C++ DLL注入器 求源码
本帖最后由 fghtiger 于 2025-2-16 09:27 编辑https://www.52hb.com/forum.php?m ... 8%E5%85%A5%E5%99%A8源码连接挂了。
void CMFCinjecteDlg::OnCbnDropdownComboProcesses()
{
// 清空CComboBox中的现有项
m_comboProcesses.ResetContent();
// 创建进程快照
HANDLE hProcessSnap;
PROCESSENTRY32 pe32;
// 拍摄系统中所有进程的快照
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
{
AfxMessageBox(_T("无法创建进程快照!"));
return;
}
// 设置PROCESSENTRY32结构体的大小
pe32.dwSize = sizeof(PROCESSENTRY32);
// 获取第一个进程信息
if (!Process32First(hProcessSnap, &pe32))
{
AfxMessageBox(_T("无法获取第一个进程信息!"));
CloseHandle(hProcessSnap);
return;
}
CStringArray addedProcessNames;// 用于记录已经添加过的进程名
// 遍历所有进程并添加到CComboBox中
do
{
CString processName(pe32.szExeFile);
BOOL isDuplicate = FALSE;
// 检查该进程名是否已经添加过
for (int i = 0; i < addedProcessNames.GetSize(); i++)
{
if (addedProcessNames == processName)
{
isDuplicate = TRUE;
break;
}
}
// 如果不是重复的进程名,则添加到CComboBox和记录数组中
if (!isDuplicate)
{
m_comboProcesses.AddString(processName);
addedProcessNames.Add(processName);
}
} while (Process32Next(hProcessSnap, &pe32));
// 关闭进程快照句柄
CloseHandle(hProcessSnap);
}
// 点击按钮时的处理函数
void CMFCinjecteDlg::OnBnClickedButton1()
{
int nSel = m_comboProcesses.GetCurSel();
if (nSel == CB_ERR)
{
AfxMessageBox(_T("请选择一个进程!"));
return;
}
CString processName;
m_comboProcesses.GetLBText(nSel, processName);
DWORD dwProcessId = GetProcessIdByName(processName);
if (dwProcessId == 0)
{
AfxMessageBox(_T("未找到指定进程!"));
return;
}
CString dllName = _T("MirDll.dll");
CString dllPath = GetCurrentDirectoryPath() + dllName;
if (InjectDLL(dwProcessId, CT2A(dllPath)))
{
AfxMessageBox(_T("DLL 注入成功!"));
}
else
{
AfxMessageBox(_T("DLL 注入失败!"));
}
}
// 根据进程名获取进程 ID
DWORD CMFCinjecteDlg::GetProcessIdByName(const CString& processName)
{
HANDLE hProcessSnap;
PROCESSENTRY32 pe32;
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
{
return 0;
}
pe32.dwSize = sizeof(PROCESSENTRY32);
if (!Process32First(hProcessSnap, &pe32))
{
CloseHandle(hProcessSnap);
return 0;
}
do
{
CString currentProcessName(pe32.szExeFile);
if (currentProcessName == processName)
{
CloseHandle(hProcessSnap);
return pe32.th32ProcessID;
}
} while (Process32Next(hProcessSnap, &pe32));
CloseHandle(hProcessSnap);
return 0;
}
// 注入 DLL 到指定进程
BOOL CMFCinjecteDlg::InjectDLL(DWORD dwProcessId, const char* dllPath)
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
if (hProcess == NULL)
{
return FALSE;
}
SIZE_T dllPathLen = strlen(dllPath) + 1;
LPVOID remoteDllPath = VirtualAllocEx(hProcess, NULL, dllPathLen, MEM_COMMIT, PAGE_READWRITE);
if (remoteDllPath == NULL)
{
CloseHandle(hProcess);
return FALSE;
}
if (!WriteProcessMemory(hProcess, remoteDllPath, dllPath, dllPathLen, NULL))
{
VirtualFreeEx(hProcess, remoteDllPath, 0, MEM_RELEASE);
CloseHandle(hProcess);
return FALSE;
}
HMODULE hKernel32 = GetModuleHandleA("kernel32.dll");
FARPROC loadLibraryAddr = GetProcAddress(hKernel32, "LoadLibraryA");
if (loadLibraryAddr == NULL)
{
VirtualFreeEx(hProcess, remoteDllPath, 0, MEM_RELEASE);
CloseHandle(hProcess);
return FALSE;
}
HANDLE hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)loadLibraryAddr, remoteDllPath, 0, NULL);
if (hRemoteThread == NULL)
{
VirtualFreeEx(hProcess, remoteDllPath, 0, MEM_RELEASE);
CloseHandle(hProcess);
return FALSE;
}
WaitForSingleObject(hRemoteThread, INFINITE);
VirtualFreeEx(hProcess, remoteDllPath, 0, MEM_RELEASE);
CloseHandle(hRemoteThread);
CloseHandle(hProcess);
return TRUE;
}
// 获取当前运行目录路径
CString CMFCinjecteDlg::GetCurrentDirectoryPath()
{
TCHAR szPath;
GetModuleFileName(NULL, szPath, MAX_PATH);
CString path(szPath);
int pos = path.ReverseFind(_T('\\'));
if (pos != -1)
{
path = path.Left(pos + 1);
}
return path;
}
MFC 的用的是进程注入其他的自己研究下 很好弄 同求。{:5_116:}
同求。。 同求...... 工具能用就行了呗,找源码也不用非找这个,随便搜个类似的学习一样的 同求源码 同求源码
这个源码好像我删掉了,没保存的,这个东西网上很多随便找找就好了
页:
[1]