1:UsingSystem;
2:UsingSystem. Collections. Generic;
3:UsingSystem. componentmodel;
4:UsingSystem. Data;
5:UsingSystem. diagnostics;
6:UsingSystem. drawing;
7:UsingSystem. LINQ;
8:UsingSystem. runtime. interopservices;
9:UsingSystem. text;
10:UsingSystem. Windows. forms;
11:
12:NamespaceHooktest01
13:{
14:Public Partial ClassForm1: Form
15:{
16:[Dllimport ("Kernel32.dll")]
17:Public Static Extern IntVirtualallocex (intptr hwnd, int32 lpaddress,IntSize,IntType, int32 tect );
18:[Dllimport ("Kernel32.dll")]
19:Public Static ExternBoolean writeprocessmemory (intptr hwnd,IntBaseaddress,StringBuffer,IntNsize,IntFilewriten );
20:[Dllimport ("Kernel32.dll")]
21:Public Static Extern IntGetprocaddress (IntHwnd,StringLpname );
22:[Dllimport ("Kernel32.dll")]
23:Public Static Extern IntGetmodulehandlea (StringName );
24:[Dllimport ("Kernel32.dll")]
25:Public Static ExternIntptr createremotethread (intptr hwnd,IntAttrib,IntSize,IntAddress,IntPar,IntFlags,IntThreadid );
26:[Dllimport ("Kernel32.dll")]
27:Public Static ExternInt32 waitforsingleobject (intptr hhandle, uint32 dwmilliseconds );
28:[Dllimport ("Kernel32.dll")]
29:Public Static ExternBoolean virtualfree (intptr lpaddress, int32 dwsize, int32 dwfreetype );
30:Process pname;
31:Uint32 infinite = 0 xffffffff;
32:Int32 page_execute_readwrite = 0x40;
33:Int32 mem_commit = 0x1000;
34:Int32 mem_reserve = 0x2000;
35:Int32 mem_release = 0x8000;
36:Int32 allocbaseaddress;
37:Intptr hwnd;
38:StringDllname;
39:Int32 PID;
40:Boolean OK;
41:Int32 loadaddr;
42:Intptr threadhwnd;
43:
44:
45:PublicForm1 ()
46:{
47:Initializecomponent ();
48:}
49:
50:Private VoidButton#click (ObjectSender, eventargs E)
51:{
52:Try
53:{
54:If(Textbox1.text =""| Textbox1.text =Null)
55:{
56:MessageBox. Show ("PID is null");Return; 57:}
58:If(Textbox2.text =""| Textbox2.text =Null)
59:{
60:MessageBox. Show ("DLL name is null");Return;
61:}
62:PID = int32.parse (textbox1.text );
63:Dllname = textbox2.text;
64:}
65:Catch(Exception error)
66:{
67:MessageBox. Show (error. Message );Return;
68:}
69:Try
70:{
71:Pname = process. getprocessbyid (PID );
72:Hwnd = pname. Handle;
73:}
74:Catch(Exception error)
75:{// An exception occurs when the PID-marked process does not exist;
76:MessageBox. Show (error. Message );Return;
77:}
78:Allocbaseaddress = virtualallocex (hwnd, 0, dllname. Length + 1, mem_commit + mem_reserve, page_execute_readwrite );
79:If(Allocbaseaddress = 0)
80:{
81:MessageBox. Show ("Virtualallocex fail");Return; 82:}
83:OK = writeprocessmemory (hwnd, allocbaseaddress, dllname, dllname. Length + 1, 0 );
84:If(! OK)
85:{
86:MessageBox. Show ("Writeprocessmemory fail");Return;
87:}
88:Loadaddr = getprocaddress (getmodulehandlea ("Kernel32.dll"),"Loadlibrarya"); 89:If(Loadaddr = 0)
90:{// Returns if loadlibrarya fails to be obtained.
91:MessageBox. Show ("Get loadlibrarya fail");Return;
92:}
93:Threadhwnd = createremotethread (hwnd, 0, 0, loadaddr, allocbaseaddress, 0, 0 );
94:If(Threadhwnd = intptr. Zero)
95:{ 96:MessageBox. Show ("Createremotethread fail");Return;
97:}
98:
99:
100:Waitforsingleobject (threadhwnd, infinite );
101:MessageBox. Show ("OK, you can check now !!! ");
102:Virtualfree (hwnd, 0, mem_release );
103:// Start to enumerate the list of modules below;
104:Processmodulecollection pmodule = pname. modules;
105:Foreach(Processmodule processmInPmodule)
106:{
107:Listbox1.items. Add (processm. filename );
108:}
109:Pname. Dispose ();
110:}
111:// Process Handle
112:
113:}
114:}
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
