#include <iostream>;
using namespace std;
#include <windows.h>;
#include <tlhelp32.h>;
#include <tchar.h>; BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam);
HWND GetMainWindow(); extern "C" BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
HWND hWnd;
HWND hParWnd, hButWnd;
int d, d1;
switch (fdwReason)
{
case DLL_PROCESS_ATTACH: hWnd = GetMainWindow();
if (hWnd)
hWnd = ::FindWindowEx(hWnd, , TEXT("EDIT"), NULL);
if (hWnd)
{
::MessageBox(hWnd, TEXT("开始注入"), TEXT("提示"), MB_OK);
for (int i = ; i < ; i++)
{
PostMessageW(hWnd, WM_CHAR, L'我', );
PostMessageW(hWnd, WM_CHAR, L'喜', );
PostMessageW(hWnd, WM_CHAR, L'欢', );
PostMessageW(hWnd, WM_CHAR, L'你', );
PostMessageW(hWnd, WM_KEYDOWN,VK_RETURN, );
}
}
else
{
::MessageBox(hWnd, TEXT("记事本不存在"), TEXT("提示"), MB_OK);
}
break;
case DLL_PROCESS_DETACH:
// detach from process
break; case DLL_THREAD_ATTACH:
// attach to thread
break; case DLL_THREAD_DETACH:
// detach from thread
break;
}
return TRUE; // succesful
} BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam)
{
DWORD dwCurProcessId = *((DWORD*)lParam);
DWORD dwProcessId = ; GetWindowThreadProcessId(hwnd, &dwProcessId);
if (dwProcessId == dwCurProcessId && GetParent(hwnd) == NULL)
{
*((HWND *)lParam) = hwnd;
return FALSE;
}
return TRUE;
} HWND GetMainWindow()
{
DWORD dwCurrentProcessId = GetCurrentProcessId();
if (!EnumWindows(EnumWindowsProc, (LPARAM)&dwCurrentProcessId))
{
return (HWND)dwCurrentProcessId;
}
return NULL;
}
Dll文件
#include <iostream>;
using namespace std;
#include <windows.h>;
#include <tlhelp32.h>;
#include <tchar.h>; HANDLE hThread = NULL;
//进程名称查找进程ID
DWORD ProcessFind(LPCTSTR Exename) //进程名称
{
HANDLE hProcess = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (!hProcess)
{
return FALSE;
}
PROCESSENTRY32 info;
info.dwSize = sizeof(PROCESSENTRY32);
if (!Process32First(hProcess, &info))
{
return FALSE;
}
while (TRUE)
{
/*for (int i = 0; i <= 25; i++) {
char c = info.szExeFile[i];
cout << c;
}*/
cout << endl;
if (_tcscmp(info.szExeFile, Exename) == )
{
return info.th32ProcessID;//返回进程的ID
}
if (!Process32Next(hProcess, &info))
{
return FALSE;
}
}
return FALSE; } int dll_inject() {
//Dll文件地址,改成你自己的地址
const TCHAR *pLocDll = TEXT("F:\\工作\\项目\\控制台\\injection\\injection\\x64\\Release\\injectionDll.dll"); HANDLE hThread = NULL; //记事本进程名称
DWORD ProcessID = ProcessFind(TEXT("notepad.exe"));
if (!ProcessID) {
cout << "查找不到当前程序" << endl;
}
else {
//获取进程ID
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, TRUE, ProcessID); //获取dll大小
SIZE_T PathSize = (_tcslen(TEXT("injectionDll.dll")) + ) * sizeof(TCHAR); //申请内存
LPVOID StartAddress = VirtualAllocEx(hProcess, NULL, PathSize, MEM_COMMIT, PAGE_READWRITE); //写入内存
bool bSuccess = WriteProcessMemory(hProcess, StartAddress, TEXT("injectionDll.dll"), PathSize, );
if (!bSuccess)
{
cout << "写入失败" << endl;
}
else {
//在寄主申请内存
LPVOID strRmt = VirtualAllocEx(hProcess, nullptr, MAX_PATH, MEM_COMMIT, PAGE_READWRITE);
//获得注入DLL大小
size_t lenLocDll = * _tcslen(pLocDll);
//判断寄主申请内存是否成功
if (strRmt) {
//把DLL写入寄主内存
BOOL ret = WriteProcessMemory(hProcess, strRmt, pLocDll, lenLocDll, nullptr);
//获得LoadLibraryW的函数地址以使用LoadLibrary函数
LPTHREAD_START_ROUTINE loadlib = LPTHREAD_START_ROUTINE(GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryW"));
//注入
hThread = CreateRemoteThread(hProcess, nullptr, , loadlib, LPVOID(strRmt), , nullptr);
} /*
HANDLE hThread = CreateRemoteThread(hProcess, 0, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "LoadLibrary"), StartAddress, 0, 0);*/ if (hThread == NULL)
{
cout << "在进程中注入失败:";
cout << GetLastError() << endl;
return -;
} WaitForSingleObject(hThread, INFINITE);
//到这里已经完成dll的加载即注入了,通过dll函数执行我们要完成的任务
//释放
VirtualFreeEx(hProcess, StartAddress,, MEM_RELEASE);
CloseHandle(hThread);
CloseHandle(hProcess);
}
}
}
int main()
{
dll_inject();
system("pause");
}
主程序
注入DLL之后释放失败了,每次注入过一次之后,第二次注入都要重启记事本才能重新注入,有没有大神告诉我怎么解决