-
-
[求助]DLL注入的问题
-
发表于:
2010-5-8 21:12
15010
-
看一下下边的程序,为什么注入有些系统程序可以,而注入有些系统程不行?比如注入explorer.exe和winlogon.exe等,不能注入
程序清单如下:
#include<windows.h>
#include<stdio.h>
BOOL EnableDebugPrivilege()
{
HANDLE HToken = NULL;
LUID SaveDebugNameValue;
TOKEN_PRIVILEGES Token_Privilege;
if(0==OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&HToken))
{
return false;
}
if(0==LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&SaveDebugNameValue))
{
CloseHandle(HToken);
return false;
}
Token_Privilege.PrivilegeCount = 1;
Token_Privilege.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
Token_Privilege.Privileges[0].Luid = SaveDebugNameValue;
if(0==AdjustTokenPrivileges(HToken,false,&Token_Privilege,NULL,NULL,NULL))
{
CloseHandle(HToken);
return false;
}
CloseHandle(HToken);
return true;
}
int insert(DWORD pid)
{
HANDLE hThread=NULL;//远线程的句柄
HANDLE hProcess=NULL;//将注入的进程句柄
LPVOID lpDllRemotePath=NULL;//在进程申请得的空间
HMODULE hmodule=NULL;//模块句柄
FARPROC lfnAddr=NULL;//函数的地址
char szDllPathName[]="d:\\我的文档\\桌面\\myhook\\insertDll\\Debug\\insertDll.dll";
if(!EnableDebugPrivilege())
{
printf("提权失败!\n");
return 0;
}
hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,pid);//打开目标进程
DWORD havewrite,id;
if(hProcess==NULL)
{
printf("OpenProcess error!\n");
return 0;
}
lpDllRemotePath=VirtualAllocEx(hProcess,NULL,strlen(szDllPathName)+1,MEM_COMMIT,PAGE_READWRITE);//向进程中申请空间
if(lpDllRemotePath==NULL)
{
printf("VirtualAllocEx error!\n");
return 0;
}
if(!WriteProcessMemory(hProcess,lpDllRemotePath,(LPVOID)szDllPathName,strlen(szDllPathName)+1,&havewrite))
{
printf("writeprocessmemory error!\n");
return 0;
}
hmodule=(HMODULE)GetModuleHandle("kernel32.dll");
lfnAddr=GetProcAddress(hmodule,"LoadLibraryA");
hThread=CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)lfnAddr,(LPVOID)lpDllRemotePath,0,&id);
if(hThread==NULL)
{
printf("CreateRemoteThread error!\n");
return 0;
}
return 1;
}
void main()
{
int id;
printf("输入进程ID:");
scanf("%d",&id);
if(!insert((DWORD)id))
{
printf("注入失败!\n");
}
else
{
printf("注入成功\n");
}
}
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
