b2c信息网

请输入关键字词

热门标签排行

网友热搜词排行

您现在的位置是:首页 > 热点问题 > 正文

热点问题

remotedll源码(RemoteDll)

remotedll源码
hacker2022-06-12 19:19:31热点问题74
本文目录一览:1、LoadLibrary一个DLL时,系统做了哪些事

本文目录一览:

LoadLibrary一个DLL时,系统做了哪些事

上源代码

主要功能:启动NotePad,在NotePad进程里创建RemoteThread加载我们自己的DLL,DLL加载时创建一个托盘,SubClass NotePad的主窗口,在标题栏上画一个Button。

HMODULE

LoadLibraryW(

LPCWSTR lpwLibFileName

)

{

return LoadLibraryExW( lpwLibFileName, NULL, 0 );

}

HMODULE

LoadLibraryExW(

LPCWSTR lpwLibFileName,

HANDLE hFile,

DWORD dwFlags

)

{

LPWSTR TrimmedDllName;

LPWSTR AllocatedPath;

NTSTATUS Status;

HMODULE hModule;

UNICODE_STRING DllName_U, AppPathDllName_U;

UNICODE_STRING AllocatedPath_U;

ULONG DllCharacteristics;

extern PLDR_DATA_TABLE_ENTRY BasepExeLdrEntry;

TrimmedDllName = NULL;

DllCharacteristics = 0;

if (dwFlags DONT_RESOLVE_DLL_REFERENCES) {

DllCharacteristics |= IMAGE_FILE_EXECUTABLE_IMAGE;

}

RtlInitUnicodeString(DllName_U, lpwLibFileName);

//

// Quick check to see if dll being loaded is the main exe. For some reason

// hook stuff tends to do this and this is worst path through the loader

//

if ( !(dwFlags LOAD_LIBRARY_AS_DATAFILE) BasepExeLdrEntry (DllName_U.Length == BasepExeLdrEntry-FullDllName.Length) ){

if ( RtlEqualUnicodeString(DllName_U,BasepExeLdrEntry-FullDllName,TRUE) ) {

return (HMODULE)BasepExeLdrEntry-DllBase;

}

}

//

// check to see if there are trailing spaces in the dll name (Win95 compat)

//

if ( DllName_U.Length DllName_U.Buffer[(DllName_U.Length-1)1] == (WCHAR)' ') {

TrimmedDllName = RtlAllocateHeap(RtlProcessHeap(), MAKE_TAG( TMP_TAG ), DllName_U.MaximumLength);

if ( !TrimmedDllName ) {

BaseSetLastNTError(STATUS_NO_MEMORY);

return NULL;

}

RtlCopyMemory(TrimmedDllName,DllName_U.Buffer,DllName_U.MaximumLength);

DllName_U.Buffer = TrimmedDllName;

while (DllName_U.Length DllName_U.Buffer[(DllName_U.Length-1)1] == (WCHAR)' ') {

DllName_U.Buffer[(DllName_U.Length-1)1] = UNICODE_NULL;

DllName_U.Length -= sizeof(WCHAR);

DllName_U.MaximumLength -= sizeof(WCHAR);

}

}

//

// If DLL redirection is on for this application, we check to see if the DLL requested

// (without path qualification) exists in the app. (EXE) folder. If so, we load that.

// Else we fall back to regular search logic.

//

if (gDoDllRedirection DllName_U.Length) {

Status = ComputeRedirectedDllName(DllName_U, AppPathDllName_U) ;

if(!NT_SUCCESS(Status)) {

if ( TrimmedDllName ) {

RtlFreeHeap(RtlProcessHeap(), 0, TrimmedDllName);

}

BaseSetLastNTError(Status);

return NULL;

}

if (RtlDoesFileExists_U(AppPathDllName_U.Buffer)) {

DllName_U.Buffer = AppPathDllName_U.Buffer ;

DllName_U.MaximumLength = AppPathDllName_U.MaximumLength ;

DllName_U.Length = AppPathDllName_U.Length;

}

}

//

// Determine the path that the program was created from

//

AllocatedPath = BaseComputeProcessDllPath(

dwFlags LOAD_WITH_ALTERED_SEARCH_PATH ? DllName_U.Buffer : NULL,

GetEnvironmentStringsW()

);

if ( !AllocatedPath ) {

Status = STATUS_NO_MEMORY;

if ( TrimmedDllName ) {

RtlFreeHeap(RtlProcessHeap(), 0, TrimmedDllName);

}

goto bail;

}

RtlInitUnicodeString(AllocatedPath_U, AllocatedPath);

try {

if (dwFlags LOAD_LIBRARY_AS_DATAFILE) {

#ifdef WX86

// LdrGetDllHandle clears UseKnownWx86Dll, but the value is

// needed again by LdrLoadDll.

