Skip to content

M
miscellaneous

Peacoor Zomboss / miscellaneous

通知 154
Star 9
Fork 18
M
miscellaneous

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
inject.cpp 3.0 KB
Newer Older
Peacoor Zomboss's avatar
Implement the hookdll and injector for x86/x64  
Peacoor Zomboss 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 
#include <windows.h>
#include <tlhelp32.h>

bool inject_dll(DWORD pid, const char *dll_path)
{
    int path_len = strlen(dll_path) + 1;
    HANDLE hproc = 0;
    LPVOID pmem = NULL;
    HANDLE hthread = 0;
    bool result = false;
    hproc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); // 打开进程
    if (hproc == 0) goto finally;
    pmem = VirtualAllocEx(hproc, NULL, path_len, MEM_COMMIT, PAGE_READWRITE); // 申请内存
    if (pmem == NULL) goto finally;
    WriteProcessMemory(hproc, pmem, dll_path, path_len, NULL); // 把dll路径写进去
    hthread = CreateRemoteThread(hproc, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, pmem, 0, NULL); // 创建远程线程注入
    if (hthread == 0) goto finally;
    WaitForSingleObject(hthread, INFINITE); // 等待线程执行
    DWORD threadres;
    GetExitCodeThread(hthread, &threadres); // 获取返回值
    result = threadres != 0; // LoadLibraryA错误返回0
    // 安全释放相应资源
    finally:
    if (pmem)
        VirtualFreeEx(hproc, pmem, 0, MEM_RELEASE);
    if (hthread != 0)
        CloseHandle(hthread);
    if (hproc != 0)
        CloseHandle(hproc);
    return result;
}

DWORD find_pid_by_name(const char *name)
{
    HANDLE procsnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    PROCESSENTRY32 procentry;
    procentry.dwSize = sizeof(PROCESSENTRY32);
    Process32First(procsnapshot, &procentry);
    if (strcmp(procentry.szExeFile, name) == 0) {
        CloseHandle(procsnapshot);
        return procentry.th32ProcessID;
    }
    while (Process32Next(procsnapshot, &procentry)) {
        if (strcmp(procentry.szExeFile, name) == 0) {
            CloseHandle(procsnapshot);
            return procentry.th32ProcessID;
        }
    }
    CloseHandle(procsnapshot);
    return 0;
}
Peacoor Zomboss's avatar
Add remove dll tool for civ6  
Peacoor Zomboss 已提交
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 

HMODULE find_module_handle_from_pid(DWORD pid, const char *module_name)
{
    HMODULE h_result = 0;
    HANDLE hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid);
    MODULEENTRY32 module_entry;
    module_entry.dwSize = sizeof(MODULEENTRY32);
    Module32First(hsnap, &module_entry);
    do {
        if (strcmp(module_entry.szModule, module_name) == 0) {
            h_result = module_entry.hModule;
            break;
        }
    } while (Module32Next(hsnap, &module_entry));
    CloseHandle(hsnap);
    return h_result;
}

bool remove_module(DWORD pid, HMODULE module_handle)
{
    HANDLE hproc = 0;
    HANDLE hthread = 0;
    bool result = false;
    hproc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
    if (hproc == 0) goto finally;
Peacoor Zomboss's avatar
Remove error comment  
Peacoor Zomboss 已提交
77 
    hthread = CreateRemoteThread(hproc, NULL, 0, (LPTHREAD_START_ROUTINE)FreeLibrary, module_handle, 0, NULL);
Peacoor Zomboss's avatar
Add remove dll tool for civ6  
Peacoor Zomboss 已提交
78 79 80 81 82 83 84 85 86 87 88 89 
    if (hthread == 0) goto finally;
    WaitForSingleObject(hthread, INFINITE);
    DWORD threadres;
    GetExitCodeThread(hthread, &threadres);
    result = threadres != 0;
finally:
    if (hthread != 0)
        CloseHandle(hthread);
    if (hproc != 0)
        CloseHandle(hproc);
    return result;
}