BOOL InjectDll(DWORD dwProcsId)
{
if(EnableDebugPriv(SE_DEBUG_NAME) == 0)
{
return FALSE;
}
//第一个值得结果要注意,否则获得的句柄值可能无效
HANDLE hProc = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, dwProcsId);
if(NULL == hProc)
return FALSE;
//get LoadLibraryA addr
THREAD_START_FUNC pFuncAddr = (THREAD_START_FUNC)GetProcAddress(GetModuleHandleA("kernel32"), "LoadLibraryA");
if(NULL == pFuncAddr)
return FALSE;
//alloc remote proce......
阅读全文