-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathinjectDll.hpp
42 lines (38 loc) · 1.39 KB
/
injectDll.hpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#pragma once
#include <Windows.h>
BOOL InjectDll(HANDLE hProcess, LPCSTR dllPath){
LPVOID lpRemoteMem = VirtualAllocEx(hProcess, NULL, strlen(dllPath) + 1, MEM_COMMIT, PAGE_READWRITE);
if (lpRemoteMem == NULL){
// 分配内存失败
return FALSE;
}
if (!WriteProcessMemory(hProcess, lpRemoteMem, dllPath, strlen(dllPath) + 1, NULL)){
// 写入内存失败
VirtualFreeEx(hProcess, lpRemoteMem, 0, MEM_RELEASE);
return FALSE;
}
HMODULE hKernel32 = GetModuleHandle("Kernel32");
if (hKernel32 == NULL){
// 获取Kernel32模块句柄失败
VirtualFreeEx(hProcess, lpRemoteMem, 0, MEM_RELEASE);
return FALSE;
}
LPVOID lpLoadLibraryA = (LPVOID)GetProcAddress(hKernel32, "LoadLibraryA");
if (lpLoadLibraryA == NULL){
// 获取LoadLibraryA函数地址失败
VirtualFreeEx(hProcess, lpRemoteMem, 0, MEM_RELEASE);
return FALSE;
}
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpLoadLibraryA, lpRemoteMem, 0, NULL);
if (hThread == NULL){
// 创建远程线程失败
VirtualFreeEx(hProcess, lpRemoteMem, 0, MEM_RELEASE);
return FALSE;
}
//等待线程结束
WaitForSingleObject(hThread, INFINITE);
//释放内存
VirtualFreeEx(hProcess, lpRemoteMem, 0, MEM_RELEASE);
CloseHandle(hThread);
return TRUE;
}