void GetFullName(const char
*
name, char
*
fullName,
int
len
)
{
memset(fullName,
0
,
len
);
GetCurrentDirectory(
260
, fullName);
lstrcat(fullName,
"\\"
);
lstrcat(fullName, name);
OutputDebugString(fullName);
}
/
/
加载dll到目标进程
void AttachDll(HANDLE hProcess)
{
if
(NULL !
=
hProcess)
{
char path[
260
];
GetFullName(g_dllName, path,
260
);
OutputDebugString(path);
DetourContinueProcessWithDll(hProcess, path);
CloseHandle(hProcess);
}
}
/
/
设置调试权限
void SetDebugPrivileges()
{
TOKEN_PRIVILEGES tp;
HANDLE hToken;
HANDLE hCurProcess
=
::GetCurrentProcess();
if
(::OpenProcessToken(hCurProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
::LookupPrivilegeValue(
0
,
"SeDebugPrivilege"
, &tp.Privileges[
0
].Luid);
tp.PrivilegeCount
=
1
;
tp.Privileges[
0
].Attributes
=
SE_PRIVILEGE_ENABLED;
::AdjustTokenPrivileges(hToken, false, &tp,
0
,
0
,
0
);
}
}
PROCESS_INFORMATION pi;
DWORD WINAPI attchDll(LPVOID lParam)
{
char aimFile[
260
];
char configFile[
260
];
STARTUPINFO si;
SetDebugPrivileges();
/
/
启动目标客户端
memset(&si,
0
, sizeof(si));
GetStartupInfo(&si);
memset(&pi,
0
, sizeof(pi));
memset(aimFile,
0
,
260
);
strcpy(aimFile,
"C:\\Program Files (x86)\\Tencent\\WeChat\\Wechat.exe"
);
/
/
MessageBox(
0
,wowFile,
"path"
,
0
);
CreateProcess(
0
, aimFile,
0
,
0
,
0
,
0
,
0
,
0
, &si, &pi);
Sleep(
3000
);
/
/
启动外挂
memset(g_dllName,
0
,
260
);
strcpy(aimFile,
"sqliteReverse.dll"
);
AttachDll(pi.hProcess);
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
return
0
;
}