In fact, DLL injection is very simple. It is nothing more than calling APIs such as virtualallocex, writeprocessmemory, OpenProcess, and createremotethread. Because I learned C #, I also want to take a look at the article C, however, after searching for a long time on the Internet, I did not find an article. Maybe it was because of the rise of C #. I didn't know much about C #, so I had to transplant it myself, because all programming languages are the same when using API functions, this makes it easy for us to transplant them. To learn C #, the concept of API calling should be very weak, C # usually does not call API functions, because these are already encapsulated. to end a process in VB, Vc, and other languages, you must first obtain the handle of the process, then, you can perform operations such as shutting down processes. To get a handle, you need to use the OpenProcess API function. to end a process, you need to use the terminateprocess API function, however, in C #, you do not need to know these API functions to complete the same function. I. Learning VB is a good choice. Okay! Next, let's start our C # DLL injection journey!
First, you must add the following API functions:
[Dllimport (kernel32.dll)]
Public static extern int virtualallocex (intptr hwnd, int lpaddress, int size, int type, int tect );
[Dllimport (kernel32.dll)]
Public static extern int writeprocessmemory (intptr hwnd, int baseaddress, string buffer, int nsize, int filewriten );
[Dllimport (kernel32.dll)]
Public static extern int getprocaddress (INT hwnd, string lpname );
[Dllimport (kernel32.dll)]
Public static extern int getmodulehandlea (string name );
[Dllimport (kernel32.dll)]
Public static extern int createremotethread (intptr hwnd, int attrib, int size, int address, int par, int flags, int threadid );
C # it is complicated to declare an API. Because it is to call an unmanaged DLL, you need to use dllimport to call an unmanaged DLL. There are many other attributes that I will not talk about here, I have a good introduction on the Internet. You can check it. However, it is very convenient to call C # itself to become a dynamic link library. Simply add a reference and it will be OK. A reference used to call DLL is as follows: using system. runtime. interopservices; Do not forget to add this. below is all the compiled code:
Using system;
Using system. Collections. Generic;
Using system. componentmodel;
Using system. Data;
Using system. drawing;
Using system. text;
Using system. Windows. forms;
Using system. runtime. interopservices;
Using system. diagnostics;
Namespace dllinject
{
Public partial class form1: Form
{
[Dllimport (kernel32.dll)] // declare an API Function
Public static extern int virtualallocex (intptr hwnd, int lpaddress, int size, int type, int tect );
[Dllimport (kernel32.dll)]
Public static extern int writeprocessmemory (intptr hwnd, int baseaddress, string buffer, int nsize, int filewriten );
[Dllimport (kernel32.dll)]
Public static extern int getprocaddress (INT hwnd, string lpname );
[Dllimport (kernel32.dll)]
Public static extern int getmodulehandlea (string name );
[Dllimport (kernel32.dll)]
Public static extern int createremotethread (intptr hwnd, int attrib, int size, int address, int par, int flags, int threadid );
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
