[英]Managed Dll Injection without C/C++ or Assembly
如何在不使用任何C / C ++引導dll或任何用匯編語言編寫的代碼洞穴的情況下,使用VB / C#在遠程進程中注入托管dll。
Dll導出是將功能導出為本機代碼所必需的
經典機制:
以下是經典dll注入的過程:
參考: 代碼項目文章
Codecave方法:
使用這種方法,您可以跳過C / C ++ Dll,但需要匯編的基本知識
參考: 帶有示例的代碼 [原始鏈接似乎已過期,因此Google緩存版本]
現代方式:
此方法非常易於使用,並且不需要C / C ++或Assembly的知識,以下為過程
例:
這是您的dll代碼
Public Module Library
<DllExport>
Public Function Entry(Argument As String)
MessageBox.Show("Injected With Argument: " + Argument)
Return 0 'Success
End Function
End Module
這是示例注入代碼,它只是原型,TODO:實現本機函數並將其用於下面使用的擴展方法
Public Module Program
Public Sub Inject(Proc As Process, dll As String)
Dim K32 = GetModuleHandle("kernel32")
Dim LLA_Proc = GetProcAddress(K32, "LoadLibraryA")
'TODO: extension method of process WriteMemory(Byte())
Dim lns = Proc.WriteMemory(Encoding.ASCII.GetBytes("C:\FAKE-PATH\Inject.dll"))
'TODO: extension method of process RemoteCallWait(IntPtr, Arg)
Dim z = Proc.RemoteCallWait(LLA_Proc, lns) 'Calls method and waits for exit and returns exit code
'Z should not be zero, otherwise injection is incomplete
Dim XPTR = GetPtr("C:\FAKE-PATH\Inject.dll", "Entry")
''TODO: extension method of process WriteMemory(Byte())
Dim Loc = Proc.WriteMemory(Encoding.Default.GetBytes("hello world"))
'TODO: extension method of process RemoteCallWait(IntPtr, Arg)
z = Proc.RemoteCallWait(XPTR, Loc)
'Z should be 0 now
End Sub
Private Function GetPtr(LibraryName As String, FuncName As String) As IntPtr
Return CULng(GetProcAddress(LoadLibrary(LibraryName), FuncName))
End Function
End Module
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.