원격 DLL 주입 C#

   1:  using System;

   2:  using System.Collections.Generic;

   3:  using System.ComponentModel;

   4:  using System.Data;

   5:  using System.Diagnostics;

   6:  using System.Drawing;

   7:  using System.Linq;

   8:  using System.Runtime.InteropServices;

   9:  using System.Text;

  10:  using System.Windows.Forms;

  11:   

  12:  namespace hooktest01

  13:  {

  14:      public partial class Form1 : Form

  15:      {

  16:          [DllImport("kernel32.dll")]

  17:          public static extern int VirtualAllocEx(IntPtr hwnd, Int32 lpaddress, int size, int type, Int32 tect);

  18:          [DllImport("kernel32.dll")]

  19:          public static extern Boolean WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten);

  20:          [DllImport("kernel32.dll")]

  21:          public static extern int GetProcAddress(int hwnd, string lpname);

  22:          [DllImport("kernel32.dll")]

  23:          public static extern int GetModuleHandleA(string name);

  24:          [DllImport("kernel32.dll")]

  25:          public static extern IntPtr CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);

  26:          [DllImport("kernel32.dll")]

  27:          public static extern Int32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds);

  28:          [DllImport("kernel32.dll")]

  29:          public static extern Boolean VirtualFree(IntPtr lpAddress, Int32 dwSize, Int32 dwFreeType);

  30:          Process pname;

  31:          UInt32 INFINITE = 0xFFFFFFFF;

  32:          Int32 PAGE_EXECUTE_READWRITE = 0x40;

  33:          Int32 MEM_COMMIT = 0x1000;

  34:          Int32 MEM_RESERVE = 0x2000;

  35:          Int32 MEM_RELEASE = 0x8000;

  36:          Int32 AllocBaseAddress;

  37:          IntPtr hwnd;

  38:          string dllname;

  39:          Int32 Pid;

  40:          Boolean ok;

  41:          Int32 loadaddr;

  42:          IntPtr ThreadHwnd;

  43:   

  44:   

  45:          public Form1()

  46:          {

  47:              InitializeComponent();

  48:          }

  49:   

  50:          private void button1_Click(object sender, EventArgs e)

  51:          {

  52:              try

  53:              {

  54:                  if (textBox1.Text == "" || textBox1.Text == null)

  55:                  {

  56:                      MessageBox.Show("Pid is null"); return;

  57:                  }

  58:                  if (textBox2.Text == "" || textBox2.Text == null)

  59:                  {

  60:                      MessageBox.Show("dll name is null"); return;

  61:                  }

  62:                  Pid = Int32.Parse(textBox1.Text);

  63:                  dllname = textBox2.Text;

  64:              }

  65:              catch(Exception error)

  66:              {

  67:                  MessageBox.Show(error.Message); return;

  68:              }

  69:              try

  70:              {

  71:                  pname = Process.GetProcessById(Pid);

  72:                  hwnd = pname.Handle;

  73:              }

  74:              catch(Exception error)

  75:              {   //   pid           ；

  76:                  MessageBox.Show (error.Message); return;

  77:              }

  78:              AllocBaseAddress= VirtualAllocEx(hwnd, 0, dllname.Length + 1, MEM_COMMIT+ MEM_RESERVE, PAGE_EXECUTE_READWRITE);

  79:              if (AllocBaseAddress == 0)

  80:              {

  81:                  MessageBox.Show("virtualallocex  fail"); return;

  82:              }

  83:              ok=WriteProcessMemory(hwnd, AllocBaseAddress, dllname, dllname.Length + 1,0);

  84:              if (!ok)

  85:              {

  86:                  MessageBox.Show("writeprocessmemory fail"); return;

  87:              }

  88:              loadaddr = GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");

  89:              if (loadaddr == 0)

  90:              {   //  LoadLibraryA        

  91:                  MessageBox.Show("get loadlibraryA fail"); return;

  92:              }

  93:              ThreadHwnd=CreateRemoteThread(hwnd, 0, 0, loadaddr, AllocBaseAddress,0, 0);

  94:              if (ThreadHwnd ==IntPtr.Zero)

  95:              {

  96:                  MessageBox.Show("createremotethread fail"); return;

  97:              }

  98:             

  99:              

 100:              WaitForSingleObject(ThreadHwnd, INFINITE);

 101:              MessageBox.Show("ok ,you can check now!!!");

 102:              VirtualFree(hwnd, 0, MEM_RELEASE);

 103:              //          ；

 104:              ProcessModuleCollection pmodule = pname.Modules;

 105:              foreach (ProcessModule processm in pmodule)

 106:              {

 107:                  listBox1.Items.Add(processm.FileName);

 108:              }

 109:              pname.Dispose();

 110:          }

 111:          //     

 112:   

 113:      }

 114:  }

.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }