|
|
悬赏1金钱未解决
$pid0 = ProcessExists("qq.exe")
$DllPath0 = @ScriptDir & "\test.dll"
If InDll() Then
MsgBox(64,"d","成功")
Else
MsgBox(16,"d","失败")
endif
Func InDll($pid = $pid0,$DllPath = $DllPath0)
Local $hp
Local $DllLen
Local $addr
Local $ret
Local $n
If FileExists($DllPath)=0 Then Return
$r = DllCall("KERNEL32.DLL", "long", "OpenProcess", "long", 2035711,"long", 0, "long", $pid)
$hp=$r[0]
If $r[0]=0 Then Return
$DllLen=ChrLenFixed($DllPath)+1
$r = DllCall("KERNEL32.DLL", "long", "VirtualAllocEx", "long", $hp,"ptr", 0, "long", $DllLen,"long",4096,"long",4)
$addr=$r[0]
$r= DllCall("KERNEL32.DLL", "long", "WriteProcessMemory", "handle", $hp,"ptr",$addr,"str",$DllPath,"ulong_ptr",$DllLen,"ulong_ptr*",0)
If $r[0] Then
$r=DllCall("KERNEL32.DLL", "long", "GetModuleHandle", "str","KERNEL32.DLL")
$ret=$r[0]
$r=DllCall("KERNEL32.DLL", "long", "GetProcAddress","LONG",$ret,"str","LoadLibraryA")
$EntryPoint=$r[0]
$r=DllCall("KERNEL32.DLL", "long", "CreateRemoteThread", "LONG",$hp,"long*",0,"long",0,"long",$EntryPoint,"long",$addr,"long",0,"ptr",0)
$ret=$r[0]
If $ret Then
$n=1
$r=DllCall("KERNEL32.DLL", "long", "WaitForSingleObject","LONG",$ret,"long",4294967295)
$r=DllCall("KERNEL32.DLL", "long", "GetExitCodeThread","LONG",$ret,"long*",0)
EndIf
EndIf
If $addr Then $r=DllCall("KERNEL32.DLL", "long", "VirtualFreeEx", "LONG",$hp,"ptr",$addr,"long",0,"long",32768)
If $ret Then $r=DllCall("KERNEL32.DLL", "handle", "CloseHandle","LONG",$ret)
If $hp Then $r=DllCall("KERNEL32.DLL", "long", "CloseHandle","LONG",$hp)
Return $n
EndFunc
Func ChrLenFixed($c)
Dim $ChrL = 0, $AscNum
For $i = 1 To StringLen($c)
$AscNum = AscW(StringMid($c, $i, 1))
If $AscNum < 0 Then $AscNum = $AscNum + 65536
If $AscNum > 255 Then
$ChrL = $ChrL + 2
Else
$ChrL = $ChrL + 1
EndIf
Next
Return $ChrL
EndFunc
这个代码在WIN7 64位系统中,不能注入成功。64位的系统中,也是将32位的DLL,注入到32位的进程中。有朋友可以修改的可以加QQ:863686908 |
|
|手机版|小黑屋|AUTOIT CN
( 鲁ICP备19019924号-1 )谷歌
百度
发表于 2014-2-8 16:12:59