|
|
5鱼币
无法注入dll,注入过程中没有发现任何错误,我的电脑是x64的,平台也是换成了x64,好像还是没用
exe代码:#include<Windows.h>
#include<Stdio.h>
#include<Psapi.h>
#include<TlHelp32.h>
DWORD GetProcessID(char *name)
{
HANDLE snapshot;
PROCESSENTRY32 processinfo;
processinfo.dwSize = sizeof(processinfo);
snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (snapshot == NULL)
return FALSE;
BOOL status = Process32First(snapshot, &processinfo);
while (status)
{
if (_stricmp(name, processinfo.szExeFile) == 0)
return processinfo.th32ProcessID;
status = Process32Next(snapshot, &processinfo);
}
return -1;
}
int main()
{
DWORD Processid;
CHAR name[1000];
CHAR DllName[1000];
DWORD dwProcessId;
HANDLE hProcess;
TCHAR* pDllName;
BOOL bSuccess;
HANDLE hThread;
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
printf("输入要注入的程序名称:");
scanf("%s", name);
dwProcessId = GetProcessID(name);
strcpy(DllName, "HOOK.dll");
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
printf("打开令牌失败,错误代码:%d", GetLastError());
Sleep(3000);
return 0;
}
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue))
{
CloseHandle(hToken);
printf("提权失败,错误代码:%d", GetLastError());
Sleep(3000);
return 0;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL))
{
CloseHandle(hToken);
printf("提权失败,错误代码:%d", GetLastError());
Sleep(3000);
return 0;
}
hProcess = OpenProcess(
PROCESS_CREATE_THREAD |
PROCESS_VM_OPERATION |
PROCESS_VM_WRITE,
FALSE, dwProcessId);
if (hProcess == NULL)
{
printf("打开进程失败,错误代码:%d", GetLastError());
Sleep(3000);
return 0;
}
pDllName = (TCHAR*)VirtualAllocEx(hProcess,
NULL,
strlen(DllName),
MEM_COMMIT,
PAGE_READWRITE);
if (pDllName == NULL)
{
printf("分配内存失败,错误代码:%d", GetLastError());
Sleep(3000);
return 0;
}
bSuccess = WriteProcessMemory(hProcess,
(LPVOID)pDllName,
&DllName,
strlen(DllName),
NULL);
if (bSuccess == 0)
{
printf("写入内存失败,错误代码:%d", GetLastError());
Sleep(3000);
return 0;
}
PTHREAD_START_ROUTINE pfnThreadRtn = (PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(TEXT("Kernel32.dll")), "LoadLibraryW");
if (pfnThreadRtn == NULL)
{
printf("获取LoadLinrary地址失败,错误代码:%d", GetLastError());
Sleep(3000);
return 0;
}
hThread = CreateRemoteThread(hProcess,
NULL,
0,
pfnThreadRtn,
pDllName,
0,
NULL);
if (hThread == NULL)
{
printf("创建远程线程失败,错误代码:%d", GetLastError());
Sleep(3000);
return 0;
}
WaitForSingleObject(hThread, INFINITE);
VirtualFreeEx(hProcess,
&pDllName,
strlen(DllName),
MEM_RELEASE);
printf("成功将HOOK.dll注入到目标进程中");
Sleep(INFINITE);
WaitForSingleObject(hThread, INFINITE);
return 0;
}
#include<windows.h>
LRESULT WINAPI MsgProc(int, WPARAM, LPARAM);
HHOOK g_hHook = NULL;
HINSTANCE g_hInstance;
BOOL WINAPI DllMain(HINSTANCE hInstanceDll, DWORD fdwReason, PVOID ImpLoad)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
g_hInstance = hInstanceDll;
g_hHook = SetWindowsHookEx(WH_GETMESSAGE, MsgProc, hInstanceDll, 0);
MessageBox(NULL, TEXT("学编程到鱼C论坛\nbbs.fishc.com\n按“确认打开bbs.fishc.com”"), TEXT("提醒"), MB_OK | MB_ICONEXCLAMATION);
system("start bbs.fishc.com");
return TRUE;
case DLL_PROCESS_DETACH:
UnhookWindowsHookEx(g_hHook);
}
}
LRESULT WINAPI MsgProc(int nCode, WPARAM wParam, LPARAM lParam)
{
MessageBox(NULL, TEXT("学编程到鱼C论坛\nbbs.fishc.com\n按“确认打开bbs.fishc.com”"), TEXT("提醒"), MB_OK | MB_ICONEXCLAMATION);
system("start bbs.fishc.com");
return CallNextHookEx(g_hHook, nCode, wParam, lParam);
}
输出:
求大神帮忙! |
|
( 粤ICP备18085999号-1 | 粤公网安备 44051102000585号)
狗仔卡
发表于 2016-8-19 09:22:36
置顶卡
千斤顶
显身卡
楼主
发表于 2016-8-19 10:24:45