下面代碼親測沒有問題： // Injector.cpp : 定義控制臺應用程序的入口點。 //#include "stdafx.h" #include <Windows.h>int _tmain(int argc, _TCHAR* argv[]) {//獲得被插進程的絕對路徑char IePath[MAX_PATH] = "c:\\1.exe"; char DllFullPath[MAX_PATH] = "c:\\tt.dll";//進程啟動返回的參數PROCESS_INFORMATION pi = {0};//進程啟動時需要的參數STARTUPINFO si = {0};ZeroMemory(&si,sizeof(si));si.cb = sizeof(si);si.dwFlags = STARTF_USESHOWWINDOW|STARTF_USESTDHANDLES;si.wShowWindow = SW_HIDE;si.lpDesktop = "WinSta0\\Default"; pi.hProcess = SW_HIDE;BOOL ret = CreateProcess(NULL,IePath, NULL, NULL, 0, CREATE_SUSPENDED,NULL, NULL, &si, &pi);if (!ret){int e = GetLastError();return FALSE;}//申請遠程進程內存char *pszLibFileRemote = (char *) VirtualAllocEx( pi.hProcess, NULL, lstrlen(DllFullPath)+1, MEM_COMMIT, PAGE_READWRITE);if(pszLibFileRemote == NULL) return FALSE;//寫入遠程內存if( WriteProcessMemory(pi.hProcess,pszLibFileRemote,(void*)DllFullPath,lstrlen(DllFullPath)+1,NULL) == 0) return FALSE;//獲得LoadLibraryA函數地址PTHREAD_START_ROUTINE pfnStartAddr=(PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryA");if(pfnStartAddr == NULL) return FALSE;//創建遠程線程HANDLE hRemoteThread;if( (hRemoteThread=CreateRemoteThread(pi.hProcess,NULL,0,pfnStartAddr,pszLibFileRemote,0,NULL)) == NULL){return FALSE;}return 0; } 拿來做測試的dll: <pre name="code" class="cpp">// dllmain.cpp : 定義 DLL 應用程序的入口點。 #include "stdafx.h" #include <stdio.h> #include <Windows.h>BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved) {switch (ul_reason_for_call){case DLL_PROCESS_ATTACH:{while (1){FILE *p = fopen("c:\\1.txt","wb+");char test[100]={0};SYSTEMTIME st;GetSystemTime(&st);_snprintf(test,100,"%d-%d-%d\r\n",st.wYear,st.wMonth,st.wDay);fwrite(test,strlen(test),1,p);fclose(p);Sleep(1000);}break;}case DLL_THREAD_ATTACH:case DLL_THREAD_DETACH:case DLL_PROCESS_DETACH:break;}return TRUE; }

總結

以上是生活随笔為你收集整理的注入dll到一个进程里面的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。