遠端載入與解除安裝DLL

2021-05-27 18:02:22 字數 2863 閱讀 7444

dword getprocessidbyname(lpctstr szprocess)//注意要加exe字尾

} while (process32next(hsnapshot,&pe32));

closehandle(hsnapshot);

return dwret;

}

bool inject(lpctstr szmodule, dword dwid)

int cbyte = (_tcslen(szmodule)+1) * sizeof(tchar);

lpvoid paddr = virtualallocex(hprocess, null, cbyte, mem_commit, page_readwrite);

if ( !paddr || !writeprocessmemory(hprocess, paddr, szmodule, cbyte, null))

#ifdef _unicode

pthread_start_routine pfnstartaddr = (pthread_start_routine)getprocaddress(getmodulehandle(_t("kernel32")), "loadlibraryw");

#else

pthread_start_routine pfnstartaddr = (pthread_start_routine)getprocaddress(getmodulehandle(_t("kernel32")), "loadlibrarya");

#endif

總是被對映到相同的位址

if ( !pfnstartaddr )

dword dwthreadid = 0;

handle hremotethread = createremotethread(hprocess, null, 0, pfnstartaddr, paddr, 0, &dwthreadid);

if ( !hremotethread )

waitforsingleobject(hremotethread,infinite);

virtualfreeex(hprocess,paddr,cbyte,mem_commit);

closehandle(hremotethread);

closehandle(hprocess);

return true;

}

簡單提權函式

bool enableprivilege(lpctstr lpszprivilegename, bool benable)

bool unloaddll(lpctstr szdllname, dword dwid)//要解除安裝的dll名,程序pid

int cbyte = (_tcslen(szdllname)+1) * sizeof(tchar);

lpvoid paddr = virtualallocex(hprocess, null, cbyte, mem_commit, page_readwrite);

if ( !paddr || !writeprocessmemory(hprocess, paddr, szdllname, cbyte, null))

#ifdef _unicode

pthread_start_routine pfnstartaddr = (pthread_start_routine)getmodulehandlew;

#else

pthread_start_routine pfnstartaddr = (pthread_start_routine)getmodulehandlea;

#endif

總是被對映到相同的位址

if ( !pfnstartaddr )

dword dwthreadid = 0,dwfreeid=0,dwhandle;

handle hremotethread = createremotethread(hprocess, null, 0, pfnstartaddr, paddr, 0, &dwthreadid);

if ( !hremotethread )

waitforsingleobject(hremotethread,infinite);

// 獲得getmodulehandle的返回值

getexitcodethread(hremotethread,&dwhandle);

closehandle(hremotethread);

// 使目標程序呼叫freelibrary,解除安裝dll

#ifdef _unicode

pthread_start_routine pfnfreeaddr = (pthread_start_routine)freelibrary;

#else

pthread_start_routine pfnfreeaddr = (pthread_start_routine)freelibrary;

#endif

handle hfreethread = createremotethread(hprocess, null, 0, pfnfreeaddr,(lpvoid)dwhandle,0,&dwfreeid);

if ( !hfreethread )

waitforsingleobject(hfreethread,infinite);

virtualfreeex(hprocess,paddr,cbyte,mem_commit);

closehandle(hfreethread);

closehandle(hprocess);

return true;

}

遠端注入與解除安裝DLL

提公升本程序許可權 bool getprivilege closehandle tokenhandle return bret 注入dll dllpath為dll的絕對路徑 bool injectdll dword pid,ptchar dllpath,int maxpathlen virtualf...

C 動態載入解除安裝 DLL

我最近做的軟體,需要檢測dll或exe是否混淆,需要反射獲得類名,這時發現,c 可以載入dll,但不能解除安裝dll。於是在網上找到乙個方法,可以動態載入dll,不使用時可以解除安裝。我在寫乙個wpf 程式,發現可以通過assembly.load載入 dll,但是如何解除安裝dll?下面就來說下如何...

DLL注入與解除安裝

dll注入可用於編寫外掛程式和病毒不易發現。void cinjectdlltooldlg startinject char path,int pid 在該程序申請記憶體,用來存放path資料 lpvoid dlladdr virtualallocex hpro,null,pathlen,mem co...