C语言实战--DLL注入器

VS2017运行通过
版权由本人编写，禁止魔改用于商业用途

#include 
#include 
#include 
#include 
#include 

#include 
#include 


HANDLE GetProcessHandle()
{
	
	HANDLE Snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	if (Snap == INVALID_HANDLE_VALUE) return Snap;

	
	PROCESSENTRY32 ProcessInfo{ 0 };
	ProcessInfo.dwSize = sizeof(ProcessInfo);

	
	if (Process32First(Snap, &ProcessInfo))
	{
		do
		{
			if (strcmp("csgo.exe", ProcessInfo.szExeFile) == 0)//进程文件名称，自行修改
			{
				CloseHandle(Snap);
				return OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessInfo.th32ProcessID);
			}
		} while (Process32Next(Snap, &ProcessInfo));
	}

	CloseHandle(Snap);
	return INVALID_HANDLE_VALUE;
}

int main(int argc, char* argv[])
{
	HANDLE Handle = INVALID_HANDLE_VALUE;
	LPVOID DllMemory = nullptr;
	HANDLE Thread = NULL;

	do
	{
		
		std::cout << "输入DLL全路径 : ";
		std::string dll;
		getline(std::cin, dll);
		if (std::filesystem::exists(dll) == false)
		{
			std::cout << "[-] DLL文件不存在" << std::endl;
			break;
		}

		
		Handle = GetProcessHandle();
		if (Handle == INVALID_HANDLE_VALUE)
		{
			std::cout << "[-] 获取游戏进程句柄失败" << std::endl;
			break;
		}

		
		LPVOID pNtOpenFile = GetProcAddress(LoadLibraryA("ntdll"), "NtOpenFile");
		if (pNtOpenFile == nullptr)
		{
			std::cout << "[-] 获取NtOpenFile函数地址失败" << std::endl;
			break;
		}

		
		char OriginalBytes[5]{ 0 };
		memcpy(OriginalBytes, pNtOpenFile, 5);

		
		SIZE_T Bytes = 0;
		WriteProcessMemory(Handle, pNtOpenFile, OriginalBytes, 5, &Bytes);
		if (Bytes == 0)
		{
			std::cout << "[-] 无法写入内存解除inline hook" << std::endl;
			break;
		}

		
		DllMemory = VirtualAllocEx(Handle, nullptr, dll.size(), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
		if (DllMemory == nullptr)
		{
			std::cout << "[-] 无法在CSGO游戏内申请内存" << std::endl;
			break;
		}

		
		WriteProcessMemory(Handle, DllMemory, dll.c_str(), dll.size(), &Bytes);
		if (Bytes == 0)
		{
			std::cout << "[-] 无法写入DLL路径" << std::endl;
			break;
		}

		
		Thread = CreateRemoteThread(Handle, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, DllMemory, 0, 0);
		if (Thread == NULL)
		{
			std::cout << "[-] 无法创建远程线程" << std::endl;
			break;
		}

		
		WaitForSingleObject(Thread, INFINITE);

		
		std::cout << "[+] 注入成功" << std::endl;
	} while (false);

	
	if (Handle != INVALID_HANDLE_VALUE) CloseHandle(Handle);
	if (DllMemory) VirtualFree(DllMemory, 0, MEM_RELEASE);
	if (Thread != NULL) CloseHandle(Thread);

	system("pause");
	return 0;
}