vc dll 주입 없음
// NoDllInjectDlg.cpp : implementation file
//
#include "stdafx.h"
#include "NoDllInject.h"
#include "NoDllInjectDlg.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
/////////////////////////////////////////////////////////////////////////////
// CAboutDlg dialog used for App About
class CAboutDlg : public CDialog
{
public:
CAboutDlg();
// Dialog Data
//{{AFX_DATA(CAboutDlg)
enum { IDD = IDD_ABOUTBOX };
//}}AFX_DATA
// ClassWizard generated virtual function overrides
//{{AFX_VIRTUAL(CAboutDlg)
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
//}}AFX_VIRTUAL
// Implementation
protected:
//{{AFX_MSG(CAboutDlg)
//}}AFX_MSG
DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
//{{AFX_DATA_INIT(CAboutDlg)
//}}AFX_DATA_INIT
}
void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CAboutDlg)
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
//{{AFX_MSG_MAP(CAboutDlg)
// No message handlers
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CNoDllInjectDlg dialog
CNoDllInjectDlg::CNoDllInjectDlg(CWnd* pParent /*=NULL*/)
: CDialog(CNoDllInjectDlg::IDD, pParent)
{
//{{AFX_DATA_INIT(CNoDllInjectDlg)
// NOTE: the ClassWizard will add member initialization here
//}}AFX_DATA_INIT
// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CNoDllInjectDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CNoDllInjectDlg)
// NOTE: the ClassWizard will add DDX and DDV calls here
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CNoDllInjectDlg, CDialog)
//{{AFX_MSG_MAP(CNoDllInjectDlg)
ON_WM_SYSCOMMAND()
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
ON_BN_CLICKED(IDC_BTN_INJECT, OnBtnInject)
//}}AFX_MSG_MAP
ON_BN_CLICKED(IDC_BUTTON1, &CNoDllInjectDlg::OnBnClickedButton1)
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CNoDllInjectDlg message handlers
BOOL CNoDllInjectDlg::OnInitDialog()
{
CDialog::OnInitDialog();
// Add "About..." menu item to system menu.
// IDM_ABOUTBOX must be in the system command range.
ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
ASSERT(IDM_ABOUTBOX < 0xF000);
CMenu* pSysMenu = GetSystemMenu(FALSE);
if (pSysMenu != NULL)
{
CString strAboutMenu;
strAboutMenu.LoadString(IDS_ABOUTBOX);
if (!strAboutMenu.IsEmpty())
{
pSysMenu->AppendMenu(MF_SEPARATOR);
pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
}
}
// Set the icon for this dialog. The framework does this automatically
// when the application's main window is not a dialog
SetIcon(m_hIcon, TRUE); // Set big icon
SetIcon(m_hIcon, FALSE); // Set small icon
// TODO: Add extra initialization here
DebugPrivilege();
return TRUE; // return TRUE unless you set the focus to a control
}
void CNoDllInjectDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
if ((nID & 0xFFF0) == IDM_ABOUTBOX)
{
CAboutDlg dlgAbout;
dlgAbout.DoModal();
}
else
{
CDialog::OnSysCommand(nID, lParam);
}
}
// If you add a minimize button to your dialog, you will need the code below
// to draw the icon. For MFC applications using the document/view model,
// this is automatically done for you by the framework.
void CNoDllInjectDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // device context for painting
SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
// Center icon in client rectangle
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// Draw the icon
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialog::OnPaint();
}
}
// The system calls this to obtain the cursor to display while the user drags
// the minimized window.
HCURSOR CNoDllInjectDlg::OnQueryDragIcon()
{
return (HCURSOR) m_hIcon;
}
#define STRLEN 20
typedef struct _DATA
{
DWORD dwLoadLibrary;
DWORD dwGetProcAddress;
DWORD dwGetModuleHandle;
DWORD dwGetModuleFileName;
char User32Dll[STRLEN];
char MessageBox[STRLEN];
char Str[STRLEN];
}DATA, *PDATA;
DWORD WINAPI RemoteThreadProc(LPVOID lpParam)
{
// , , ,
PDATA pData = (PDATA)lpParam;
// API
HMODULE (__stdcall *MyLoadLibrary)(LPCTSTR);
FARPROC (__stdcall *MyGetProcAddress)(HMODULE, LPCSTR);
HMODULE (__stdcall *MyGetModuleHandle)(LPCTSTR);
int (__stdcall *MyMessageBox)(HWND, LPCTSTR, LPCTSTR, UINT);
DWORD (__stdcall *MyGetModuleFileName)(HMODULE, LPTSTR, DWORD);
MyLoadLibrary = (HMODULE (__stdcall *)(LPCTSTR))pData->dwLoadLibrary;
MyGetProcAddress = (FARPROC (__stdcall *)(HMODULE,LPCSTR))pData->dwGetProcAddress;
MyGetModuleHandle = (HMODULE (__stdcall *)(LPCSTR))pData->dwGetModuleHandle;
