remotedll源码(RemoteDll)
本文目录一览:
- 1、LoadLibrary一个DLL时,系统做了哪些事
- 2、【急】dll文件中的源代码如何查看?
- 3、怎么获取dll源码
- 4、请问大佬有RemoteDLL(注入器) V4.5 英文绿色版软件免费百度云资源吗
- 5、我的RemoteDLL注入器用管理员身份运行后无法选择dll
- 6、怎么可以看到DLL 文件源码?
LoadLibrary一个DLL时,系统做了哪些事
上源代码
主要功能:启动NotePad,在NotePad进程里创建RemoteThread加载我们自己的DLL,DLL加载时创建一个托盘,SubClass NotePad的主窗口,在标题栏上画一个Button。
HMODULE
LoadLibraryW(
LPCWSTR lpwLibFileName
)
{
return LoadLibraryExW( lpwLibFileName, NULL, 0 );
}
HMODULE
LoadLibraryExW(
LPCWSTR lpwLibFileName,
HANDLE hFile,
DWORD dwFlags
)
{
LPWSTR TrimmedDllName;
LPWSTR AllocatedPath;
NTSTATUS Status;
HMODULE hModule;
UNICODE_STRING DllName_U, AppPathDllName_U;
UNICODE_STRING AllocatedPath_U;
ULONG DllCharacteristics;
extern PLDR_DATA_TABLE_ENTRY BasepExeLdrEntry;
TrimmedDllName = NULL;
DllCharacteristics = 0;
if (dwFlags DONT_RESOLVE_DLL_REFERENCES) {
DllCharacteristics |= IMAGE_FILE_EXECUTABLE_IMAGE;
}
RtlInitUnicodeString(DllName_U, lpwLibFileName);
//
// Quick check to see if dll being loaded is the main exe. For some reason
// hook stuff tends to do this and this is worst path through the loader
//
if ( !(dwFlags LOAD_LIBRARY_AS_DATAFILE) BasepExeLdrEntry (DllName_U.Length == BasepExeLdrEntry-FullDllName.Length) ){
if ( RtlEqualUnicodeString(DllName_U,BasepExeLdrEntry-FullDllName,TRUE) ) {
return (HMODULE)BasepExeLdrEntry-DllBase;
}
}
//
// check to see if there are trailing spaces in the dll name (Win95 compat)
//
if ( DllName_U.Length DllName_U.Buffer[(DllName_U.Length-1)1] == (WCHAR)' ') {
TrimmedDllName = RtlAllocateHeap(RtlProcessHeap(), MAKE_TAG( TMP_TAG ), DllName_U.MaximumLength);
if ( !TrimmedDllName ) {
BaseSetLastNTError(STATUS_NO_MEMORY);
return NULL;
}
RtlCopyMemory(TrimmedDllName,DllName_U.Buffer,DllName_U.MaximumLength);
DllName_U.Buffer = TrimmedDllName;
while (DllName_U.Length DllName_U.Buffer[(DllName_U.Length-1)1] == (WCHAR)' ') {
DllName_U.Buffer[(DllName_U.Length-1)1] = UNICODE_NULL;
DllName_U.Length -= sizeof(WCHAR);
DllName_U.MaximumLength -= sizeof(WCHAR);
}
}
//
// If DLL redirection is on for this application, we check to see if the DLL requested
// (without path qualification) exists in the app. (EXE) folder. If so, we load that.
// Else we fall back to regular search logic.
//
if (gDoDllRedirection DllName_U.Length) {
Status = ComputeRedirectedDllName(DllName_U, AppPathDllName_U) ;
if(!NT_SUCCESS(Status)) {
if ( TrimmedDllName ) {
RtlFreeHeap(RtlProcessHeap(), 0, TrimmedDllName);
}
BaseSetLastNTError(Status);
return NULL;
}
if (RtlDoesFileExists_U(AppPathDllName_U.Buffer)) {
DllName_U.Buffer = AppPathDllName_U.Buffer ;
DllName_U.MaximumLength = AppPathDllName_U.MaximumLength ;
DllName_U.Length = AppPathDllName_U.Length;
}
}
//
// Determine the path that the program was created from
//
AllocatedPath = BaseComputeProcessDllPath(
dwFlags LOAD_WITH_ALTERED_SEARCH_PATH ? DllName_U.Buffer : NULL,
GetEnvironmentStringsW()
);
if ( !AllocatedPath ) {
Status = STATUS_NO_MEMORY;
if ( TrimmedDllName ) {
RtlFreeHeap(RtlProcessHeap(), 0, TrimmedDllName);
}
goto bail;
}
RtlInitUnicodeString(AllocatedPath_U, AllocatedPath);
try {
if (dwFlags LOAD_LIBRARY_AS_DATAFILE) {
#ifdef WX86
// LdrGetDllHandle clears UseKnownWx86Dll, but the value is
// needed again by LdrLoadDll.
