请教DLL注入
我要实现向指定进程加载一个DLL,以下是我的做法,单步调试整个过程没有失败,但结果并没有注入成功,请帮我改改,或者按我的需求给个新的函数也行。
[quote]
bool LoadMod(DWORD dwPID, const TCHAR* pszModuleFile)
{
HANDLEhProcess= NULL;
HANDLEhThread= NULL;
DWORDdwSize= 0;
DWORDdwWritten= 0;
LPVOIDlpBuf= NULL;
LPVOIDlpThreadFun= NULL;
hProcess = ::OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, dwPID);
if (!hProcess)
{
return false;
}
dwSize = (DWORD)_tcslen(pszModuleFile);
lpBuf = ::VirtualAllocEx(hProcess, NULL, dwSize, MEM_COMMIT, PAGE_READWRITE);
if (!lpBuf)
{
::CloseHandle(hProcess);
return false;
}
if (!::WriteProcessMemory(hProcess, lpBuf, (LPVOID)pszModuleFile, dwSize, &dwWritten))
{
::VirtualFreeEx(hProcess, lpBuf, dwSize, MEM_DECOMMIT);
::CloseHandle(hProcess);
return false;
}
if (dwSize != dwWritten)
{
::VirtualFreeEx(hProcess, lpBuf, dwSize, MEM_DECOMMIT);
::CloseHandle(hProcess);
return false;
}
#ifdef _UNICODE
lpThreadFun = ::GetProcAddress(::GetModuleHandle(_T( "Kernel32 ")), "LoadLibraryW ");
#else
lpThreadFun = ::GetProcAddress(::GetModuleHandle(_T( "Kernel32 ")), "LoadLibraryA ");
#endif
hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpThreadFun, lpBuf, 0, &dwPID);
::WaitForSingleObject(hThread, INFINITE);
::VirtualFreeEx(hProcess, lpBuf, dwSize, MEM_DECOMMIT);
::CloseHandle(hThread);
::CloseHandle(hProcess);
return true;
}
[/quote]
[解决办法]
代码贴在下边
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
bool LoadMod(DWORD dwPID, const TCHAR* pszModuleFile)
{
HANDLEhProcess= NULL;
HANDLEhThread= NULL;
DWORDdwSize= 0;
DWORDdwWritten= 0;
LPVOIDlpBuf= NULL;
LPVOIDlpThreadFun= NULL;
hProcess = ::OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, dwPID);
if (!hProcess)
{
return false;
}
dwSize = (DWORD)strlen(pszModuleFile);//_tcslen
lpBuf = ::VirtualAllocEx(hProcess, NULL, dwSize, MEM_COMMIT, PAGE_READWRITE);
if (!lpBuf)
{
::CloseHandle(hProcess);
return false;
}
if (!::WriteProcessMemory(hProcess, lpBuf, (LPVOID)pszModuleFile, dwSize, &dwWritten))
{
::VirtualFreeEx(hProcess, lpBuf, dwSize, MEM_DECOMMIT);
::CloseHandle(hProcess);
return false;
}
if (dwSize != dwWritten)
{
::VirtualFreeEx(hProcess, lpBuf, dwSize, MEM_DECOMMIT);
::CloseHandle(hProcess);
return false;
}
#ifdef _UNICODE
lpThreadFun = ::GetProcAddress(::GetModuleHandle(( "Kernel32 ")), "LoadLibraryW ");//_T
#else
lpThreadFun = ::GetProcAddress(::GetModuleHandle(( "Kernel32 ")), "LoadLibraryA ");
#endif
hThread = ::CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpThreadFun, lpBuf, 0, &dwPID);
::WaitForSingleObject(hThread, INFINITE);
::VirtualFreeEx(hProcess, lpBuf, dwSize, MEM_DECOMMIT);
::CloseHandle(hThread);
::CloseHandle(hProcess);
return true;
}
void main()
{
int a=93396;// 进程id
char b[56]= "c:\\321.dll "; //
LoadMod(a,b);
}
