|
30鱼币
- #include<windows.h>
- #include<stdio.h>
- BOOL EnableDebugPrivilege()
- {
- HANDLE HToken = NULL;
- LUID SaveDebugNameValue;
- TOKEN_PRIVILEGES Token_Privilege;
-
- if(0==OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&HToken))
- {
- return false;
- }
-
- if(0==LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&SaveDebugNameValue))
- {
- CloseHandle(HToken);
-
- return false;
- }
-
- Token_Privilege.PrivilegeCount = 1;
-
- Token_Privilege.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
-
- Token_Privilege.Privileges[0].Luid = SaveDebugNameValue;
-
- if(0==AdjustTokenPrivileges(HToken,false,&Token_Privilege,NULL,NULL,NULL))
- {
- CloseHandle(HToken);
-
- return false;
- }
-
- CloseHandle(HToken);
-
- return true;
- }
- int insert(DWORD pid)
- {
- HANDLE hThread=NULL;//远线程的句柄
- HANDLE hProcess=NULL;//将注入的进程句柄
- LPVOID lpDllRemotePath=NULL;//在进程申请得的空间
- HMODULE hmodule=NULL;//模块句柄
- FARPROC lfnAddr=NULL;//函数的地址
- char szDllPathName[]="d:\\我的文档\\桌面\\myhook\\insertDll\\Debug\\insertDll.dll";
- if(!EnableDebugPrivilege())
- {
- printf("提权失败!\n");
- return 0;
- }
- hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,pid);//打开目标进程
- DWORD havewrite,id;
- if(hProcess==NULL)
- {
- printf("OpenProcess error!\n");
- return 0;
- }
- lpDllRemotePath=VirtualAllocEx(hProcess,NULL,strlen(szDllPathName)+1,MEM_COMMIT,PAGE_READWRITE);//向进程中申请空间
- if(lpDllRemotePath==NULL)
- {
- printf("VirtualAllocEx error!\n");
- return 0;
- }
- if(!WriteProcessMemory(hProcess,lpDllRemotePath,(LPVOID)szDllPathName,strlen(szDllPathName)+1,&havewrite))
- {
- printf("writeprocessmemory error!\n");
- return 0;
- }
- hmodule=(HMODULE)GetModuleHandle("kernel32.dll");
- lfnAddr=GetProcAddress(hmodule,"LoadLibraryA");
- hThread=CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)lfnAddr,(LPVOID)lpDllRemotePath,0,&id);
- if(hThread==NULL)
- {
- printf("CreateRemoteThread error!\n");
- return 0;
- }
- return 1;
- }
- void main()
- {
- int id;
- printf("输入进程ID:");
- scanf("%d",&id);
- if(!insert((DWORD)id))
- {
- printf("注入失败!\n");
- }
- else
- {
- printf("注入成功\n");
- }
- }
复制代码 |
最佳答案
查看完整内容
您是没注入成功?
建议以后遇到这种问题时,先调试下,找到是在哪一步出错,就能更快解决
我在这里测试了下,注入这两个进程都没问题。您如果是XP环境,建议看下有没有开启dep保护,并且检查下dll是否存在
|