我用的是VS2008。。。dll文件随便生成的,没什么功能。。只想注入远程进程。。不知啥原因老是不成功。。
下面是从论坛上找的代码:
bool enableDebugPriv()//提权代码
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
return false;
}
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue)) {
CloseHandle(hToken);
return false;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL)) {
CloseHandle(hToken);
return false;
}
return true;
}
BOOL InjectDll(const LPCWSTR DllFullPath, const DWORD dwRemoteProcessId)
{
HANDLE hRemoteProcess;
LPVOID pszLibFileRemote;
PTHREAD_START_ROUTINE pfnStartAddr;
HANDLE hRemoteThread;
//打开目标进程 if((hRemoteProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwRemoteProcessId))==NULL)
{
return FALSE;
}
//申请存放dll文件名的路径
pszLibFileRemote = VirtualAllocEx( hRemoteProcess, NULL, lstrlen(DllFullPath)+1, MEM_COMMIT, PAGE_READWRITE);
if(pszLibFileRemote==NULL)
{
return FALSE;
}
//把dll的完整路径写入到内存,
if(WriteProcessMemory(hRemoteProcess,pszLibFileRemote,(LPVOID)DllFullPath,lstrlen((LPCWSTR)DllFullPath)+1,NULL) == 0)
{
return FALSE;
}
//得到LoadLibraryA函数地址
pfnStartAddr=(PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("Kernel32")),"LoadLibraryA");
if(pfnStartAddr == NULL)
{
return FALSE;
}
//启动远程线程
if( (hRemoteThread = CreateRemoteThread(hRemoteProcess,NULL,0, pfnStartAddr,pszLibFileRemote,0,NULL))==NULL)
{
return FALSE;
}
WaitForSingleObject(hRemoteThread,INFINITE);
{
if (pszLibFileRemote != NULL)
VirtualFreeEx(hRemoteProcess,(PVOID)pszLibFileRemote,0,MEM_RELEASE);
if (hRemoteThread != NULL)
CloseHandle(hRemoteThread);
if (hRemoteProcess != NULL)
CloseHandle(hRemoteProcess);
}
MessageBox(NULL,L"注入成功",L"kkk",0);
return TRUE;
}
InjectDll(L“c:\\fififi.dll”,进程ID);
编绎通过。。。用XueTr看不到自己的dll...
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)