BOOLEAN Wx86KnownDll = NtCurrentTeb()-Wx86Thread.UseKnownWx86Dll;
#endif
Status = LdrGetDllHandle(
AllocatedPath_U.Buffer,
NULL,
DllName_U,
(PVOID *)hModule
);
if (NT_SUCCESS( Status )) {
#ifdef WX86
NtCurrentTeb()-Wx86Thread.UseKnownWx86Dll = Wx86KnownDll;
#endif
goto alreadyLoaded;
}
Status = BasepLoadLibraryAsDataFile( AllocatedPath_U.Buffer,
DllName_U,
(PVOID *)hModule
);
}
else {
alreadyLoaded:
Status = LdrLoadDll(
AllocatedPath_U.Buffer,
DllCharacteristics,
DllName_U,
(PVOID *)hModule
);
}
if ( TrimmedDllName ) {
RtlFreeHeap(RtlProcessHeap(), 0, TrimmedDllName);
TrimmedDllName = NULL;
}
RtlFreeHeap(RtlProcessHeap(), 0, AllocatedPath);
}
except (EXCEPTION_EXECUTE_HANDLER) {
Status = GetExceptionCode();
if ( TrimmedDllName ) {
RtlFreeHeap(RtlProcessHeap(), 0, TrimmedDllName);
}
RtlFreeHeap(RtlProcessHeap(), 0, AllocatedPath);
}
bail:
if (gDoDllRedirection) {
// We would have bailed had we not been able to allocate this buffer in re-direction case.
RtlFreeHeap(RtlProcessHeap(), 0, AppPathDllName_U.Buffer);
}
if (!NT_SUCCESS(Status) ) {
BaseSetLastNTError(Status);
return NULL;
}
else {
return hModule;
}
}
NTSTATUS
BasepLoadLibraryAsDataFile(
IN PWSTR DllPath OPTIONAL,
IN PUNICODE_STRING DllName,
OUT PVOID *DllHandle
)
{
WCHAR FullPath[ MAX_PATH ];
PWSTR FilePart;
HANDLE FileHandle;
HANDLE MappingHandle;
LPVOID DllBase;
PIMAGE_NT_HEADERS NtHeaders;
PTEB Teb;
Teb = NtCurrentTeb();
*DllHandle = NULL;
if (!SearchPathW( DllPath,
DllName-Buffer,
L".DLL",
MAX_PATH,
FullPath,
FilePart
)
) {
return Teb-LastStatusValue;
}
FileHandle = CreateFileW( FullPath,
GENERIC_READ,
FILE_SHARE_READ | FILE_SHARE_DELETE,
NULL,
OPEN_EXISTING,
0,
NULL
);
if (FileHandle == INVALID_HANDLE_VALUE) {
return Teb-LastStatusValue;
}
MappingHandle = CreateFileMappingW( FileHandle,
NULL,
PAGE_READONLY,
0,
0,
NULL
);
CloseHandle( FileHandle );
if (MappingHandle == NULL) {
return Teb-LastStatusValue;
}
DllBase = MapViewOfFileEx( MappingHandle,
FILE_MAP_READ,
0,
0,
0,
NULL
);
CloseHandle( MappingHandle );
if (DllBase == NULL) {
return Teb-LastStatusValue;
}
NtHeaders = RtlImageNtHeader( DllBase );
if (NtHeaders == NULL) {
UnmapViewOfFile( DllBase );
return STATUS_INVALID_IMAGE_FORMAT;
}
*DllHandle = (HANDLE)((ULONG_PTR)DllBase | 0x00000001);
LdrLoadAlternateResourceModule(*DllHandle, FullPath);
return STATUS_SUCCESS;
}
NTSTATUS
LdrLoadDll (
IN PWSTR DllPath OPTIONAL,
IN PULONG DllCharacteristics OPTIONAL,
IN PUNICODE_STRING DllName,
OUT PVOID *DllHandle
){
return LdrpLoadDll(DllPath,DllCharacteristics,DllName,DllHandle,TRUE);
}
【急】dll文件中的源代码如何查看?
dll是封装了的代码 不能查看
dll原本就是为了代码的保密才设计出来的
别白费心思了
怎么获取dll源码
C++的dll反编译源代码,应该是没有办法,最多用工具反编译成汇编或一堆变量名为a,b,c,d等十分难以理解的代码,且流程上可能还和源程序流程不是完全相同;C#若没有用混淆器倒是可以用工具反编译出代码甚至包括注释。
请问大佬有RemoteDLL(注入器) V4.5 英文绿色版软件免费百度云资源吗
链接:
提取码:rwuh
软件名称:RemoteDLL(注入器)V4.5英文绿色版
语言:英文软件
大小:2.07MB
类别:系统工具
介绍:RemoteDll是一款DLL注入器。RemoteDll(DLL注入器)删除的DLL是的RemoteDLL的独特功能。它可以帮助你瞬间完全从目标进程中的DLL。许多恶意软件和间谍软件程序使用DLL注射技术隐藏自己到系统进程。
我的RemoteDLL注入器用管理员身份运行后无法选择dll
win7下以管理员的身份复制DLL文件到Windows\system32的方法:
1、打开记事本,输入下列文本:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\runas]
@="获取权限"
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\*\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" icacls \"%1\" /grant administrators:F"
[HKEY_CLASSES_ROOT\Directory\shell\runas]
@="获取权限"
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\Directory\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" /r /d y icacls \"%1\" /grant administrators:F /t"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y icacls \"%1\" /grant administrators:F /t"
2、然后保存为导入.reg文件;
3、然后双击导入.reg;
此时会弹出警告提示,允许程序通过即可;
4、然后选择system32文件夹,鼠标右键选择获取权限;
5、然后再将DLL文件复制到system32目录下。
怎么可以看到DLL 文件源码?
1、想看源码最好不要想!
2、这个软件是加了壳,是个UPX 0.80壳
UPX 0.80 - 1.24 DLL - Markus Laszlo
