process

Others 2020-01-24 20:19:39 views: null

In other dll injection procedure

Step:
 1 , obtaining the target process ID, CreateToolhelp32Snapshot () function;
 2 , obtaining the target process handle, the OpenProcess () function;
 3 , the target process to a memory, VirtualAllocEx () function, not the VirtualAlloc () function;
 4 , to be used to memory write target file name of dll to be injected, WriteProcessMemory;
 . 5 , get kernel32 module handle, the GetModuleHandle () function;
 6 , in the module of LoadLibraryA kernel32 get () function address, the GetProcAddress () function;
 7 , the injection dll target process, CreateRemoteThread () function

Get the process ID of the method:

DWORD GetPid(const TCHAR* pDest)
{
    HANDLE hProcessHandle;
    PROCESSENTRY32 pe32 = {0};

    hProcessHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    if (hProcessHandle == INVALID_HANDLE_VALUE)
    {
        return FALSE;
    }
    pe32.dwSize = sizeof(PROCESSENTRY32);

    while (Process32Next(hProcessHandle,&pe32))
    {
        //printf("%s\n", pe32.szExeFile);
        if (wcscmp(pe32.szExeFile,pDest)==0)
        {    
            CloseHandle(hProcessHandle);
            return pe32.th32ProcessID;
            wcout << pe32.szExeFile << ":" << pe32.th32ProcessID << endl;
        }
        
    }
    return 0;

}

Injection process, packaging methods:

BOOL LoadDll(DWORD pID,const TCHAR* pName)
{
    HANDLE hDestProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);

    DWORD pLEN = wcslen(pName)+1;
    LPVOID lpStart =  VirtualAllocEx(hDestProcess, NULL, pLEN, MEM_COMMIT, PAGE_READWRITE);
    BOOL bRET = WriteProcessMemory(hDestProcess, lpStart, pName, pLEN, NULL);
    if (!bRET)
    {
        cout << "writeprocessmemory failed error : %d" << GetLastError() << endl;
        CloseHandle(hDestProcess);
        return FALSE;
    }
    HMODULE hModule = GetModuleHandle(TEXT("Kernel32.dll"));
    if (!hModule)
    {
        cout << "get kernel32 failed error :" << GetLastError() << endl;
        CloseHandle(hDestProcess);
        return FALSE;
    }
    DWORD f = (DWORD)GetProcAddress(hModule, "LoadLibraryA");
    if (!f)
    {
        cout << "get loadLibraryA failed error :" << GetLastError() << endl;
        CloseHandle(hDestProcess);
        CloseHandle(hModule);
        return FALSE;
    }
    CreateRemoteThread(hDestProcess,NULL,0, (LPTHREAD_START_ROUTINE)f,lpStart,NULL,NULL);
    CloseHandle(hDestProcess);
    CloseHandle(hModule);
    return TRUE;
}

 

Guess you like

Origin www.cnblogs.com/a-s-m/p/12232442.html
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com