MyGetModuleFileName = (DWORD (__stdcall *)(HMODULE,LPTSTR,DWORD nSize))pData->dwGetModuleFileName;
HMODULE hModule = MyLoadLibrary(pData->User32Dll);
MyMessageBox = (int (__stdcall *)(HWND,LPCTSTR,LPCTSTR,UINT))MyGetProcAddress(hModule, pData->MessageBox);
char szModuleName[MAX_PATH] = { 0 };
MyGetModuleFileName(NULL, szModuleName, MAX_PATH);
MyMessageBox(NULL, pData->Str, szModuleName, MB_OK);
return 0;
}
void CNoDllInjectDlg::OnBtnInject()
{
// TODO: Add your control notification handler code here
DWORD dwPid = GetDlgItemInt(IDC_EDIT_PID, FALSE, FALSE);
InjectCode(dwPid);
}
VOID CNoDllInjectDlg::DebugPrivilege()
{
HANDLE hToken = NULL;
BOOL bRet = OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken);
if ( bRet == TRUE )
{
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
CloseHandle(hToken);
}
}
VOID CNoDllInjectDlg::InjectCode(DWORD dwPid)
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
if ( hProcess == NULL )
{
AfxMessageBox("OpenProcess Error");
return ;
}
DATA Data = { 0 };
Data.dwLoadLibrary = (DWORD)GetProcAddress(
GetModuleHandle("kernel32.dll"),
"LoadLibraryA");
Data.dwGetProcAddress = (DWORD)GetProcAddress(
GetModuleHandle("kernel32.dll"),
"GetProcAddress");
Data.dwGetModuleHandle = (DWORD)GetProcAddress(
GetModuleHandle("kernel32.dll"),
"GetModuleHandleA");
Data.dwGetModuleFileName = (DWORD)GetProcAddress(
GetModuleHandleA("kernel32.dll"),
"GetModuleFileNameA");
lstrcpy(Data.User32Dll, "user32.dll");
lstrcpy(Data.MessageBox, "MessageBoxA");
lstrcpy(Data.Str, "Inject Code !!!");
LPVOID lpData = VirtualAllocEx(hProcess,
NULL,
sizeof(DATA),
MEM_COMMIT | MEM_RESERVE,
PAGE_READWRITE);
DWORD dwWriteNum = 0;
WriteProcessMemory(hProcess, lpData, &Data, sizeof(DATA), &dwWriteNum);
DWORD dwFunSize = 0x2000;
LPVOID lpCode = VirtualAllocEx(hProcess,
NULL,
dwFunSize,
MEM_COMMIT,
PAGE_EXECUTE_READWRITE);
WriteProcessMemory(hProcess, lpCode, RemoteThreadProc, dwFunSize, &dwWriteNum);
HANDLE hRemoteThread = CreateRemoteThread(hProcess,
NULL,
0,
(LPTHREAD_START_ROUTINE)lpCode,
lpData,
0,
NULL);
TCHAR szBuf[1024];
LPVOID lpMsgBuf;
DWORD dw=GetLastError();
FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,dw,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR) &lpMsgBuf,0, NULL );
wsprintf(szBuf,_T(" ( =%d): %s
"),
dw, lpMsgBuf);
LocalFree(lpMsgBuf);
MessageBoxA(szBuf," ",0);
WaitForSingleObject(hRemoteThread, INFINITE);
CloseHandle(hRemoteThread);
CloseHandle(hProcess);
}
//
typedef struct _RemotePara{
PVOID dwMessageBox; //
char strMessageBox[12]; //
}RemotePara;
//
DWORD __stdcall ThreadProc(RemotePara *Para)
{
typedef int (/*__stdcall*/ *PMessageBox) (HWND ,LPCTSTR ,LPCTSTR,UINT);
PMessageBox MessageBoxFunc = (PMessageBox)Para->dwMessageBox;
MessageBoxFunc(NULL, Para->strMessageBox, Para->strMessageBox, MB_OK);
return 0 ;
}
void CNoDllInjectDlg::OnBnClickedButton1()
{
DWORD THREADSIZE=1024;
DWORD pID;
DWORD byte_write;
HANDLE hRemoteProcess,hThread;
RemotePara myRemotePara,*pRemotePara;
void *pRemoteThread;
HINSTANCE hUser32 ;
pID = GetDlgItemInt(IDC_EDIT_PID, FALSE, FALSE);
hRemoteProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pID);
if(!hRemoteProcess)
return ;
//
pRemoteThread = VirtualAllocEx(hRemoteProcess, 0, THREADSIZE, MEM_COMMIT | MEM_RESERVE,PAGE_EXECUTE_READWRITE);
if(!pRemoteThread)
return ;
// ThreadProc
if(!WriteProcessMemory(hRemoteProcess, pRemoteThread, &ThreadProc, THREADSIZE,0))
return ;
ZeroMemory(&myRemotePara,sizeof(RemotePara));
hUser32 = LoadLibrary("user32.dll");
myRemotePara.dwMessageBox = (PVOID)GetProcAddress(hUser32, "MessageBoxA");
strcat(myRemotePara.strMessageBox,"Hello !"); // MessageBox
//
pRemotePara =(RemotePara *)VirtualAllocEx (hRemoteProcess ,0,sizeof(RemotePara),MEM_COMMIT,PAGE_READWRITE);
if(!pRemotePara)
return ;
if(!WriteProcessMemory (hRemoteProcess ,pRemotePara,&myRemotePara,sizeof(myRemotePara),0))
return ;
//
hThread = CreateRemoteThread(hRemoteProcess ,0,0,(LPTHREAD_START_ROUTINE)pRemoteThread ,pRemotePara,0,&byte_write);
//FreeLibrary(hUser32);
CloseHandle(hRemoteProcess);
AfxMessageBox("ok");
}
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
다양한 언어의 JSONJSON은 Javascript 표기법을 사용하여 데이터 구조를 레이아웃하는 데이터 형식입니다. 그러나 Javascript가 코드에서 이러한 구조를 나타낼 수 있는 유일한 언어는 아닙니다. 저는 일반적으로 '객체'{}...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.
좋은 웹페이지 즐겨찾기
