C语言进行远程注入进程 - c语言编程

TOP

C语言进行远程注入进程 (一)

2014-11-23 22:57:32 来源: 作者: 【大中小】浏览:2次

Tags：语言进行远程注入进程

1. #include

2. #include

3. #include

5. BOOL LoadRemoteDll(DWORD dwProcessId,LPTSTR lpszLibName);

6. DWORD EnablePrivilege (PCSTR name);

7. BOOL GetProcessIdByName(LPSTR szProcessName, LPDWORD lpPID);

9. DWORD EnablePrivilege (PCSTR name)

10. {

11. HANDLE hToken;

12. BOOL rv;

13. TOKEN_PRIVILEGES priv = { 1, {0, 0, SE_PRIVILEGE_ENABLED} };

14. LookupPrivilegeva lue (

15. 0,

16. name,

17. &priv.Privileges[0].Luid

18. );

19. OpenProcessToken(

20. GetCurrentProcess (),

21. TOKEN_ADJUST_PRIVILEGES,

22. &hToken

23. );

24. AdjustTokenPrivileges (

25. hToken,

26. FALSE,

27. &priv,

28. sizeof priv,

29. 0,

30. 0

31. );

32. rv = GetLastError();

33. CloseHandle (hToken);

34. return rv;

35. }

36.

37. BOOL GetProcessIdByName(LPSTR szProcessName, LPDWORD lpPID)

38. {

39. STARTUPINFO st;

40. PROCESS_INFORMATION pi;

41. PROCESSENTRY32 ps;

42. HANDLE hSnapshot;

43. ZeroMemory(&st, sizeof(STARTUPINFO));

44. ZeroMemory(&pi, sizeof(PROCESS_INFORMATION));

45. st.cb = sizeof(STARTUPINFO);

46. ZeroMemory(&ps,sizeof(PROCESSENTRY32));

47. ps.dwSize = sizeof(PROCESSENTRY32);

48.

49. hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0);

50. if(hSnapshot == INVALID_HANDLE_VALUE)

51. {

52. return FALSE;

53. }

54.

55. if(!Process32First(hSnapshot,&ps))

56. {

57. return FALSE;

58. }

59. do

60. {

61.

62. if(lstrcmpi(ps.szExeFile,"explorer.exe")==0)

63. {

64.

65. *lpPID = ps.th32ProcessID;

66. CloseHandle(hSnapshot);

67. return TRUE;

68. }

69. }

70. while(Process32Next(hSnapshot,&ps));

71.

72. CloseHandle(hSnapshot);

73. return FALSE;

74. }

75.

76. BOOL LoadRemoteDll(DWORD dwProcessId,LPTSTR lpszLibName){

77. BOOL bResult = FALSE;

78. HANDLE hProcess = NULL;

79. HANDLE hThread = NULL;

80. PSTR pszLibFileRemote = NULL;

81. DWORD cch;

82. PTHREAD_START_ROUTINE pfnThreadRtn;

83.

84. __try{

85. hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessId);

86. if(hProcess == NULL){

87. __leave;

88. }

89. cch = 1 + lstrlen(lpszLibName);

90. pszLibFileRemote = (PSTR)VirtualAllocEx(hProcess,NULL,cch,MEM_COMMIT,PAGE_READWRITE);

91. if(pszLibFileRemote == NULL){

92. __leave;

93. }

94. if(!WriteProcessMemory(hProcess,(LPVOID)pszLibFileRemote,(LPVOID)lpszLibName,cch,NULL)){

95. __leave;

96. }

97. pfnThreadRtn = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("Kernel32")),TEXT("LoadLibraryA"));

98. if(pfnThreadRtn == NULL){

99. __leave;

100. }

101. hThread = CreateRemoteThread(hProcess,NULL,0,pfnThreadRtn,(PVOID)pszLibFileRemote,0,NULL);

102. if(hThread == NULL){

103. __leave;

104. }

105. WaitForSi

首页上一页 1 2 下一页尾页 1/2/2
【大中小】【打印】【繁体】【投稿】【收藏】【推荐】【举报】【评论】【关闭】【返回顶部】
分享到:
上一篇：基于顺序存储的多叉树实现: (3) ..	下一篇：做MTK笔试的总结（一）

帐　　号:

密码: (新用户注册)

验证码:

表　　情:

内　　容: