加载shellcode到32位Windows程序远程进程中
2021/11/17 7:09:52
本文主要是介绍加载shellcode到32位Windows程序远程进程中,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
BOOL WINAPI LoadDll(HANDLE hProcess,LPVOID lpBuf,int cbBuf)
{
BOOL br = FALSE;
LPVOID m_lpData = VirtualAllocEx(hProcess, NULL,cbBuf,MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if (m_lpData==NULL)
{
goto cleanup0;
}
if(!WriteProcessMemory(hProcess,m_lpData,lpBuf,cbBuf,NULL))
{
goto cleanup0;
}
pmemloadparam param = new memloadparam;
param->data = m_lpData;
param->len = cbBuf;
param->userdata = 0;
param->fnLoadLibrary = (pfn_LoadLibraryA)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"LoadLibraryA");
param->fnGetProcAddress = (pfn_GetProcAddress)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"GetProcAddress");
param->fnFreeLibrary = (pfn_FreeLibrary)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"FreeLibrary");
param->fnSetLastError = (pfn_SetLastError)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"SetLastError");
param->fnVirtualAlloc = (pfn_VirtualAlloc)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"VirtualAlloc");
param->fnGetProcessHeap = (pfn_GetProcessHeap)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"GetProcessHeap");
param->fnHeapAlloc = (pfn_HeapAlloc)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"HeapAlloc");
param->fnVirtualFree = (pfn_VirtualFree)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"VirtualFree");
param->fnIsBadReadPtr = (pfn_IsBadReadPtr)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"IsBadReadPtr");
param->fnVirtualProtect = (pfn_VirtualProtect)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"VirtualProtect");
param->fnHeapFree = (pfn_HeapFree)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"HeapFree");
param->fnGetNativeSystemInfo = (pfn_GetNativeSystemInfo)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"GetNativeSystemInfo");
param->fnGetCurrentProcess = (pfn_GetCurrentProcess)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"GetCurrentProcess");
param->fnWriteProcessMemory = (pfn_WriteProcessMemory)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"WriteProcessMemory");
param->fnHeapReAlloc = (pfn_HeapReAlloc)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"HeapReAlloc");
param->fnWaitForSingleObject = (pfn_WaitForSingleObject)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"WaitForSingleObject");
param->fnOpenEventA = (pfn_OpenEventA)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"OpenEventA");
param->fnCloseHandle = (pfn_CloseHandle)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"CloseHandle");
param->fnCreateEventA = (pfn_CreateEventA)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"CreateEventA");
LPVOID m_lpParam = VirtualAllocEx(hProcess, NULL,sizeof(memloadparam),MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if (m_lpParam==NULL)
{
goto cleanup0;
}
if(!WriteProcessMemory(hProcess,m_lpParam,param,sizeof(memloadparam),NULL))
{
goto cleanup0;
}
LPVOID m_lpShell = VirtualAllocEx(hProcess, NULL,g_ThreadShellCode32_Len,MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if (m_lpShell==NULL)
{
goto cleanup0;
}
if(!WriteProcessMemory(hProcess,m_lpShell,g_ThreadShellCode32,g_ThreadShellCode32_Len,NULL))
{
goto cleanup0;
}
HANDLE hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)m_lpShell,m_lpParam,0,NULL);
WaitForSingleObject(hThread,INFINITE);
delete param;
br = TRUE;
cleanup0:
return br;
}
BOOL _LoadMemDll(LPVOID lpBuf,int cbBuf)
{
LoadDll(GetCurrentProcess(),lpBuf,cbBuf);
这篇关于加载shellcode到32位Windows程序远程进程中的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-07-09cosmos 开发是什么-icode9专业技术文章分享
- 2024-07-09Cosmos 示例-icode9专业技术文章分享
- 2024-07-09安装Cosmos SDK-icode9专业技术文章分享
- 2024-07-09ubuntu 安装 cosmos-icode9专业技术文章分享
- 2024-07-09cosmos 开发能做到跨链吗-icode9专业技术文章分享
- 2024-07-09app 未公示个人信息的收集范围 的解决办法-icode9专业技术文章分享
- 2024-07-08测试人员在 Scrum 中的角色是什么?
- 2024-07-07Dify + TiDB Vector,快速构建你的AI Agent
- 2024-07-06有没有什么开源的py项目可以对图像进行分类-icode9专业技术文章分享
- 2024-07-05feign默认connecttimeout和readtimeout是多少-icode9专业技术文章分享
