/******************************************************************************
Module: InjLib.cpp
Notices: Copyright (c) 2000 Jeffrey Richter
******************************************************************************/
#include "afxwin.h"
#include "..\CmnHdr.h" /* See Appendix A. */
#include <windowsx.h>
#include <stdio.h>
#include <tchar.h>
#include <malloc.h> // For alloca
#include <TlHelp32.h>
#include "Resource.h"
void CALLBACK TimerProc(HWND hwnd,UINT nMsg,UINT nTimerid,DWORD dwTime);
///////////////////////////////////////////////////////////////////////////////
#ifdef UNICODE
#define InjectLib InjectLibW
#define EjectLib EjectLibW
#else
#define InjectLib InjectLibA
#define EjectLib EjectLibA
#endif // !UNICODE
///////////////////////////////////////////////////////////////////////////////
BOOL WINAPI InjectLibW(DWORD dwProcessId, PCWSTR pszLibFile) {
BOOL fOk = FALSE; // Assume that the function fails
HANDLE hProcess = NULL, hThread = NULL;
PWSTR pszLibFileRemote = NULL;
__try {
// Get a handle for the target process.
hProcess = OpenProcess(
PROCESS_QUERY_INFORMATION | // Required by Alpha
PROCESS_CREATE_THREAD | // For CreateRemoteThread
PROCESS_VM_OPERATION | // For VirtualAllocEx/VirtualFreeEx
PROCESS_VM_WRITE, // For WriteProcessMemory
FALSE, dwProcessId);
if (hProcess == NULL) __leave;
// Calculate the number of bytes needed for the DLL's pathname
int cch = 1 + lstrlenW(pszLibFile);
int cb = cch * sizeof(WCHAR);
// Allocate space in the remote process for the pathname
pszLibFileRemote = (PWSTR)
VirtualAllocEx(hProcess, NULL, cb, MEM_COMMIT, PAGE_READWRITE);
if (pszLibFileRemote == NULL) __leave;
// Copy the DLL's pathname to the remote process's address space
if (!WriteProcessMemory(hProcess, pszLibFileRemote,
(PVOID) pszLibFile, cb, NULL)) __leave;
// Get the real address of LoadLibraryW in Kernel32.dll
PTHREAD_START_ROUTINE pfnThreadRtn = (PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryW");
if (pfnThreadRtn == NULL) __leave;
// Create a remote thread that calls LoadLibraryW(DLLPathname)
hThread = CreateRemoteThread(hProcess, NULL, 0,
pfnThreadRtn, pszLibFileRemote, 0, NULL);
if (hThread == NULL) __leave;
// Wait for the remote thread to terminate
WaitForSingleObject(hThread, INFINITE);
fOk = TRUE; // Everything executed successfully
}
__finally { // Now, we can clean everthing up
// Free the remote memory that contained the DLL's pathname
if (pszLibFileRemote != NULL)
VirtualFreeEx(hProcess, pszLibFileRemote, 0, MEM_RELEASE);
if (hThread != NULL)
CloseHandle(hThread);
if (hProcess != NULL)
CloseHandle(hProcess);
}
return(fOk);
}
///////////////////////////////////////////////////////////////////////////////
BOOL WINAPI InjectLibA(DWORD dwProcessId, PCSTR pszLibFile) {
// Allocate a (stack) buffer for the Unicode version of the pathname
PWSTR pszLibFileW = (PWSTR)
_alloca((lstrlenA(pszLibFile) + 1) * sizeof(WCHAR));
// Convert the ANSI pathname to its Unicode equivalent
wsprintfW(pszLibFileW, L"%S", pszLibFile);
// Call the Unicode version of the function to actually do the work.
