加载映像EXE/DLL到远程进程执行(注入) - vfdff的博客

作者在 2013-01-29 23:44:20 发布以下内容

LdrSup允许您从文件/内存中加载映像到本地或者远程进程执行(注入), 比如把寄生虫.exe 注入到宿主.exe 中运行.

代码演示如何把自己(EXE)注入到QQ.exe中运行.

http://rlib.googlecode.com/svn/Examples/Loader/

标签： RLib

代码片段(1)

[代码] [C/C++]代码

						
										01
									
										boolRun(HANDLE*phandle,HANDLE*pdest_process_handle,void**ppimage)
									
										02
									
										{
									
										03
									
										    String StartupPath = String(AppBase::GetStartupPath());
									
										04
									
										    String::FastStringCopy(BaseDllDir, StartupPath, StartupPath.Length);
									
										05
									
										06
									
										    *pdest_process_handle = *ppimage = NULL;
									
										07
									
										08
									
										    if(copy_to_process(open_process_by_name(L"QQ.exe"), pdest_process_handle, ppimage))
									
										09
									
										    {
									
										10
									
										        Threading::Thread *thread=newThreading::Thread(LdrSup::RunImage(*pdest_process_handle, *ppimage, threadproc, *ppimage,true), 0, FALSE);
									
										11
									
										        if(thread== NULL)
									
										12
									
										        {
									
										13
									
										            *phandle = NULL;
									
										14
									
										        } 
									
										15
									
										        else
									
										16
									
										        {
									
										17
									
										            *phandle =thread;
									
										18
									
										            thread->Resume();
									
										19
									
										            deletethread;
									
										20
									
										        }
									
										21
									
										        LdrSup::CloseNativeHandle(*pdest_process_handle);
									
										22
									
										    }
									
										23
									
										    returnNULL;
									
										24
									
										}