-
-
DLL 注入工具(附源码),方便调试还未加载的DLL
-
发表于:
2007-4-11 04:43
10229
-
DLL 注入工具(附源码),方便调试还未加载的DLL
在调试很多软件时,程序加载后,很多DLL还未加载,此时没办法设置未加载的DLL中的断点,用这个工具可以解决(程序不能在挂起时加载)
枚举进程
HANDLE hSnapShot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hSnapShot!=INVALID_HANDLE_VALUE){
PROCESSENTRY32 ProcessEntry32;
ProcessEntry32.dwSize = sizeof(PROCESSENTRY32);
if(Process32First(hSnapShot, &ProcessEntry32)){
do{
...添加处理代码
}while(Process32Next(hSnapShot, &ProcessEntry32));
}
CloseHandle(hSnapShot);
}
注入(不支持WIN9X系统)
//打开目标进程
// 权限->PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|
PROCESS_VM_OPERATION|PROCESS_VM_WRITE|PROCESS_VM_READ
HANDLE hProcess=OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|
PROCESS_VM_OPERATION|PROCESS_VM_WRITE|PROCESS_VM_READ,
FALSE,pid);
if(!hProcess){SetStatusText(_T("无法打开目标进程!"));return;}
BOOL IsOk=FALSE;
//申请进程间的内存
LPVOID pFile=VirtualAllocEx(hProcess,NULL,++len,MEM_COMMIT,PAGE_READWRITE);
if(pFile){
//写入要注入DLL的完整路径
if(WriteProcessMemory(hProcess,pFile,buf,len,NULL)){
PTHREAD_START_ROUTINE pfnRemote =(PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(_T("KERNEL32.dll")),"LoadLibraryA");
//PTHREAD_START_ROUTINE pfnRemote =(PTHREAD_START_ROUTINE)&LoadLibraryA;
//创建远程线程
HANDLE hThread=::CreateRemoteThread(hProcess,NULL,0,
pfnRemote,pFile,0,NULL);
if(hThread){
//等待线程结束
WaitForSingleObject(hThread,INFINITE);
DWORD RetV;
//获取线程结束代码
if(GetExitCodeThread(hThread,&RetV)){
if(RetV)IsOk=TRUE;
}
CloseHandle(hThread);
}
}
//释放内存
VirtualFreeEx(hProcess,pFile,0,MEM_RELEASE);
}
//关闭句柄
CloseHandle(hProcess);
下载地址:
e7fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3I4A6N6X3g2Q4x3X3c8K6K9r3q4J5k6g2)9J5k6h3y4G2L8g2)9J5c8X3k6A6L8r3g2K6i4K6u0r3x3e0V1&6x3o6M7@1i4K6u0r3d9h3&6B7k6h3y4@1c8p5I4x3i4K6u0W2M7X3q4J5i4K6u0W2K9s2c8E0L8l9`.`.
注:代码只供参考,不能直接编译(因为没有使用标准库)
[培训]科锐逆向工程师培训第53期2025年7月8日开班!
