-
-
DLL 注入工具(附源码),方便调试还未加载的DLL
-
发表于:
2007-4-11 04:43
10121
-
DLL 注入工具(附源码),方便调试还未加载的DLL
在调试很多软件时,程序加载后,很多DLL还未加载,此时没办法设置未加载的DLL中的断点,用这个工具可以解决(程序不能在挂起时加载)
枚举进程
HANDLE hSnapShot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hSnapShot!=INVALID_HANDLE_VALUE){
PROCESSENTRY32 ProcessEntry32;
ProcessEntry32.dwSize = sizeof(PROCESSENTRY32);
if(Process32First(hSnapShot, &ProcessEntry32)){
do{
...添加处理代码
}while(Process32Next(hSnapShot, &ProcessEntry32));
}
CloseHandle(hSnapShot);
}
注入(不支持WIN9X系统)
//打开目标进程
// 权限->PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|
PROCESS_VM_OPERATION|PROCESS_VM_WRITE|PROCESS_VM_READ
HANDLE hProcess=OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|
PROCESS_VM_OPERATION|PROCESS_VM_WRITE|PROCESS_VM_READ,
FALSE,pid);
if(!hProcess){SetStatusText(_T("无法打开目标进程!"));return;}
BOOL IsOk=FALSE;
//申请进程间的内存
LPVOID pFile=VirtualAllocEx(hProcess,NULL,++len,MEM_COMMIT,PAGE_READWRITE);
if(pFile){
//写入要注入DLL的完整路径
if(WriteProcessMemory(hProcess,pFile,buf,len,NULL)){
PTHREAD_START_ROUTINE pfnRemote =(PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(_T("KERNEL32.dll")),"LoadLibraryA");
//PTHREAD_START_ROUTINE pfnRemote =(PTHREAD_START_ROUTINE)&LoadLibraryA;
//创建远程线程
HANDLE hThread=::CreateRemoteThread(hProcess,NULL,0,
pfnRemote,pFile,0,NULL);
if(hThread){
//等待线程结束
WaitForSingleObject(hThread,INFINITE);
DWORD RetV;
//获取线程结束代码
if(GetExitCodeThread(hThread,&RetV)){
if(RetV)IsOk=TRUE;
}
CloseHandle(hThread);
}
}
//释放内存
VirtualFreeEx(hProcess,pFile,0,MEM_RELEASE);
}
//关闭句柄
CloseHandle(hProcess);
下载地址:
http://www.live-share.com/files/199074/InjectDLL.rar.html
注:代码只供参考,不能直接编译(因为没有使用标准库)
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
