using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace dllinject
{
public partial class Form1 : Form
{
[DllImport("kernel32.dll")] //声明API函数
public static extern int VirtualAllocEx(IntPtr hwnd, int lpaddress, int size, int type, int tect);
[DllImport("kernel32.dll")]
public static extern int WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten );
[DllImport("kernel32.dll")]
public static extern int GetProcAddress(int hwnd, string lpname);
[DllImport("kernel32.dll")]
public static extern int GetModuleHandleA(string name);
[DllImport("kernel32.dll")]
public static extern int CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);
public Form1()
{
InitializeComponent();
}
private void button1_Click(object sender, EventArgs e)
{
int ok1;
//int ok2;
//int hwnd;
int baseaddress;
int temp=0;
int hack;
int yan;
string dllname;
dllname = "c://dll.dll";
int dlllength;
dlllength = dllname.Length + 1;
Process[] pname = Process.GetProcesses(); //取得所有进程
foreach (Process name in pname) //遍历进程
{
//MessageBox.Show(name.ProcessName.ToLower());
if (name.ProcessName.ToLower().IndexOf("notepad") != -1) //所示记事本,那么下面开始注入
{
baseaddress = VirtualAllocEx(name.Handle, 0, dlllength , 4096, 4); //申请内存空间
if (baseaddress == 0) //返回0则操作失败,下面都是
{
MessageBox.Show("申请内存空间失败!!");
Application.Exit();
}
ok1 = WriteProcessMemory(name.Handle, baseaddress, dllname, dlllength, temp); //写内存
if (ok1 == 0)
{
MessageBox.Show("写内存失败!!");
Application.Exit();
}
hack = GetProcAddress(GetModuleHandleA("Kernel32"), "LoadLibraryA"); //取得loadlibarary在kernek32.dll地址
if (hack == 0)
{
MessageBox.Show("无法取得函数的入口点!!");
Application.Exit();
}
yan = CreateRemoteThread(name.Handle, 0, 0, hack, baseaddress, 0, temp); //创建远程线程。
if (yan == 0)
{
MessageBox.Show("创建远程线程失败!!");
Application.Exit();
}
else
{
MessageBox.Show("已成功注入dll!!");
}
}
}
}
}
}
C#进程注入,模拟注入一个记事本
C#中的DLL注入事实上dll注入很简单,无非就是调用virtualAllocEx,WriteProcessMemory,OpenProcess,CreateRemoteThread等API函数,因为我是学c#的,所以也想看一下c#这方面的文章,但在网上找了半天,没有找到一篇,也许是c#刚兴起的缘故,学c#的并不多,没办法,只好自己移植一下,因为凡是用到API函数,所有的编程的语言都是相同的,这就为我们的移植带来了方便,学c#的一般应该对API的调用概念很淡,因为c#通常不会去调用API函数,因为这些已经被封装了,在vb,vc++等语言中要结束一个进程,首先就必须要得到这个进程的句柄,然后才能进行相应的关闭进程等操作,得到句柄要用到OpenProcess API函数,结束进程要用到TerminateProcess API函数,但是在c#中你根本不需要知道这些API函数就能完成同样的功能,所以你要是想了解一下API的相关知识,学一点vb是一个很好的选择。好了!下面就开始我们的c# dll注入之旅吧!首先需要加入以下API函数:[DllImport("kernel32.dll")]public static extern int VirtualAllocEx(IntPtr hwnd, int lpaddress, int size, int type, int tect);[DllImport("kernel32.dll")]public static extern int WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten );[DllImport("kernel32.dll")]public static extern int GetProcAddress(int hwnd, string lpname);[DllImport("kernel32.dll")]public static extern int GetModuleHandleA(string name);[DllImport("kernel32.dll")]public static extern int CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);C#声明API比较复杂,因为是调用非托管的dll,所以要用到DllImport来调用非托管的dll,他还有很多属性在这就不多说了,网上有很介绍,可以去查一下,不过c#调用自身的变得动态链接库是倒是很方便,直接加个引用就ok了,调用dll要用的一个引用:using System.Runtime.InteropServices;这个不要忘了加上,下面是编好的所有代码:using System;using System.Collections.Generic;using System.ComponentModel;using System.Data;using System.Drawing;using System.Text;using System.Windows.Forms;using System.Runtime.InteropServices;using System.Diagnostics;namespace dllinject{public partial class Form1 : Form{[DllImport("kernel32.dll")] //声明API函数public static extern int VirtualAllocEx(IntPtr hwnd, int lpaddress, int size, int type, int tect);[DllImport("kernel32.dll")]public static extern int WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten );[DllImport("kernel32.dll")]public static extern int GetProcAddress(int hwnd, string lpname);[DllImport("kernel32.dll")]public static extern int GetModuleHandleA(string name);[DllImport("kernel32.dll")]public static extern int CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);public Form1(){InitializeComponent();}private void button1_Click(object sender, EventArgs e){int ok1;//int ok2;//int hwnd;int baseaddress;int temp=0;int hack;int yan;string dllname;dllname = "c://dll.dll";int