1,打开一个进程
2,在进程内分配一块内存
3,把要导入的库名写入空间
4,创建远程线程,以LoadLibrary为线程函数,写入的库名为参数
DWORD Inject(DWORD PID, WCHAR* ModuleName) {
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
if (hProcess == NULL) {
MessageBox(0, L"无法打开进程",0,0);
return 0;
}
DWORD LEN = (wcslen(ModuleName) + 1) * sizeof(WCHAR);
LPVOID moduleNameAddr= VirtualAllocEx(hProcess, NULL, LEN, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (moduleNameAddr == NULL) {
::CloseHandle(hProcess);
MessageBox(0, L"无法分配内存", 0, 0);
return 0;
}
BOOL writeCheck = WriteProcessMemory(hProcess, moduleNameAddr, ModuleName, LEN, NULL);
if (writeCheck == FALSE) {
VirtualFreeEx(hProcess, moduleNameAddr, LEN, MEM_RELEASE);
MessageBox(0, L"无法写入内存", 0, 0);
::CloseHandle(hProcess);
return 0;
}
HANDLE hThread = ::CreateRemoteThread(hProcess, NULL, NULL,
(LPTHREAD_START_ROUTINE)LoadLibraryW,
moduleNameAddr, NULL, NULL);
if (hThread == NULL) {
VirtualFreeEx(hProcess, moduleNameAddr, LEN, MEM_RELEASE);
MessageBox(0, L"创建线程失败", 0, 0);
::CloseHandle(hProcess);
return 0;
}
::CloseHandle(hProcess);
::CloseHandle(hThread);
MessageBox(0, L"注入成功", L"", 0);
return 0;
}