Home Explore Help
Register Sign In
Reverse
/
wechat
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: fc5a314648
Branches Tags
wechat
/
source
/
hook
/
WeChats
/
Injection.cpp

Injection.cpp 2.3 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. #include "StdAfx.h"
    2. 

  2. #include "Injection.h"
    3. 

  3. 

  4. CInjection::CInjection(DWORD dwPid, LPCTSTR lpDynamicLibraryPath)
    5. 

  5. :m_dwInjectionPID(dwPid),
    6. 

  6. m_hInjectionProcess(NULL),
    7. 

  7. m_lpPathData(NULL),
    8. 

  8. m_hInjectThread(NULL),
    9. 

  9. m_hUnInjectThread(NULL),
    10. 

  10. m_dwPathLen(0)
    11. 

  11. {
    12. 

  12. 	ASSERT(dwPid!=0);
    13. 

  13. 	ASSERT(lpDynamicLibraryPath!=NULL);
    14. 

  14. 

  15. 	memset(m_szDllPath, 0, sizeof(m_szDllPath));
    16. 

  16. 	_tcscpy_s(m_szDllPath,lpDynamicLibraryPath);
    17. 

  17. 	m_hInjectionProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, m_dwInjectionPID);
    18. 

  18. }
    19. 

  19. 

  20. CInjection::~CInjection(void)
    21. 

  21. {
    22. 

  22. 	FreeInjection();
    23. 

  23. }
    24. 

  24. 

  25. int CInjection::ProcessInjection()
    26. 

  26. {
    27. 

  27. 	ASSERT(m_hInjectionProcess!=NULL);
    28. 

  28. 

  29. 	m_dwPathLen = _tcslen(m_szDllPath)*sizeof(TCHAR);
    30. 

  30. 	m_lpPathData = VirtualAllocEx(m_hInjectionProcess,NULL, m_dwPathLen, MEM_COMMIT, PAGE_READWRITE);
    31. 

  31. 	if (NULL == m_lpPathData)
    32. 

  32. 		return -1;
    33. 

  33. 

  34. 	if (WriteProcessMemory(m_hInjectionProcess, m_lpPathData, m_szDllPath, m_dwPathLen, NULL) == 0)
    35. 

  35. 	{
    36. 

  36. 		VirtualFreeEx(m_hInjectionProcess, m_lpPathData, m_dwPathLen, MEM_DECOMMIT);
    37. 

  37. 		return -1;
    38. 

  38. 	}
    39. 

  39. 

  40. 	HMODULE hk32 = GetModuleHandle(_T("kernel32.dll"));
    41. 

  41. 	// 注意:微信使用的是W版本;
    42. 

  42. 	LPVOID lpAddr = GetProcAddress(hk32,"LoadLibraryW");
    43. 

  43. 

  44. 	m_hInjectThread = CreateRemoteThread(m_hInjectionProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpAddr, m_lpPathData, 0, NULL);
    45. 

  45. 	if (NULL == m_hInjectThread)
    46. 

  46. 		return -1;
    47. 

  47. 

  48. 	return 0;
    49. 

  49. }
    50. 

  50. 

  51. int CInjection::FreeInjection()
    52. 

  52. {
    53. 

  53. 	ASSERT(m_hInjectionProcess!=NULL);
    54. 

  54. 

  55. 	TString str = m_szDllPath;
    56. 

  56. 	int nIndex = str.find_last_of(_T('\\'));
    57. 

  57. 	if (nIndex != TString::npos)
    58. 

  58. 		str = str.substr(nIndex+1);
    59. 

  59. 

  60. 	MODULEENTRY32 me32 = FindModule(str.c_str(), m_dwInjectionPID);
    61. 

  61. 	if (me32.hModule == NULL )
    62. 

  62. 	{
    63. 

  63. 		MessageBox(NULL, _T("xxxxx"), _T("dfdf"), MB_OK);
    64. 

  64. 		return -1;
    65. 

  65. 	}
    66. 

  66. 

  67. 	LPVOID lpAddr = GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "FreeLibrary");//FreeLibraryAndExitThread//FreeLibrary
    68. 

  68. 

  69. 	m_hUnInjectThread = CreateRemoteThread(m_hInjectionProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpAddr, me32.hModule, 0, NULL);
    70. 

  70. 

  71. 	WaitForSingleObject(m_hUnInjectThread, INFINITE);
    72. 

  72. 

  73. 	// 释放所有资源;
    74. 

  74. 	if (m_hInjectThread)
    75. 

  75. 		CloseHandle(m_hInjectThread);
    76. 

  76. 	if (m_hUnInjectThread)
    77. 

  77. 		CloseHandle(m_hUnInjectThread);
    78. 

  78. 	if (m_lpPathData)
    79. 

  79. 		VirtualFreeEx(m_hInjectionProcess, m_lpPathData, m_dwPathLen, MEM_DECOMMIT);
    80. 

  80. 	
    81. 

  81. 	if (m_hInjectionProcess)
    82. 

  82. 		CloseHandle(m_hInjectionProcess);
    83. 

  83. 

  84. 	return 0;
    85. 

  85. }
    86. 

  86. 

  87. void CInjection::InjectionExistProcess()
    88. 

  88. {
    89. 

  89. 	// 查找现在的进程;
    90. 

  90. 	vector<DWORD> vtPID = FindAllProcess(WECHAT);
    91. 

  91. }
    92.