//需要的头文件:
#include <iostream>
#include <stdarg.h>
#include <Windows.h>
#include <Psapi.h>
#include <stdint.h>
#include <tlhelp32.h>
#include <imagehlp.h>
#pragma comment(lib,"Psapi.lib") //编译这个lib文件
#pragma comment(lib,"imagehlp.lib")
//软件启动前注入Dll
//param1:sDllPath:dll路径,run_path:执行文件路径
bool injectDll(char sDllPath[],TCHAR run_path[])
{
//启动目标进程
STARTUPINFO si = { 0 };
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_SHOW;
//pi:创建线程返回的信息
PROCESS_INFORMATION pi;
BOOL bRet = ::CreateProcess(NULL, run_path,NULL,NULL,FALSE,CREATE_SUSPENDED,NULL,NULL,&si,&pi);
//获得进程入口
HANDLE curProcessHandle = pi.hProcess; //获得当前进程的句柄
// 创建虚拟内存地址,放置dll路径
LPVOID pDllPath = VirtualAllocEx(curProcessHandle, NULL, strlen(sDllPath) + 1, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(curProcessHandle, pDllPath, sDllPath, strlen(sDllPath) + 1, NULL);
// 获取LoadLibraryA地址:用于注入dll;
PTHREAD_START_ROUTINE pfnLoadLib = (PTHREAD_START_ROUTINE)GetProcAddress(
GetModuleHandle(TEXT("kernel32")), "LoadLibraryA");
// 在线程中执行dll中的入口函数:即导入dll
HANDLE hNewThread = CreateRemoteThread(curProcessHandle, NULL, 0, pfnLoadLib, pDllPath, 0, NULL);
// TODO: 后续可以插入命令行操作
WaitForSingleObject(hNewThread, INFINITE);
VirtualFreeEx(curProcessHandle, pDllPath, 0, MEM_RELEASE);
CloseHandle(hNewThread);
CloseHandle(curProcessHandle);
ResumeThread(pi.hThread);//继续
return true;
}
用法:直接引用这个方法即可,已经封装好了
标签:exe,windows,NULL,c++,dll,curProcessHandle,si,pi,include From: https://blog.51cto.com/u_15906863/5977844