return(InjectLibW(dwProcessId, pszLibFileW));
}
///////////////////////////////////////////////////////////////////////////////
BOOL WINAPI EjectLibW(DWORD dwProcessId, PCWSTR pszLibFile) {
BOOL fOk = FALSE; // Assume that the function fails
HANDLE hthSnapshot = NULL;
HANDLE hProcess = NULL, hThread = NULL;
__try {
// Grab a new snapshot of the process
hthSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessId);
if (hthSnapshot == NULL) __leave;
// Get the HMODULE of the desired library
MODULEENTRY32W me = { sizeof(me) };
BOOL fFound = FALSE;
BOOL fMoreMods = Module32FirstW(hthSnapshot, &me);
for (; fMoreMods; fMoreMods = Module32NextW(hthSnapshot, &me)) {
fFound = (lstrcmpiW(me.szModule, pszLibFile) == 0) ||
(lstrcmpiW(me.szExePath, pszLibFile) == 0);
if (fFound) break;
}
if (!fFound) __leave;
// Get a handle for the target process.
hProcess = OpenProcess(
PROCESS_QUERY_INFORMATION | // Required by Alpha
PROCESS_CREATE_THREAD |
PROCESS_VM_OPERATION, // For CreateRemoteThread
FALSE, dwProcessId);
if (hProcess == NULL) __leave;
// Get the real address of LoadLibraryW in Kernel32.dll
PTHREAD_START_ROUTINE pfnThreadRtn = (PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "FreeLibrary");
if (pfnThreadRtn == NULL) __leave;
// Create a remote thread that calls LoadLibraryW(DLLPathname)
hThread = CreateRemoteThread(hProcess, NULL, 0,
pfnThreadRtn, me.modBaseAddr, 0, NULL);
if (hThread == NULL) __leave;
// Wait for the remote thread to terminate
WaitForSingleObject(hThread, INFINITE);
fOk = TRUE; // Everything executed successfully
}
__finally { // Now we can clean everything up
if (hthSnapshot != NULL)
CloseHandle(hthSnapshot);
if (hThread != NULL)
CloseHandle(hThread);
if (hProcess != NULL)
CloseHandle(hProcess);
}
return(fOk);
}
///////////////////////////////////////////////////////////////////////////////
BOOL WINAPI EjectLibA(DWORD dwProcessId, PCSTR pszLibFile) {
// Allocate a (stack) buffer for the Unicode version of the pathname
PWSTR pszLibFileW = (PWSTR)
_alloca((lstrlenA(pszLibFile) + 1) * sizeof(WCHAR));
// Convert the ANSI pathname to its Unicode equivalent
wsprintfW(pszLibFileW, L"%S", pszLibFile);
// Call the Unicode version of the function to actually do the work.
return(EjectLibW(dwProcessId, pszLibFileW));
}
///////////////////////////////////////////////////////////////////////////////
BOOL Dlg_OnInitDialog(HWND hwnd, HWND hwndFocus, LPARAM lParam) {
::SetTimer(hwnd,1,8000,TimerProc);//set a timer
chSETDLGICONS(hwnd, IDI_INJLIB);
return(TRUE);
}
///////////////////////////////////////////////////////////////////////////////
void Dlg_OnCommand(HWND hwnd, int id, HWND hwndCtl, UINT codeNotify) {
switch (id) {
case IDCANCEL:
EndDialog(hwnd, id);
break;
case IDC_INJECT:
DWORD dwProcessId = GetDlgItemInt(hwnd, IDC_PROCESSID, NULL, FALSE);
if (dwProcessId == 0) {
// A process ID of 0 causes everything to take place in the
// local process; this makes things easier for debugging.
