能力值:
( LV5,RANK:60 )
|
-
-
2 楼
我贴一下我程序的主要代码吧
while (TRUE)
{
//枚举所有的进程,查看PID是否与传进来的参数相等
hProcessSnap = ::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
bMore = ::Process32First(hProcessSnap, &pe32);
while (bMore)
{
//将进程名全部转为小写
for (unsigned int i = 0; i < strlen(pe32.szExeFile); i++)
{
pe32.szExeFile[i] = tolower((int)pe32.szExeFile[i]);
}
if (!strncmp(fileName, pe32.szExeFile, strlen(fileName)))
{
//打开目标进程,并获得所有权限
destProcess = ::OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
//看该进程是否已经加载了该模块
hModuleSnap = ::CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pe32.th32ProcessID);
bMod = ::Module32First(hModuleSnap, &me32);
while (bMod)
{
if (!strcmpi(me32.szExePath, pszDllName))
{
//若已经被加载,则不再执行加载操作
::MessageBox(NULL, "Have Load this Lib", "Load", MB_OK);
::CloseHandle(hModuleSnap);
goto OutGate;
}
bMod = ::Module32Next(hModuleSnap, &me32);
}
::CloseHandle(hModuleSnap);
pfnThreadRtn = (PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle("Kernel32.dll"), "LoadLibraryA");
//在目标进程申请空间,并将“DllHook.dll”写入到目标进程空间中
proAddr = ::VirtualAllocEx(destProcess, NULL, strlen(pszDllName)+1, MEM_COMMIT, PAGE_READWRITE);
if (!WriteProcessMemory(destProcess, proAddr, pszDllName, strlen(pszDllName)+1, &numWrite))
{
//写进程失败,输出提示信息,并不再对本进程操作
goto OutGate;
}
//将目标DLL注入到目标进程中
hThread = ::CreateRemoteThread(destProcess, NULL, 0, pfnThreadRtn, (char *)proAddr, 0, NULL);
if (hThread == NULL)
{
::CloseHandle(destProcess);
return;
}
::WaitForSingleObject(hThread, INFINITE);
::CloseHandle(hThread);
OutGate:
::CloseHandle(destProcess);
}
bMore = ::Process32Next(hProcessSnap, &pe32);
}
::CloseHandle(hProcessSnap);
//::Sleep(100);
}
|
|
|