加入收藏  |  设为首页  |  联系我们
网站首页 公司概况 公司文化 新闻动态 加密狗展示 工作坏境 招贤纳士 精诚合作 在线留言
新闻中心
公司新闻
行业资讯
 
地    址:广东省深圳市地王大厦38层8801号。
客服QQ1:4642967
客服QQ2:5915307
手    机:13528540969(刘先生)
邮    箱:4642967@qq.com
网    址:http://www.taixuan.net/
新闻中心 当前位置:首页 >> 新闻中心 >> 公司新闻

加密狗无dll的进程注入方法
发表时间:2018-06-28    来源:不详    浏览次数:1035

1.点击注入按钮:调用InitEGWork函数完成创建事件
2. CreateThread(NULL,NULL,CreateRemoteThreadProc,NULL,0,0);
  创建线程完成将注入代码写入到被注入进程中,并执行注入代码
3.注入到被注入进程的代码为
DWORD WINAPI RemoteThread(void *lpParameter)
{
  ThreadParam_t *ThreadParamp;

  DWORD Id;
  DWORD dwWaitResult;
  HANDLE hMapFile;
 
  IoEvnet_t IoEvnet;
  MapFile_t *MapFilep;

 

  VOID (__stdcall *LocalSleep)(DWORD dwMilliseconds);
  BOOL (__stdcall *LocalSetEvent)(HANDLE hEvent);
  DWORD (__stdcall *LocalWaitForSingleObject)(HANDLE hHandle,DWORD dwMilliseconds);

  //--------------------------------------------------------

  ThreadParamp = (ThreadParam_t*)lpParameter;
  ThreadParamp->ok = 1;

  LocalSleep = ThreadParamp->Sleep;
  LocalSetEvent = ThreadParamp->SetEvent;
  LocalWaitForSingleObject = ThreadParamp->WaitForSingleObject;

  Id = 0;
  dwWaitResult = 0;

  IoEvnet.InEvent = ThreadParamp->OpenEventA(EVENT_ALL_ACCESS, TRUE, ThreadParamp->EVENT_NAMEUI);
  IoEvnet.OutEvent = ThreadParamp->OpenEventA(EVENT_ALL_ACCESS, TRUE, ThreadParamp->EVENT_NAMEEG);
 
  if (IoEvnet.InEvent==NULL||
    IoEvnet.OutEvent==NULL)
  {
    ThreadParamp->MessageBoxA(NULL,ThreadParamp->OpenIoEvnetError,ThreadParamp->Tip,MB_OK);
  }
 
  hMapFile = ThreadParamp->OpenFileMapping(FILE_MAP_ALL_ACCESS,FALSE,ThreadParamp->FILEMAP_NAME);
  if (hMapFile==NULL)
  {
    ThreadParamp->MessageBoxA(NULL,ThreadParamp->OpenFileMapError,ThreadParamp->Tip,MB_OK);
  }
  IoEvnet.MapViewpBuff =(BYTE *)ThreadParamp->MapViewOfFile(hMapFile,FILE_MAP_ALL_ACCESS,0,0,MAPFILESIZE);
  if (IoEvnet.MapViewpBuff==NULL)
  {
    ThreadParamp->MessageBoxA(NULL,ThreadParamp->MapViewOfFileError,ThreadParamp->Tip,MB_OK);
  }

  IoEvnet.MapViewpBuff += MAPFILEOFFSET;

  MapFilep = (MapFile_t *)(IoEvnet.MapViewpBuff+8);

  ThreadParamp->ok++;
  //if (ThreadParamp->ThreadId==1)
  {
    ThreadParamp->MessageBoxA(NULL,ThreadParamp->Text,ThreadParamp->Caption,MB_OK);
  }


  __asm
  {
    jmp tcgbegin
    __asm {__emit('T')} __asm {__emit('C')} __asm {__emit('G')}
    __asm {__emit('B')} __asm {__emit('E')} __asm {__emit('G')} __asm {__emit('I')} __asm {__emit('N')}

tcgbegin:
  }


  for (;;)
  {
    dwWaitResult =  LocalWaitForSingleObject(IoEvnet.InEvent,-1);

    if (dwWaitResult==WAIT_OBJECT_0)
    { 
      //--------------------------------------
      //decode
      //------------------------------------------------------------------------------------------------------------------
      Id = *(DWORD*)(IoEvnet.MapViewpBuff+0);
      if (Id==1)
      {
        //------------------------------------------------------------------------------------------------------------------
        ((void (*)(MapFile_t *MapFilep,ULONG* InBuffer,ULONG InLength,ULONG *OutBuffer,ULONG OutLength,ULONG *OutLengthp))(DWORD)MapFilep->PipeFunCodeBuffer)(
          MapFilep,MapFilep->PipeInBuffer,MapFilep->InLength,MapFilep->PipeOutBuffer,MapFilep->OutLength,&MapFilep->OutLengthReal);
        //------------------------------------------------------------------------------------------------------------------
      }

     
      //------------------------------------------------------------------------------------------------------------------
      LocalSetEvent(IoEvnet.OutEvent);
      //------------------------------------------------------------------------------------------------------------------
    }
  }

  __asm
  {
    jmp labelmark
    __asm {__emit('L')} __asm {__emit('A')} __asm {__emit('B')} __asm {__emit('E')} __asm {__emit('L')}
    __asm {__emit('M')} __asm {__emit('A')} __asm {__emit('R')}
labelmark:
  }

  FUNLENGTHMARK
  return 0;
}

4.点击Test按钮程序会把函数IoTGBTestFunction拷贝到被注入进程中并执行
关闭窗口】 【打印本页】 【收藏页面
Copyright (c) 2013 - 2016 加密狗破解网 Inc. All Rights Reserved 备案号:粤ICP备08125688号 版权所有:加密狗破解网