// Reference: www.reversecore.com
#include "stdio.h"
#include "windows.h"
#include "tlhelp32.h"
#define DEF_PROC_NAME ("notepad.exe")
#define DEF_DLL_PATH ("c:\\work\\myhack.dll")
DWORD FindProcessID(LPCTSTR szProcessName);
BOOL InjectDll(DWORD dwPID, LPCTSTR szDllName);
int main(int argc, char* argv[])
{
DWORD dwPID = 0xFFFFFFFF;
// find process
dwPID = FindProcessID(DEF_PROC_NAME);
if( dwPID == 0xFFFFFFFF )
{
printf("There is no <%s> process!\n", DEF_PROC_NAME);
return 1;
}
// inject dll
InjectDll(dwPID, DEF_DLL_PATH);
return 0;
}
DWORD FindProcessID(LPCTSTR szProcessName)
{
DWORD dwPID = 0xFFFFFFFF;
HANDLE hSnapShot = INVALID_HANDLE_VALUE;
PROCESSENTRY32 pe;
// Get the snapshot of the system
pe.dwSize = sizeof( PROCESSENTRY32 ); // 296d (128h)
hSnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPALL, NULL ); // ProcessID = 0
// find process
Process32First(hSnapShot, &pe);
do
{
if(!_stricmp(szProcessName, pe.szExeFile))
{
dwPID = pe.th32ProcessID;
break;
}
}
while(Process32Next(hSnapShot, &pe));
CloseHandle(hSnapShot);
return dwPID;
}
BOOL InjectDll(DWORD dwPID, LPCTSTR szDllName)
{
HANDLE hProcess, hThread;
LPVOID pRemoteBuf;
DWORD dwBufSize = lstrlen(szDllName) + 1;
LPTHREAD_START_ROUTINE pThreadProc;
if ( !(hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID)) )
return FALSE;
pRemoteBuf = VirtualAllocEx(hProcess, NULL, dwBufSize, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess, pRemoteBuf, (LPVOID)szDllName, dwBufSize, NULL);
pThreadProc = (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
hThread = CreateRemoteThread(hProcess, NULL, 0, pThreadProc, pRemoteBuf, 0, NULL);
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
CloseHandle(hProcess);
return TRUE;
}
'Window Programming' 카테고리의 다른 글
| Key Logger (0) | 2014.04.29 |
|---|---|
| 다시 보는 후킹 기법 (0) | 2012.02.06 |
| WIN 32 API 시작하기전에 간단히 알아두기 (0) | 2012.01.13 |