dword getprocessidbyname(lpctstr szprocess)//注意要加exe字尾
} while (process32next(hsnapshot,&pe32));
closehandle(hsnapshot);
return dwret;
}
bool inject(lpctstr szmodule, dword dwid)
int cbyte = (_tcslen(szmodule)+1) * sizeof(tchar);
lpvoid paddr = virtualallocex(hprocess, null, cbyte, mem_commit, page_readwrite);
if ( !paddr || !writeprocessmemory(hprocess, paddr, szmodule, cbyte, null))
#ifdef _unicode
pthread_start_routine pfnstartaddr = (pthread_start_routine)getprocaddress(getmodulehandle(_t("kernel32")), "loadlibraryw");
#else
pthread_start_routine pfnstartaddr = (pthread_start_routine)getprocaddress(getmodulehandle(_t("kernel32")), "loadlibrarya");
#endif
總是被對映到相同的位址
if ( !pfnstartaddr )
dword dwthreadid = 0;
handle hremotethread = createremotethread(hprocess, null, 0, pfnstartaddr, paddr, 0, &dwthreadid);
if ( !hremotethread )
waitforsingleobject(hremotethread,infinite);
virtualfreeex(hprocess,paddr,cbyte,mem_commit);
closehandle(hremotethread);
closehandle(hprocess);
return true;
}
簡單提權函式
bool enableprivilege(lpctstr lpszprivilegename, bool benable)
bool unloaddll(lpctstr szdllname, dword dwid)//要解除安裝的dll名,程序pid
int cbyte = (_tcslen(szdllname)+1) * sizeof(tchar);
lpvoid paddr = virtualallocex(hprocess, null, cbyte, mem_commit, page_readwrite);
if ( !paddr || !writeprocessmemory(hprocess, paddr, szdllname, cbyte, null))
#ifdef _unicode
pthread_start_routine pfnstartaddr = (pthread_start_routine)getmodulehandlew;
#else
pthread_start_routine pfnstartaddr = (pthread_start_routine)getmodulehandlea;
#endif
總是被對映到相同的位址
if ( !pfnstartaddr )
dword dwthreadid = 0,dwfreeid=0,dwhandle;
handle hremotethread = createremotethread(hprocess, null, 0, pfnstartaddr, paddr, 0, &dwthreadid);
if ( !hremotethread )
waitforsingleobject(hremotethread,infinite);
// 獲得getmodulehandle的返回值
getexitcodethread(hremotethread,&dwhandle);
closehandle(hremotethread);
// 使目標程序呼叫freelibrary,解除安裝dll
#ifdef _unicode
pthread_start_routine pfnfreeaddr = (pthread_start_routine)freelibrary;
#else
pthread_start_routine pfnfreeaddr = (pthread_start_routine)freelibrary;
#endif
handle hfreethread = createremotethread(hprocess, null, 0, pfnfreeaddr,(lpvoid)dwhandle,0,&dwfreeid);
if ( !hfreethread )
waitforsingleobject(hfreethread,infinite);
virtualfreeex(hprocess,paddr,cbyte,mem_commit);
closehandle(hfreethread);
closehandle(hprocess);
return true;
}
遠端注入與解除安裝DLL
提公升本程序許可權 bool getprivilege closehandle tokenhandle return bret 注入dll dllpath為dll的絕對路徑 bool injectdll dword pid,ptchar dllpath,int maxpathlen virtualf...
C 動態載入解除安裝 DLL
我最近做的軟體,需要檢測dll或exe是否混淆,需要反射獲得類名,這時發現,c 可以載入dll,但不能解除安裝dll。於是在網上找到乙個方法,可以動態載入dll,不使用時可以解除安裝。我在寫乙個wpf 程式,發現可以通過assembly.load載入 dll,但是如何解除安裝dll?下面就來說下如何...
DLL注入與解除安裝
dll注入可用於編寫外掛程式和病毒不易發現。void cinjectdlltooldlg startinject char path,int pid 在該程序申請記憶體,用來存放path資料 lpvoid dlladdr virtualallocex hpro,null,pathlen,mem co...