2024-01-20 11:31:41 +08:00
|
|
|
|
#include <iostream>
|
2024-04-02 15:36:52 +08:00
|
|
|
|
#include <Windows.h>
|
|
|
|
|
int dllinjectwmain(int argc, wchar_t *argv[])
|
2024-01-08 23:37:00 +08:00
|
|
|
|
{
|
|
|
|
|
|
2024-04-02 15:36:52 +08:00
|
|
|
|
for (int i = 1; i < argc - 1; i += 1)
|
|
|
|
|
{
|
|
|
|
|
auto PROCESS_INJECT_ACCESS = (PROCESS_CREATE_THREAD |
|
|
|
|
|
PROCESS_QUERY_INFORMATION |
|
|
|
|
|
PROCESS_VM_OPERATION |
|
|
|
|
|
PROCESS_VM_WRITE |
|
|
|
|
|
PROCESS_VM_READ);
|
2024-01-08 23:37:00 +08:00
|
|
|
|
auto pid = _wtoi(argv[i]);
|
|
|
|
|
auto hProcess = OpenProcess(PROCESS_INJECT_ACCESS, 0, pid);
|
2024-04-02 15:36:52 +08:00
|
|
|
|
if (hProcess == 0)
|
|
|
|
|
return 0;
|
|
|
|
|
auto size = (wcslen(argv[argc - 1]) + 1) * sizeof(wchar_t);
|
2024-01-08 23:37:00 +08:00
|
|
|
|
auto remoteData = VirtualAllocEx(hProcess,
|
2024-04-02 15:36:52 +08:00
|
|
|
|
nullptr,
|
|
|
|
|
size,
|
|
|
|
|
MEM_RESERVE | MEM_COMMIT,
|
|
|
|
|
PAGE_READWRITE);
|
|
|
|
|
if (remoteData == 0)
|
|
|
|
|
return 0;
|
|
|
|
|
WriteProcessMemory(hProcess, remoteData, argv[argc - 1], size, 0);
|
2024-01-08 23:37:00 +08:00
|
|
|
|
auto hThread = CreateRemoteThread(hProcess, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibraryW, remoteData, 0, 0);
|
2024-04-02 15:36:52 +08:00
|
|
|
|
// if (hThread == 0) return 0;很奇怪,为0但是成功
|
2024-01-08 23:37:00 +08:00
|
|
|
|
WaitForSingleObject(hThread, 10000);
|
|
|
|
|
CloseHandle(hThread);
|
|
|
|
|
VirtualFreeEx(hProcess, remoteData, size, MEM_RELEASE);
|
|
|
|
|
CloseHandle(hProcess);
|
2024-04-02 15:36:52 +08:00
|
|
|
|
}
|
2024-01-08 23:37:00 +08:00
|
|
|
|
return 1;
|
|
|
|
|
}
|