如何使用VB / C#在远程进程中注入托管dll,而无需使用任何C / C ++ bootstrap dll或任何用汇编编写的代码洞。
答案 0 :(得分:1)
导出函数作为本机代码
需要Dll导出经典机制:
以下是经典dll注射的程序:
Codecave方法:
使用此方法,您可以跳过C / C ++ Dll,但需要具备Assembly
的基本知识参考:Code with example [原始链接似乎已过期,因此谷歌缓存版本]
现代方式:
这种方法易于使用,不需要C / C ++或汇编知识,以下是程序
示例:强>
这是你的dll代码
Public Module Library
<DllExport>
Public Function Entry(Argument As String)
MessageBox.Show("Injected With Argument: " + Argument)
Return 0 'Success
End Function
End Module
下面是示例注入代码,它只是原型,TODO:实现本机函数并将它们用于下面使用的扩展方法
Public Module Program
Public Sub Inject(Proc As Process, dll As String)
Dim K32 = GetModuleHandle("kernel32")
Dim LLA_Proc = GetProcAddress(K32, "LoadLibraryA")
'TODO: extension method of process WriteMemory(Byte())
Dim lns = Proc.WriteMemory(Encoding.ASCII.GetBytes("C:\FAKE-PATH\Inject.dll"))
'TODO: extension method of process RemoteCallWait(IntPtr, Arg)
Dim z = Proc.RemoteCallWait(LLA_Proc, lns) 'Calls method and waits for exit and returns exit code
'Z should not be zero, otherwise injection is incomplete
Dim XPTR = GetPtr("C:\FAKE-PATH\Inject.dll", "Entry")
''TODO: extension method of process WriteMemory(Byte())
Dim Loc = Proc.WriteMemory(Encoding.Default.GetBytes("hello world"))
'TODO: extension method of process RemoteCallWait(IntPtr, Arg)
z = Proc.RemoteCallWait(XPTR, Loc)
'Z should be 0 now
End Sub
Private Function GetPtr(LibraryName As String, FuncName As String) As IntPtr
Return CULng(GetProcAddress(LoadLibrary(LibraryName), FuncName))
End Function
End Module