首页 > 系统相关 >windows 启动exe程序前注入dll(c++)

windows 启动exe程序前注入dll(c++)

时间:2022-12-29 15:31:47浏览次数:45  
标签:exe windows NULL c++ dll curProcessHandle si pi include


//需要的头文件:
#include <iostream>
#include <stdarg.h>
#include <Windows.h>
#include <Psapi.h>
#include <stdint.h>
#include <tlhelp32.h>
#include <imagehlp.h>
#pragma comment(lib,"Psapi.lib") //编译这个lib文件
#pragma comment(lib,"imagehlp.lib")

//软件启动前注入Dll
//param1:sDllPath:dll路径,run_path:执行文件路径
bool injectDll(char sDllPath[],TCHAR run_path[])
{
//启动目标进程
STARTUPINFO si = { 0 };
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_SHOW;
//pi:创建线程返回的信息
PROCESS_INFORMATION pi;
BOOL bRet = ::CreateProcess(NULL, run_path,NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,&si,&pi);
//获得进程入口
HANDLE curProcessHandle = pi.hProcess; //获得当前进程的句柄
// 创建虚拟内存地址,放置dll路径
LPVOID pDllPath = VirtualAllocEx(curProcessHandle, NULL, strlen(sDllPath) + 1, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(curProcessHandle, pDllPath, sDllPath, strlen(sDllPath) + 1, NULL);
// 获取LoadLibraryA地址:用于注入dll;
PTHREAD_START_ROUTINE pfnLoadLib = (PTHREAD_START_ROUTINE)GetProcAddress(
GetModuleHandle(TEXT("kernel32")), "LoadLibraryA");
// 在线程中执行dll中的入口函数:即导入dll
HANDLE hNewThread = CreateRemoteThread(curProcessHandle, NULL, 0, pfnLoadLib, pDllPath, 0, NULL);
// TODO: 后续可以插入命令行操作
WaitForSingleObject(hNewThread, INFINITE);
VirtualFreeEx(curProcessHandle, pDllPath, 0, MEM_RELEASE);
CloseHandle(hNewThread);
CloseHandle(curProcessHandle);
ResumeThread(pi.hThread);//继续
return true;
}

用法:直接引用这个方法即可,已经封装好了

 

标签:exe,windows,NULL,c++,dll,curProcessHandle,si,pi,include
From: https://blog.51cto.com/u_15906863/5977844

相关文章