/************************************************************************/
/* 方法名称: dllInto
/* 方法全称: dllInto
/* 参数: DWORD dwProcId 进程号
/* 返回值: int
/* 说明: DLL注入 ---------任务管理器中的一段代码
/************************************************************************/
int dllInto(DWORD dwProcId)
{
//打开进程
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcId);
if (hProcess == INVALID_HANDLE_VALUE)
{
return -1;
}
//在远程空间中申请空间
LPVOID pszDllName = VirtualAllocEx(hProcess, NULL, 4096, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (pszDllName == NULL)
{
return -1;
}
//向远程进程中写入数据
if (!WriteProcessMemory(hProcess, pszDllName, m_dllPath,MAX_PATH, NULL))
{
return -1;
}
//在远程进程中创建远程线程
HANDLE hInjecthread = CreateRemoteThread(
hProcess,NULL,0,(LPTHREAD_START_ROUTINE)LoadLibrary,
pszDllName, NULL, NULL);
if (NULL == hInjecthread)
{
return -1;
}
//等待线程结束返回
DWORD dw = WaitForSingleObject(hInjecthread, -1);
DWORD dwExiteCode;
GetExitCodeThread(hInjecthread, &dwExiteCode);
HMODULE hMod = (HMODULE)dwExiteCode;
HINSTANCE hInst = LoadLibrary(m_dllPath);
//释放空间
if (!VirtualFreeEx(hProcess,pszDllName,4096,MEM_COMMIT))
{
return -1;
}
CloseHandle(hProcess);
return 1;
}
| 
转播
