Shulou(Shulou.com)06/01 Report--

DLL injection tools (remote threading technology and simple knowledge of MFC CListCtrl controls),

The DLL file has been written, the test program is very simple, and now it is time to solve the problem of injecting DLL into the target process,

Here we use the remote thread injection technology, the WIN32 console can already be used, and in order to learn from MFC, we have made a simple MFC framework to implement the injection,

The DLL injection tool looks something like this:

Enumerate all processes (not in real time but add a refresh button),

2 to inject DLL,

The screenshot of the tool is as follows:

The following combines the code record,

First run the tool to get all the current processes, use the CreateToolhelp32Snapshot function,

First initialize the style of the list box in the initialization function,

DWORD ListStyle

ListStyle=::GetWindowLong (masking List.masking hWndline GWLTYLE); / / get the window style

ListStyle | = LVS_REPORT | LVS_SHOWSELALWAYS | LVS_EDITLABELS

SetWindowLong (masked List.mendahhWndMagneGWLLSTYLE.ListStyle)

ListStyle=m_List.GetExtendedStyle (); / / CListCtrl m_List

ListStyle | = LVS_EX_FULLROWSELECT | LVS_EX_GRIDLINES; / / highlight mesh

M_List.SetExtendedStyle (ListStyle)

M_List.SetTextColor (RGB); / / Font color

M_List.SetTextBkColor (RGB (128. 252)); / / Font background color

Initialize the list box and start the acquisition process to populate the list, add the column name first,

CRect RectList

M_List.GetWindowRect (& RectList); / / the size of the List window is placed in RectList,

M_List.InsertColumn (0, "serial number", LVCFMT_CENTER,100); / / RectList.Width ()

M_List.InsertColumn (1, "process name", LVCFMT_LEFT,180)

M_List.InsertColumn (2, "process ID", LVCFMT_LEFT,RectList.Width ()-299)

SetWindowText ("Windows current all processes"); / / the name of the main window of the program,

Get the code of all processes,

Char itoc [5]

CString s

Int iTunes 0

HANDLE Hsnap = CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS, 0)

For (BOOL bNext = Process32First (Hsnap,&PE32); bNext; bNext = Process32Next (Hsnap,&PE32))

{

Sprintf (itoc, "% d", I); / / convert int to char []; serial numbers 1, 2, 3,

M_List.InsertItem (iQuery itoc); / / write itoc,

S.Format ("% s", PE32.szExeFile); / / convert char [] to Cstring process name,

M_List.SetItemText (iPol 1); / / write s,

Sprintf (itoc, "% d", PE32.th42ProcessID); / / convert DWORD to char []; process ID

M_List.SetItemText (iPol 2); / / write itoc,

ITunes +

}

CString total

Total.Format ("% d", m_List.GetItemCount ()); / / get the number of lines that represent the number of processes, formatted into total,

SetDlgItemText (IDC_Total2,total); / / assign Cstring type data to the text box, SetDlgItemText, that is, the box in the lower left corner of the interface,

CloseHandle (Hsnap); / / close the handle,

Now that all the processes have been obtained, the next step is to inject one of the selected processes,

First add a message to the list box, double-click,

In this message, we need to get the ID of the process in which the selected row is located, that is, the data in the second column of that row,

Void CMyDllInjectDlg::OnClickList (NMHDR* pNMHDR, LRESULT* pResult)

{

BMouseDown = true; / / this variable is used to determine whether the user is selected or not, and the operation cannot be performed if it is not selected. You can also use the function GetItemState to determine whether it is selected or not.

NM_LISTVIEW* pNMListView = (NM_LISTVIEW*) pNMHDR

/ / the NM_LISTVIEW structure has the following members (NMHDRhdr; int iItem; int iSubItem; UINT uNewState

/ / UINT uOldState; UINT uChanged; POINT ptAction; LPARAM lParam;)

/ / convert to NM_LISTVIEW* type, get the selected row number and column number (we don't need the column number here we must get the second column)

CString csID = m_List.GetItemText (pNMListView- > iItem,2); / / get the corresponding process ID of the selected row

IID = atoi (csID); / / CString to int converts ID to a global variable of type int,

ProcessName = m_List.GetItemText (pNMListView- > iItem,1); / / get the name of the process, used for the process not to end itself, (brewing for HOOK OpenProcess)

* pResult = 0; / / set the content of the position indicated by the pointer pResult to 0 automatically generated by the function in case the pointer is not initialized,

}

All right, now that the process ID has been obtained, we can implement the injection of this process.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.