HWND pWnd = FindWindowEx(NULL,NULL,NULL,"SMXInsight - sample");
GetWindowThreadProcessId(pWnd,&dwProcessId);//GetCurrentProcessId();
}
TCHAR szLibFile[MAX_PATH];
GetModuleFileName(NULL, szLibFile, sizeof(szLibFile));
_tcscpy(_tcsrchr(szLibFile, TEXT('\\')) + 1, TEXT("22 ImgWalk.DLL"));
if (InjectLib(dwProcessId, szLibFile)) {
/*chVERIFY(*/EjectLib(dwProcessId, szLibFile)/*)*/;
chMB("DLL Injection/Ejection successful.");
} else {
chMB("DLL Injection/Ejection failed.");
}
break;
}
}
///////////////////////////////////////////////////////////////////////////////
INT_PTR WINAPI Dlg_Proc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) {
switch (uMsg) {
chHANDLE_DLGMSG(hwnd, WM_INITDIALOG, Dlg_OnInitDialog);
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
DLL_remote_injection_with_socket.rar (83个子文件)
双机通讯客户端
CmnHdr.h 8KB
22-InjLib
22 InjLib.ncb 14.17MB
InjLib.aps 18KB
22 InjLib.dsp 7KB
InjLib.ico 766B
22 InjLib.sln 1KB
22 InjLib.plg 1KB
Debug
InjLib.obj 100KB
InjLib.res 1KB
vc90.idb 883KB
BuildLog.htm 8KB
22 InjLib.exe.embed.manifest.res 984B
22 InjLib.exe.embed.manifest 920B
mt.dep 65B
22 InjLib.exe.intermediate.manifest 861B
vc90.pdb 508KB
22 InjLib.vcproj 10KB
InjLib.cpp 9KB
22 InjLib.suo 19KB
InjLib.rc 2KB
22 InjLib.opt 53KB
Resource.h 588B
22 InjLib.vcproj.WIN-LAB.Administrator.user 3KB
22 InjLib.dsw 543B
x86
17 MMFSparse.exe 108KB
27 LISWatch.exe 104KB
22 DIPS.exe 96KB
01 ErrorShow.exe 96KB
07 SchedLab.exe 104KB
14 VMStat.exe 96KB
10 Optex.exe 100KB
17 MMFShare.exe 96KB
26 CopyData.exe 96KB
10 WaitForMultExp.exe 104KB
22 LastMsgBoxInfo.exe 96KB
14 VMMap.exe 104KB
16 Summation.exe 96KB
05 JobLab.exe 108KB
15 AWE.exe 100KB
20 DelayLoadApp.exe 100KB
22 ImgWalk.dll 92KB
Debug
22 InjLib.pdb 1.54MB
22 InjLib.ilk 475KB
22 InjLib.exe 44KB
22 ImgWalk.dll 27KB
22 ImgWalk.pdb 371KB
22 ImgWalk.ilk 294KB
09 Handshake.exe 96KB
09 Queue.exe 100KB
25 Spreadsheet.exe 104KB
23 SEHTerm.exe 96KB
17 FileRev.exe 100KB
17 AppInst.exe 100KB
11 TimedMsgBox.exe 96KB
10 InterlockedType.exe 104KB
27 LISLab.exe 104KB
15 MemReset.exe 96KB
04 ProcessInfo.exe 108KB
10 SWMRG.exe 96KB
22 DIPSLib.dll 100KB
20 DelayLoadLib.dll 92KB
12 Counter.exe 96KB
22 LastMsgBoxInfoLib.dll 108KB
15 VMAlloc.exe 100KB
14 SysInfo.exe 100KB
22-ImgWalk
22 ImgWalk.sln 1KB
22 ImgWalk.opt 54KB
Debug
22 ImgWalk.dll.embed.manifest.res 980B
ImgWalk.obj 26KB
22 ImgWalk.dll.embed.manifest 915B
vc90.idb 563KB
BuildLog.htm 6KB
mt.dep 65B
22 ImgWalk.dll.intermediate.manifest 856B
vc90.pdb 108KB
22 ImgWalk.dsp 7KB
22 ImgWalk.ncb 10.89MB
22 ImgWalk.plg 1KB
22 ImgWalk.vcproj 10KB
22 ImgWalk.dsw 545B
22 ImgWalk.suo 10KB
ImgWalk.cpp 4KB
22 ImgWalk.vcproj.WIN-LAB.Administrator.user 3KB
共 83 条
- 1
资源评论
- chunlizhang2013-06-24类似的资料都差不多 感谢分享
johnnywbq
- 粉丝: 1
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功