int DllInject(HANDLE hProcess, const char dllname) {
unsigned long (__stdcall faddr)(void);
int t;
size_t abc;
HMODULE hdll;
HANDLE hp, ht;
LPVOID paddr;
unsigned long exitcode;
int dllnamelen;
hdll = GetModuleHandleA("kernel32dll");
if(hdll == 0) return 0;
faddr = (unsigned long (__stdcall )(void)) GetProcAddress(hdll, "LoadLibraryA");
if(faddr == 0) return 0;
dllnamelen = strlen(dllname) + 1;
paddr = VirtualAllocEx(hProcess, NULL, dllnamelen, MEM_COMMIT, PAGE_READWRITE);
if(paddr == 0) return 0;
WriteProcessMemory(hProcess, paddr, (void)dllname, strlen(dllname)+1, (SIZE_T) &abc);
ht = CreateRemoteThread(hProcess, NULL, 0, faddr, paddr, 0, NULL);
if(ht == 0) {
VirtualFreeEx(hProcess, paddr, dllnamelen, MEM_DECOMMIT);
return 0;
}
WaitForSingleObject(ht, INFINITE);
GetExitCodeThread(ht, &exitcode);
CloseHandle(ht);
VirtualFreeEx(hProcess, paddr, dllnamelen, MEM_DECOMMIT);
return 1;
}
int fun (char exename, const char dllname) {
STARTUPINFOA si;
PROCESS_INFORMATION pi;
if(exename == 0) return 0;
if(dllname == 0) return 0;
memset(&si, 0, sizeof(si));
memset(&pi, 0, sizeof(pi));
if(CreateProcessA(NULL, exename, NULL, NULL, 0, CREATE_SUSPENDED, NULL, NULL, &si, &pi) == 0) return 0;
if(DllInject(pihProcess, dllname) == 0) return 0;
ResumeThread(pihThread);
CloseHandle(pihThread);
CloseHandle(pihProcess);
return 1;
}
启动程序并注入DLL的代码。
例如:
本示例显示如何使用 DllImport 属性通过调用 msvcrtdll 中的 puts 输出消息。
// PInvokeTestcsusing System;
using SystemRuntimeInteropServices;
class PlatformInvokeTest
{
[DllImport("msvcrtdll")]
public static extern int puts(string c);
[DllImport("msvcrtdll")]
internal static extern int _flushall();
public static void Main()
{
puts("Test");
_flushall();
}
}
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)