注入进程的小工具(C#),低级注入,但至少不被杀
作者:admin 发布于:2010-6-21 20:06 Monday 分类:极品软件
最近在写远控,写到注入的时候不会写了,跑到网上到处找了找解决方案,侥幸找到了一个,就扒下来改了改,相比之下C#的注入要比C++的注入简单的多,方便的多,当然也低级的多,但是有一点,不被杀毒软件查杀,嘿嘿,现在杀软越来越讨厌了。。。
因为很多东东C#没有,都被封装了,有的也不知道扔哪了,所以其核心的东东还是要调用系统的API
[DllImport("kernel32.dll")]
public static extern int VirtualAllocEx(IntPtr hwnd, Int32 lpaddress, int size, int type, Int32 tect);
[DllImport("kernel32.dll")]
public static extern Boolean WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten );
[DllImport("kernel32.dll")]
public static extern int GetProcAddress(int hwnd, string lpname);
[DllImport("kernel32.dll")]
public static extern int GetModuleHandleA(string name);
[DllImport("kernel32.dll")]
public static extern IntPtr CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);
[DllImport("kernel32.dll")]
public static extern Int32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds);
[DllImport("kernel32.dll")]
public static extern Boolean VirtualFree(IntPtr lpAddress, Int32 dwSize,Int32 dwFreeType);
public static extern int VirtualAllocEx(IntPtr hwnd, Int32 lpaddress, int size, int type, Int32 tect);
[DllImport("kernel32.dll")]
public static extern Boolean WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten );
[DllImport("kernel32.dll")]
public static extern int GetProcAddress(int hwnd, string lpname);
[DllImport("kernel32.dll")]
public static extern int GetModuleHandleA(string name);
[DllImport("kernel32.dll")]
public static extern IntPtr CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);
[DllImport("kernel32.dll")]
public static extern Int32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds);
[DllImport("kernel32.dll")]
public static extern Boolean VirtualFree(IntPtr lpAddress, Int32 dwSize,Int32 dwFreeType);
如下图所示:
将360Common.dll 注入到有道桌面词典的进程中YouDaoDict.exe进程中
源码因为是放在很多项目中的,嫌麻烦懒得分离,过几天整理好了再发上来。。。
附件下载:
injectProcess.rar 6.9KB