Comments (3)
hailiangchen
commented on May 16, 2024
MFCApplication.exe 这个工具的源码也可以,我写了一个注入工具,一直注入不成功,想学习一下
from wxhelper.
ttttupup
commented on May 16, 2024
参考#8
from wxhelper.
ttttupup
commented on May 16, 2024
// dllmain.cpp : 定义 DLL 应用程序的入口点。
#include "pch.h"
#include <tlhelp32.h>
DWORD GetPIDForProcess(wchar_t* process)
{
HANDLE hSnapshot;
DWORD targetPid = 0;
PROCESSENTRY32W pe32;
int working;
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (!hSnapshot) {
return 0;
}
pe32.dwSize = sizeof(PROCESSENTRY32);
for (working = Process32FirstW(hSnapshot, &pe32); working; working = Process32NextW(hSnapshot, &pe32))
{
if (!wcscmp(pe32.szExeFile, process))
{
targetPid = pe32.th32ProcessID;
break;
}
}
CloseHandle(hSnapshot);
return targetPid;
}
HINSTANCE__* cdecl GetDLLHandle(wchar_t* wDllName, DWORD dPid)
{
HINSTANCE* result;
tagMODULEENTRY32W me32;
void* snapMod;
if (!dPid) {
return 0;
}
snapMod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dPid);
me32.dwSize = sizeof(tagMODULEENTRY32W);
if (Module32FirstW(snapMod, &me32))
{
while (wcscmp(wDllName, me32.szModule))
{
if (!Module32NextW(snapMod, &me32))
goto error;
}
CloseHandle(snapMod);
result = me32.hModule;
}
else
{
error:
CloseHandle(snapMod);
result = 0;
}
return result;
}
int cdecl InjectDll(wchar_t* szPName, wchar_t* szDllPath)
{
int result;
HANDLE hRemoteThread;
LPTHREAD_START_ROUTINE lpSysLibAddr;
HINSTANCE* hKernelModule;
LPVOID lpRemoteDllBase;
HANDLE hProcess;
unsigned int dwPid;
size_t ulDllLength;
dwPid = GetPIDForProcess(szPName);
ulDllLength = wcslen(szDllPath) + 1;
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, dwPid);
if (!hProcess) {
return 0;
}
lpRemoteDllBase = VirtualAllocEx(hProcess, NULL, ulDllLength, MEM_COMMIT, PAGE_READWRITE);
if (lpRemoteDllBase)
{
if (WriteProcessMemory(hProcess, lpRemoteDllBase, szDllPath, ulDllLength, NULL)
&& (hKernelModule = GetModuleHandleW(L"kernel32.dll")) != 0
&& (lpSysLibAddr = (LPTHREAD_START_ROUTINE)GetProcAddress(hKernelModule, "LoadLibraryW")) != 0
&& (hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, lpSysLibAddr, lpRemoteDllBase, 0, NULL)) != 0)
{
WaitForSingleObject(hRemoteThread, INFINITE);
VirtualFreeEx(hProcess, lpRemoteDllBase, ulDllLength, MEM_DECOMMIT | MEM_RELEASE);
CloseHandle(hRemoteThread);
CloseHandle(hProcess);
OutputDebugStringA("[DBG] dll inject success");
result = 1;
}
else
{
VirtualFreeEx(hProcess, lpRemoteDllBase, ulDllLength, MEM_DECOMMIT | MEM_RELEASE);
CloseHandle(hProcess);
result = 0;
}
}
else
{
CloseHandle(hProcess);
result = 0;
}
return result;
}
int cdecl UnInjectDll(wchar_t* szPName, wchar_t* szDName)
{
HINSTANCE* hDll;
LPTHREAD_START_ROUTINE lpFreeLibAddr;
HINSTANCE__* hK32;
HANDLE hProcess;
unsigned int dwPID;
dwPID = GetPIDForProcess(szPName);
hProcess = OpenProcess(0x1FFFFFu, 0, dwPID);
if (!hProcess) {
return 0;
}
hK32 = GetModuleHandleW(L"Kernel32.dll");
if (!hK32) {
return 0;
}
lpFreeLibAddr = (LPTHREAD_START_ROUTINE)GetProcAddress(hK32, "FreeLibraryAndExitThread");
hDll = GetDLLHandle(szDName, dwPID);
if (hDll && CreateRemoteThread(hProcess, 0, 0, lpFreeLibAddr, hDll, 0, 0)) {
return 1;
}
CloseHandle(hProcess);
return 0;
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
ida生成的,简单改一下,可以参考一下。
from wxhelper.
Related Issues (20)
- 3.9.5.81 版本图片经常无法下载 HOT 1
- 问一下大佬,有发送语音的功能吗,我看文档里面没有 HOT 2
- 请教一下注入后源码是如何调用远程方法的. HOT 3
- 3.9.5.81-v10 hookSyncMsg HOT 5
- 求一个 3.9.5.81 32位版本的安装包 HOT 4
- 小程序功能一直没有大神来补充一下吗……
- 3.9.5.81转发遇到bug HOT 1
- 声音可以使用getVoiceByMsgId得到文件。但图像怎么得到呢,使用download_msg_attach?那好像也得不到文件名啊。
- 撤回消息功能,怎么没看到文档
- 学习源码中,遇到点问题请教一下。 HOT 1
- [3.9.5.81]如何让图片自动加载,不需要点击 HOT 5
- Win10系统通过命令行代码注入之后提示1,但是微信闪退了,这是啥原因 HOT 2
- 可以提取到好友的备注名称吗? HOT 1
- 删除好友一直pending HOT 2
- 请问可以获得用户的描述吗
- 使用windowsserver2022 无法运行
- /api/execSql 大部分表不能查询。 HOT 3
- 3.9.5.81v10的Orc识别身份证,其他的能识别,但是姓名识别不出来 HOT 11
- 3.9.5.81注入报 应用程序无法启动 0xc000007b HOT 5
- 3.9.2.23 显示注入成功,端口已打开,访问所有接口 404 错误 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wxhelper.