dlllength;dlllength = dllname.Length + 1;Process[] pname = Process.GetProcesses(); //取得所有进程foreach (Process name in pname) //遍历进程{//MessageBox.Show(name.ProcessName.ToLower());if (name.ProcessName.ToLower().IndexOf("notepad") != -1) //所示记事本,那么下面开始注入{baseaddress = VirtualAllocEx(name.Handle, 0, dlllength , 4096, 4); //申请内存空间if (baseaddress == 0) //返回0则操作失败,下面都是{MessageBox.Show("申请内存空间失败!!");Application.Exit();}ok1 = WriteProcessMemory(name.Handle, baseaddress, dllname, dlllength, temp); //写内存if (ok1 == 0){MessageBox.Show("写内存失败!!");Application.Exit();}hack = GetProcAddress(GetModuleHandleA("Kernel32"), "LoadLibraryA"); //取得loadlibarary在kernek32.dll地址if (hack == 0){MessageBox.Show("无法取得函数的入口点!!");Application.Exit();}yan = CreateRemoteThread(name.Handle, 0, 0, hack, baseaddress, 0, temp); //创建远程线程。if (yan == 0){MessageBox.Show("创建远程线程失败!!");Application.Exit();}else{MessageBox.Show("已成功注入dll!!");}}}}}
C#中的DLL注入事实上dll注入很简单,无非就是调用virtualAllocEx,WriteProcessMemory,OpenProcess,CreateRemoteThread等API函数,因为我是学c#的,所以也想看一下c#这方面的文章,但在网上找了半天,没有找到一篇,也许是c#刚兴起的缘故,学c#的并不多,没办法,只好自己移植一下,因为凡是用到API函数,所有的编程的语言都是相同的,这就为我们的移植带来了方便,学c#的一般应该对API的调用概念很淡,因为c#通常不会去调用API函数,因为这些已经被封装了,在vb,vc++等语言中要结束一个进程,首先就必须要得到这个进程的句柄,然后才能进行相应的关闭进程等操作,得到句柄要用到OpenProcess API函数,结束进程要用到TerminateProcess API函数,但是在c#中你根本不需要知道这些API函数就能完成同样的功能,所以你要是想了解一下API的相关知识,学一点vb是一个很好的选择。好了!下面就开始我们的c# dll注入之旅吧!首先需要加入以下API函数: [DllImport("kernel32.dll")] public static extern int VirtualAllocEx(IntPtr hwnd, int lpaddress, int size, int type, int tect); [DllImport("kernel32.dll")] public static extern int WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten ); [DllImport("kernel32.dll")] public static extern int GetProcAddress(int hwnd, string lpname); [DllImport("kernel32.dll")] public static extern int GetModuleHandleA(string name); [DllImport("kernel32.dll")] public static extern int CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);
C#声明API比较复杂,因为是调用非托管的dll,所以要用到DllImport来调用非托管的dll,他还有很多属性在这就不多说了,网上有很介绍,可以去查一下,不过c#调用自身的变得动态链接库是倒是很方便,直接加个引用就ok了,调用dll要用的一个引用:using System.Runtime.InteropServices;这个不要忘了加上,下面是编好的所有代码: using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Text; using System.Windows.Forms; using System.Runtime.InteropServices; using System.Diagnostics; namespace dllinject { public partial class Form1 : Form { [DllImport("kernel32.dll")] //声明API函数 public static extern int VirtualAllocEx(IntPtr hwnd, int lpaddress, int size, int type, int tect); [DllImport("kernel32.dll")] public static extern int WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten ); [DllImport("kernel32.dll")] public static extern int GetProcAddress(int hwnd, string lpname); [DllImport("kernel32.dll")] public static extern int GetModuleHandleA(string name); [DllImport("kernel32.dll")] public static extern int CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid); public Form1() { InitializeComponent(); } private void button1_Click(object sender, EventArgs e) { int ok1; //int ok2; //int hwnd; int baseaddress; int temp=0; int hack; int yan; string dllname; dllname = "c://dll.dll"; int dlllength; dlllength = dllname.Length + 1; Process[] pname = Process.GetProcesses(); //取得所有进程 foreach (Process name in pname) //遍历进程 { //MessageBox.Show(name.ProcessName.ToLower()); if (name.ProcessName.ToLower().IndexOf("notepad") != -1) //所示记事本,那么下面开始注入 { baseaddress = VirtualAllocEx(name.Handle, 0, dlllength , 4096, 4); //申请内存空间 if (baseaddress == 0) //返回0则操作失败,下面都是 { MessageBox.Show("申请内存空间失败!!"); Application.Exit(); } ok1 = WriteProcessMemory(name.Handle, baseaddress, dllname, dlllength, temp); //写内存 if (ok1 == 0) { MessageBox.Show("写内存失败!!"); Application.Exit(); } hack = GetProcAddress(GetModuleHandleA("Kernel32"), "LoadLibraryA"); //取得loadlibarary在kernek32.dll地址 if (hack == 0) { MessageBox.Show("无法取得函数的入口点!!"); Application.Exit(); } yan = CreateRemoteThread(name.Handle, 0, 0, hack, baseaddress, 0, temp); //创建远程线程。 if (yan == 0) { MessageBox.Show("创建远程线程失败!!"); Application.Exit(); } else { MessageBox.Show("已成功注入dll!!"); } } } } }
