1 0 1

利用汇编注入代码到其他进程

admin
1079 1

本文共计2414个字,预计阅读时长9分钟。

代码实现: inject.inc

include windows.inc
include kernel32.inc
include user32.inc
include Comctl32.inc
include shell32.inc

includelib kernel32.lib includelib user32.lib includelib Comctl32.lib includelib shell32.lib

DlgProcPROTO:HWND,:UINT,:WPARAM,:LPARAM

.const

IDD_DIALOG1equ 101 IDC_BTNINJECTION equ 1001 msg_title db"无标题 - 记事本",0 msg_USER32db"user32.dll",0 msg_MESSAGEBOXdb"MessageBoxA",0 MSG_NOFUNDdb"没有找到进程",0 MSG_ERRORdb"错误",0 MSG_OPENERRORDB"打开进程出错",0 MSG_WRITEERRORDB"写入代码出错", ;#########################################################################

.data?

hInstancedd ? ;#########################################################################

inject.asm

.386
.model flat, stdcall  ;32 bit memory model
option casemap :none  ;case sensitive

include Injection.inc

.code INJECTION_START: push MB_OK push 0 push 0 push 0 labMessagebox: mov eax,12345678h call eax retn 4 INJECTION_END: .code

Inject proc LOCAL @hwnd:HWND LOCAL @pid:dword LOCAL @hPorcess:HANDLE LOCAL @bCode:PVOID LOCAL @hMod:HMODULE LOCAL @old:dword

;1、找到目标进程
invoke FindWindow,NULL,offset msg_title
;check eax!=NULL
.if eax == NULL
invoke MessageBox,NULL,offset MSG_NOFUND,offset MSG_ERROR,MB_OK
ret
.endif
mov @hwnd,eax
;2、打开进程
invoke GetWindowThreadProcessId,@hwnd,addr @pid
;check
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,@pid
mov @hPorcess,eax

;3、重定位api地址
invoke VirtualProtect,offset INJECTION_START,INJECTION_END-INJECTION_START,PAGE_EXECUTE_READWRITE,addr @old
invoke LoadLibrary,offset msg_USER32
mov @hMod,eax 
invoke GetProcAddress,@hMod,offset msg_MESSAGEBOX
mov dword ptr [labMessagebox+1],eax

;4、申请内存,写入数据
invoke VirtualAllocEx,@hPorcess,NULL,1000H,MEM_COMMIT,PAGE_EXECUTE_READWRITE
mov @bCode,eax
invoke WriteProcessMemory,@hPorcess,@bCode,INJECTION_START,INJECTION_END-INJECTION_START,NULL

;5、通过远程线程运行代码
invoke CreateRemoteThread,@hPorcess,NULL,0,@bCode,NULL,0,NULL
ret

Inject endp

start:

invoke GetModuleHandle,NULL movhInstance,eax

invoke InitCommonControls

invoke DialogBoxParam,hInstance,IDD_DIALOG1,NULL,addr DlgProc,NULL invoke ExitProcess,0

;########################################################################

DlgProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM

moveax,uMsg .if eax==WM_INITDIALOG

.elseif eax==WM_COMMAND .if wParam == IDC_BTNINJECTION invoke Inject .endif .elseif eax==WM_CLOSE invoke EndDialog,hWin,0 .else moveax,FALSE ret .endif moveax,TRUE ret

DlgProc endp

end start

最后于 9月前 被admin编辑 ,原因:

最新回复 ( 1 )
全部楼主