注入都是可以成功的也是可以执行的，通过了测试，但是我把一个Win32窗口程序注入控制台程序,Win32窗口程序却弹不出窗口不知道为什么？
而且吧一个控制台循环产生MessageBox的程序，注入Win32成功 会不停打印MessageBox，求教一个看雪的大佬们，以前辈们见多识广的眼光，如果能指点一二，相信对我就收获良多，下面的代码共享了自己写的没参考 注入了两次镜像傻的狠,希望也能对一些朋友产生一些帮助 ,还有程序里的开辟的指针都么有释放，时间紧

// 内存写入注入进程.cpp : Defines the entry point for the console application.
//

// 贴入exe.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"

#include <Windows.h>

#define PID 0x9E8

#define EXEPATH "C:\Documents and Settings\Administrator\桌面\测试贴入.exe"

#define SAVE "C:\Documents and Settings\Administrator\桌面\1111.exe"

#define BASE 0x1000000
char Mem1=NULL; //读取磁盘文件的FileBuf
char Mem2=NULL; //将磁盘问的Filebuf拉伸成ImageBuf
char* Mem3=NULL; //自己进程的Imagebase 因为IAT表代表在自己的进程中
DWORD FileSize=0;
DWORD ImageBase=0;
DWORD SizeofImage=0;

DWORD CurrentImageBase=0;
DWORD CuurentSizeofImage=0;
DWORD OEP=0;
HANDLE Heap=0;

int SaveFile();
int RestoreIATTaber(DWORD MemBase);
int ImageBuffToFileBuff();
int RestoreReLcationTaber(DWORD MemAddr,DWORD NewImagebase,DWORD loImageBase);

int ReadCurrentImageBuff(){
HMODULE Hmoudle=GetModuleHandle(NULL);
if(NULL==Hmoudle){
MessageBox(NULL,"获取当前进程模块失败",0,0);
return 0;
}
PIMAGE_DOS_HEADER PeStructDosHeader=NULL;
PIMAGE_FILE_HEADER PeStructFileHeader=NULL;
PIMAGE_OPTIONAL_HEADER PeStructOptionHeader=NULL;

}
int ReadData(){
HANDLE hFile=CreateFile(EXEPATH,
GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_READ|FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if(NULL==hFile){
MessageBox(NULL,"打开文件失败",0,0);
return 0;
}
FileSize=GetFileSize(hFile,NULL);
if(INVALID_FILE_SIZE==FileSize){
MessageBox(NULL,"获取函数大小失败",0,0);
CloseHandle(hFile);
return 0;
}
Heap=HeapCreate(0,FileSize,0);
if(NULL==Heap){
MessageBox(NULL,"创建进程私有堆失败",0,0);
CloseHandle(hFile);
return 0;
}

}
DWORD GetSizeofImagSize(){
PIMAGE_DOS_HEADER PeStructDosHeader=NULL;
PIMAGE_FILE_HEADER PeStructFileHeader=NULL;
PIMAGE_OPTIONAL_HEADER PeStructOptionHeader=NULL;

}
DWORD MallocMemroy(){

}
int FIleBufToImageBuff(){
PIMAGE_DOS_HEADER PeStructDosHeader=NULL;
PIMAGE_FILE_HEADER PeStructFileHeader=NULL;
PIMAGE_OPTIONAL_HEADER PeStructOptionHeader=NULL;
PIMAGE_SECTION_HEADER PeStructSetionHeader=NULL;

}
int InjectMem2(HANDLE hProcess){ //Mem2 注入磁盘文件
char Dest2=(char)VirtualAllocEx(hProcess,NULL,SizeofImage,MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if(NULL==Dest2){
MessageBox(NULL,"目标进程开辟第一块空间失败",0,0);
return 0;
}
if(!RestoreReLcationTaber((DWORD)Mem2,(DWORD)Dest2,ImageBase)){
return 0;
}
DWORD length=0;
if(!WriteProcessMemory(hProcess,Dest2,Mem2,SizeofImage,&length)){
int c=GetLastError();
MessageBox(NULL,"向目标进程中写入镜像失败",0,0);
return 0;
}
if(ImageBase==length){
MessageBox(NULL,"向目标进程中写入字节数不对",0,0);
return 0;
}
memset(Mem2,0,SizeofImage);
if(!ReadProcessMemory(hProcess,Dest2,Mem2,SizeofImage,&length)){
MessageBox(NULL,"读取目表进程内容失败",0,0);
return 0;
}
if(ImageBase==length){
MessageBox(NULL,"从目标进程中读取字节数不对",0,0);
return 0;
}

