[C] 纯文本查看 复制代码
;主要功能:让exe启动的时候加载我们自己的DLL
;感谢蓝天师傅和CK牛,帮了我不少,刚学汇编,大多都是API,代码不规范,希望大家指点一下,小菜好学,哪个大牛好心收了我吧
;QQ:8977XXXXX{:1_918:}
;留个QQ,说不定哪个大牛好心就收下我了,嘿嘿
.386
.model flat, stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data?
stStartUp STARTUPINFO <?>
stProcInfo PROCESS_INFORMATION <?>
hMemory dd ?
hh dd ?
.data
szDllKernel db 'Kernel32.dll',0
szLoadLibrary db 'LoadLibraryA',0
szFile db 'test.exe',0
szDll db 'Patch.dll',0
szCaption db '错误!!',0
szText db '进程创建失败,请确认文件存在',0
.code
Main:
invoke GetStartupInfo,offset stStartUp
invoke CreateProcess,offset szFile,NULL,NULL,NULL,NULL,CREATE_SUSPENDED,NULL,NULL, offset stStartUp,offset stProcInfo
cmp eax,0
jz exit
invoke VirtualAllocEx,stProcInfo.hProcess,NULL,12,MEM_COMMIT,PAGE_EXECUTE_READWRITE
mov hMemory,eax
invoke lstrlen,offset szDll
inc eax
invoke WriteProcessMemory,stProcInfo.hProcess,hMemory,offset szDll,eax,NULL
invoke GetModuleHandle,offset szDllKernel
invoke GetProcAddress,eax,offset szLoadLibrary
mov hh,eax
invoke CreateRemoteThread,stProcInfo.hProcess,NULL,1000H,hh,hMemory,NULL,NULL
invoke ResumeThread,stProcInfo.hThread
invoke CloseHandle,stProcInfo.hProcess
invoke CloseHandle,stProcInfo.hThread
invoke ExitProcess,0
exit: invoke MessageBox,NULL,offset szText,offset szCaption,MB_OK
invoke ExitProcess,NULL
end Main
[复制链接]
发表于 2012-11-13 10:59
