注入代码
#region 工具
public class Util
{#region 函数public static int GetProcessId(string name){var ps = Process.GetProcesses();foreach (var p in ps){if(p.ProcessName.Equals(name, StringComparison.OrdinalIgnoreCase)){return p.Id;}}return 0;}public static bool HasMoudle(string name, int pid){var ps = Process.GetProcesses();foreach (var p in ps){if(p.Id != pid){continue;}foreach (ProcessModule module in p.Modules){if(module.FileName.Equals(name, StringComparison.OrdinalIgnoreCase)){return true;}}}return false;}public static bool InjectDll(string dll_path, int pid){bool bRet = false;IntPtr hProcess = IntPtr.Zero;IntPtr hRemoteThread = IntPtr.Zero;try{dll_path = Path.GetFullPath(dll_path);if (!File.Exists(dll_path) || pid <= 0){return false;}if(HasMoudle(dll_path, pid)){return true;}hProcess = Win32.OpenProcess(Win32.ProcessAccessFlags.PROCESS_ALL_ACCESS, false, pid);if (hProcess == IntPtr.Zero){return false;}IntPtr pRemotePath = Win32.VirtualAllocEx(hProcess, IntPtr.Zero, ((dll_path.Length + 1) * Marshal.SizeOf(typeof(char))), (int)Win32.MemoryAccessFlags.MEM_COMMIT, (int)Win32.MemoryAccessFlags.PAGE_READWRITE);if (pRemotePath == IntPtr.Zero){return false;}var dllBytes = Encoding.Default.GetBytes(dll_path);if (!Win32.WriteProcessMemory(hProcess, pRemotePath, dllBytes, dllBytes.Length, out int bytesWritten)){return false;}IntPtr loadLibraryAddr = Win32.GetProcAddress(Win32.GetModuleHandle("kernel32.dll"), "LoadLibraryA");if (loadLibraryAddr == IntPtr.Zero){return false;}hRemoteThread = Win32.CreateRemoteThread(hProcess, IntPtr.Zero, 0, loadLibraryAddr, pRemotePath, 0, IntPtr.Zero);if (hRemoteThread == IntPtr.Zero){return false;}Win32.WaitForSingleObject(hRemoteThread, Win32.INFINITE);bRet = true;}catch{}finally{Win32.CloseHandle(hRemoteThread);Win32.CloseHandle(hProcess);}return bRet;}#endregion
}
#endregion#region WIN32
public class Win32
{#region 对象定义public const uint INFINITE = 0xFFFFFFFF;[Flags]public enum MemoryAccessFlags : uint{MEM_COMMIT = 0x00001000,MEM_RESERVE = 0x00002000,PAGE_READWRITE = 4}[Flags]public enum ProcessAccessFlags : uint{PROCESS_CREATE_THREAD = 0x0002,PROCESS_QUERY_INFORMATION = 0x0400,PROCESS_VM_OPERATION = 0x0008,PROCESS_VM_WRITE = 0x0020,PROCESS_VM_READ = 0x0010,PROCESS_ALL_ACCESS = 0x001F0FFF,}#endregion#region 函数[DllImport("Advapi32.dll")]public static extern bool OpenProcessToken(IntPtr hHandle, UInt32 nDesiredAccess, ref IntPtr TokenHandle);[DllImport("kernel32.dll", SetLastError = true)]public static extern UInt32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds);[DllImport("kernel32.dll")]public static extern IntPtr GetProcAddress(IntPtr hModule, string lpProcName);[DllImport("kernel32.dll")]public static extern IntPtr GetModuleHandle(string lpModuleName);[DllImport("kernel32.dll", SetLastError = true)]public static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, int dwSize, int flAllocationType, int flProtect);[System.Runtime.InteropServices.DllImport("kernel32.dll", SetLastError = true)]public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);[DllImport("kernel32.dll")]public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, int dwProcessId);[DllImport("kernel32.dll")]public static extern bool CloseHandle(IntPtr hObject);[DllImport("kernel32.dll")]public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, int nSize, out int lpNumberOfBytesWritten);[DllImport("kernel32.dll", SetLastError = true)]public static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);#endregion
}
#endregion