}
int InjectMem3(HANDLE hProcess,DWORD PosBase){ //注入字节 Mem3是自己
char Dest1=(char)VirtualAllocEx(hProcess,NULL,CuurentSizeofImage,MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if(NULL==Dest1){
MessageBox(NULL,"目标进程开辟第一块空间失败",0,0);
return 0;
}
if(!RestoreReLcationTaber((DWORD)Mem3,(DWORD)Dest1,CurrentImageBase)){
return 0;
}
DWORD length=0;
if(!WriteProcessMemory(hProcess,Dest1,Mem3,CuurentSizeofImage,&length)){
int c=GetLastError();
MessageBox(NULL,"向目标进程中写入镜像失败",0,0);
return 0;
}
if(ImageBase==length){
MessageBox(NULL,"向目标进程中写入字节数不对",0,0);
return 0;
}

}
int OpenDestProcess(){
HANDLE hProcess=OpenProcess( PROCESS_ALL_ACCESS,FALSE,PID);
if(NULL==hProcess){
MessageBox(NULL,"打开进程失败",0,0);
return 0;
}
DWORD Pos=0;
if(!(Pos=InjectMem2(hProcess))){ //先注入磁盘镜像
return 0;
}
if(!(InjectMem3(hProcess,Pos))){ //在注入自己的镜像
return 0;
}

}
int RestoreReLcationTaber(DWORD MemAddr,DWORD NewImagebase,DWORD oldImageBase){
PIMAGE_DOS_HEADER PeStructDosHeader=NULL;
PIMAGE_FILE_HEADER PeStructFileHeader=NULL;
PIMAGE_OPTIONAL_HEADER PeStructOptionHeader=NULL;
PIMAGE_BASE_RELOCATION PeStructReLocatHeader=NULL;

}
int RestoreIATTaber(DWORD MemBase){

}
int ImageBuffToFileBuff(){
PIMAGE_DOS_HEADER PeStructDosHeader=NULL;
PIMAGE_FILE_HEADER PeStructFileHeader=NULL;
PIMAGE_OPTIONAL_HEADER PeStructOptionHeader=NULL;
PIMAGE_SECTION_HEADER PeStructSetionHeader=NULL;

}
int SaveFile(){
HANDLE hFile=CreateFile(SAVE,
GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_READ|FILE_SHARE_WRITE,
NULL,
CREATE_ALWAYS, //如果文件存在则重写
FILE_ATTRIBUTE_NORMAL,
NULL);
if(NULL==hFile){
MessageBox(NULL,"打开文件失败",0,0);
return 0;
}
DWORD Size=0;

}

int main(int argc, char* argv[])
{
if(!ReadCurrentImageBuff()){ //读取自己的imagebuf 到mem3内存没有修复重定位
return 0;
}
if(!ReadData()){ //读取磁盘上一个文件的FIleBuf 保存在开辟Mem1空间中个
return 0;
}
GetSizeofImagSize(); //获取这个磁盘的OEP imagebase sizeof等信息
if(!MallocMemroy()){ //开辟一个Mem3准备保存 Mem1拉伸后的内容
return 0;
}
FIleBufToImageBuff(); //将FIleBuf拉伸成 ImageBuf 并保存在Mme2中 此时Mme2和Mem3都没修复重定位

#if 0
if(!RestoreIATTaber()){
return -4;
}
if(!RestoreReLcationTaber()){ //修复重定位
return 0;
}
ImageBuffToFileBuff();
if(!SaveFile()){
return -5;
}

#endif
OpenDestProcess();

}

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！