您所在位置:主题:[讨论]请问下面代码注入DLL后怎么调用DLL里的函数
8970665
[专家分:30] 发布于 2009-12-16 20:35:00
搜了好多网页都只搜到只是注入DLL,却没说注入后怎么调用DLL里的函数的,delphi有却看不懂,望前辈帮忙[color=FF0000]请问下面代码注入DLL后怎么调用DLL里的函数里的内容比如是[/color]
dll(){MessageBox("123")};
//这是开始代码
HANDLE hToken;
TOKEN_PRIVILEGES tkp;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken);
LookupPrivilegeValue(NULL,SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid);
tkp.PrivilegeCount=1;
tkp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
//提升访问令牌权限
AdjustTokenPrivileges(hToken, false, &tkp, sizeof(tkp), 0, 0);
CloseHandle(hToken);
//上面是提升权限完毕
int cbSize=0,iProcessId=0;
HANDLE handle=NULL;
CString lpProcessId;
GetDlgItemText(IDC_EDIT1,lpProcessId);
iProcessId=atoi(lpProcessId);
char lpObjectProcess[260]={0};
SendDlgItemMessage(IDC_EDIT2,WM_GETTEXT,(WPARAM)260,(LPARAM)lpObjectProcess);
cbSize=(strlen(lpObjectProcess)+1);
handle=OpenProcess(PROCESS_ALL_ACCESS,0,iProcessId);
LPVOID lpRemoteDll=VirtualAllocEx(handle,NULL,cbSize,
MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(handle,lpRemoteDll,lpObjectProcess,cbSize,NULL);
HMODULE hmodule=GetModuleHandle("kernel32.dll");
LPTHREAD_START_ROUTINE routine=(LPTHREAD_START_ROUTINE)GetProcAddress(hmodule,"LoadLibraryA");
HANDLE hRemoteThread=::CreateRemoteThread(handle,0,0,routine,lpRemoteDll,0,NULL);
dll(){MessageBox("123")};
//这是开始代码
HANDLE hToken;
TOKEN_PRIVILEGES tkp;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken);
LookupPrivilegeValue(NULL,SE_SHUTDOWN_NAME,&tkp.Privileges[0].Luid);
tkp.PrivilegeCount=1;
tkp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
//提升访问令牌权限
AdjustTokenPrivileges(hToken, false, &tkp, sizeof(tkp), 0, 0);
CloseHandle(hToken);
//上面是提升权限完毕
int cbSize=0,iProcessId=0;
HANDLE handle=NULL;
CString lpProcessId;
GetDlgItemText(IDC_EDIT1,lpProcessId);
iProcessId=atoi(lpProcessId);
char lpObjectProcess[260]={0};
SendDlgItemMessage(IDC_EDIT2,WM_GETTEXT,(WPARAM)260,(LPARAM)lpObjectProcess);
cbSize=(strlen(lpObjectProcess)+1);
handle=OpenProcess(PROCESS_ALL_ACCESS,0,iProcessId);
LPVOID lpRemoteDll=VirtualAllocEx(handle,NULL,cbSize,
MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(handle,lpRemoteDll,lpObjectProcess,cbSize,NULL);
HMODULE hmodule=GetModuleHandle("kernel32.dll");
LPTHREAD_START_ROUTINE routine=(LPTHREAD_START_ROUTINE)GetProcAddress(hmodule,"LoadLibraryA");
HANDLE hRemoteThread=::CreateRemoteThread(handle,0,0,routine,lpRemoteDll,0,NULL);