通用 C# DLL 注入器injector(注入dll不限)
2024-09-03 16:06:58
为了方便那些不懂或者不想用C++的同志,我把C++的dll注入器源码转换成了C#的,这是一个很简单实用的注入器,用到了CreateRemoteThread,WriteProcessMemory ,VirtualAllocEx这几个Api
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using System.Text; namespace GijSoft.DllInjection
{
public enum DllInjectionResult
{
DllNotFound,
GameProcessNotFound,
InjectionFailed,
Success
} public sealed class DllInjector
{
static readonly IntPtr INTPTR_ZERO = (IntPtr); [DllImport("kernel32.dll", SetLastError = true)]
static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, uint dwProcessId); [DllImport("kernel32.dll", SetLastError = true)]
static extern int CloseHandle(IntPtr hObject); [DllImport("kernel32.dll", SetLastError = true)]
static extern IntPtr GetProcAddress(IntPtr hModule, string lpProcName); [DllImport("kernel32.dll", SetLastError = true)]
static extern IntPtr GetModuleHandle(string lpModuleName); [DllImport("kernel32.dll", SetLastError = true)]
static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, IntPtr dwSize, uint flAllocationType, uint flProtect); [DllImport("kernel32.dll", SetLastError = true)]
static extern int WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] buffer, uint size, int lpNumberOfBytesWritten); [DllImport("kernel32.dll", SetLastError = true)]
static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttribute, IntPtr dwStackSize, IntPtr lpStartAddress,
IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId); static DllInjector _instance; public static DllInjector GetInstance
{
get
{
if (_instance == null)
{
_instance = new DllInjector();
}
return _instance;
}
} DllInjector() { } public DllInjectionResult Inject(string sProcName, string sDllPath)
{
if (!File.Exists(sDllPath))
{
return DllInjectionResult.DllNotFound;
} uint _procId = ; Process[] _procs = Process.GetProcesses();
for (int i = ; i < _procs.Length; i++)
{
if (_procs[i].ProcessName == sProcName)
{
_procId = (uint)_procs[i].Id;
break;
}
} if (_procId == )
{
return DllInjectionResult.GameProcessNotFound;
} if (!bInject(_procId, sDllPath))
{
return DllInjectionResult.InjectionFailed;
} return DllInjectionResult.Success;
} bool bInject(uint pToBeInjected, string sDllPath)
{
IntPtr hndProc = OpenProcess((0x2 | 0x8 | 0x10 | 0x20 | 0x400), , pToBeInjected); if (hndProc == INTPTR_ZERO)
{
return false;
} IntPtr lpLLAddress = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA"); if (lpLLAddress == INTPTR_ZERO)
{
return false;
} IntPtr lpAddress = VirtualAllocEx(hndProc, (IntPtr)null, (IntPtr)sDllPath.Length, (0x1000 | 0x2000), 0X40); if (lpAddress == INTPTR_ZERO)
{
return false;
} byte[] bytes = Encoding.ASCII.GetBytes(sDllPath); if (WriteProcessMemory(hndProc, lpAddress, bytes, (uint)bytes.Length, ) == )
{
return false;
} if (CreateRemoteThread(hndProc, (IntPtr)null, INTPTR_ZERO, lpLLAddress, lpAddress, , (IntPtr)null) == INTPTR_ZERO)
{
return false;
} CloseHandle(hndProc); return true;
}
}
}
注意:使用时必须安装.netFramework
最新文章
- CSS常用浮出层的写法
- JSP页面中的精确到秒的时间控件
- SQL 查询两个字段相同表的不同记录
- 最新版STS因为JDK版本太低无法启动的解决办法
- System.IO.Directory.Delete目录删除
- MyBatis之多表关联查询
- JS 中 this上下文对象的使用方式
- Notes of the scrum meeting(12.7)
- [Everyday Mathematics]20150219
- python中List操作
- pod update或者pod install很慢
- 转:CRect类 的介绍
- python下异常处理
- 学习Jammendo代码的心路历程(一)简单的淡出效果实现
- 【每天一道算法题】时间复杂度为O(n)的排序
- zoj4027 线性dp!好题
- 将含有makefile文件的源码加入Eclipse工程
- PHP连接MySQL查询中文时显示Notice: Trying to get property of non-object
- CSS3 2D转换 动画
- nigx