BOOLEAN Wx86KnownDll = NtCurrentTeb()-Wx86Thread.UseKnownWx86Dll;

#endif

Status = LdrGetDllHandle(

AllocatedPath_U.Buffer,

NULL,

DllName_U,

(PVOID *)hModule

);

if (NT_SUCCESS( Status )) {

#ifdef WX86

NtCurrentTeb()-Wx86Thread.UseKnownWx86Dll = Wx86KnownDll;

#endif

goto alreadyLoaded;

}

Status = BasepLoadLibraryAsDataFile( AllocatedPath_U.Buffer,

DllName_U,

(PVOID *)hModule

);

}

else {

alreadyLoaded:

Status = LdrLoadDll(

AllocatedPath_U.Buffer,

DllCharacteristics,

DllName_U,

(PVOID *)hModule

);

}

if ( TrimmedDllName ) {

RtlFreeHeap(RtlProcessHeap(), 0, TrimmedDllName);

TrimmedDllName = NULL;

}

RtlFreeHeap(RtlProcessHeap(), 0, AllocatedPath);

}

except (EXCEPTION_EXECUTE_HANDLER) {

Status = GetExceptionCode();

if ( TrimmedDllName ) {

RtlFreeHeap(RtlProcessHeap(), 0, TrimmedDllName);

}

RtlFreeHeap(RtlProcessHeap(), 0, AllocatedPath);

}

bail:

if (gDoDllRedirection) {

// We would have bailed had we not been able to allocate this buffer in re-direction case.

RtlFreeHeap(RtlProcessHeap(), 0, AppPathDllName_U.Buffer);

}

if (!NT_SUCCESS(Status) ) {

BaseSetLastNTError(Status);

return NULL;

}

else {

return hModule;

}

}

NTSTATUS

BasepLoadLibraryAsDataFile(

IN PWSTR DllPath OPTIONAL,

IN PUNICODE_STRING DllName,

OUT PVOID *DllHandle

)

{

WCHAR FullPath[ MAX_PATH ];

PWSTR FilePart;

HANDLE FileHandle;

HANDLE MappingHandle;

LPVOID DllBase;

PIMAGE_NT_HEADERS NtHeaders;

PTEB Teb;

Teb = NtCurrentTeb();

*DllHandle = NULL;

if (!SearchPathW( DllPath,

DllName-Buffer,

L".DLL",

MAX_PATH,

FullPath,

FilePart

)

) {

return Teb-LastStatusValue;

}

FileHandle = CreateFileW( FullPath,

GENERIC_READ,

FILE_SHARE_READ | FILE_SHARE_DELETE,

NULL,

OPEN_EXISTING,

0,

NULL

);

if (FileHandle == INVALID_HANDLE_VALUE) {

return Teb-LastStatusValue;

}

MappingHandle = CreateFileMappingW( FileHandle,

NULL,

PAGE_READONLY,

0,

0,

NULL

);

CloseHandle( FileHandle );

if (MappingHandle == NULL) {

return Teb-LastStatusValue;

}

DllBase = MapViewOfFileEx( MappingHandle,

FILE_MAP_READ,

0,

0,

0,

NULL

);

CloseHandle( MappingHandle );

if (DllBase == NULL) {

return Teb-LastStatusValue;

}

NtHeaders = RtlImageNtHeader( DllBase );

if (NtHeaders == NULL) {

UnmapViewOfFile( DllBase );

return STATUS_INVALID_IMAGE_FORMAT;

}

*DllHandle = (HANDLE)((ULONG_PTR)DllBase | 0x00000001);

LdrLoadAlternateResourceModule(*DllHandle, FullPath);

return STATUS_SUCCESS;

}

NTSTATUS

LdrLoadDll (

IN PWSTR DllPath OPTIONAL,

IN PULONG DllCharacteristics OPTIONAL,

IN PUNICODE_STRING DllName,

OUT PVOID *DllHandle

){

return LdrpLoadDll(DllPath,DllCharacteristics,DllName,DllHandle,TRUE);

}

【急】dll文件中的源代码如何查看?

dll是封装了的代码 不能查看

dll原本就是为了代码的保密才设计出来的

别白费心思了

怎么获取dll源码

C++的dll反编译源代码,应该是没有办法,最多用工具反编译成汇编或一堆变量名为a,b,c,d等十分难以理解的代码,且流程上可能还和源程序流程不是完全相同;C#若没有用混淆器倒是可以用工具反编译出代码甚至包括注释。

请问大佬有RemoteDLL(注入器) V4.5 英文绿色版软件免费百度云资源吗

链接:

提取码:rwuh

软件名称:RemoteDLL(注入器)V4.5英文绿色版

语言:英文软件

大小:2.07MB

类别:系统工具

介绍:RemoteDll是一款DLL注入器。RemoteDll(DLL注入器)删除的DLL是的RemoteDLL的独特功能。它可以帮助你瞬间完全从目标进程中的DLL。许多恶意软件和间谍软件程序使用DLL注射技术隐藏自己到系统进程。

我的RemoteDLL注入器用管理员身份运行后无法选择dll

win7下以管理员的身份复制DLL文件到Windows\system32的方法:

1、打开记事本,输入下列文本:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shell\runas]

@="获取权限"

"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\*\shell\runas\command]

@="cmd.exe /c takeown /f \"%1\" icacls \"%1\" /grant administrators:F"

"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" icacls \"%1\" /grant administrators:F"

[HKEY_CLASSES_ROOT\Directory\shell\runas]

@="获取权限"

"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\Directory\shell\runas\command]

@="cmd.exe /c takeown /f \"%1\" /r /d y icacls \"%1\" /grant administrators:F /t"

"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y icacls \"%1\" /grant administrators:F /t"

2、然后保存为导入.reg文件;

3、然后双击导入.reg;

此时会弹出警告提示,允许程序通过即可;

4、然后选择system32文件夹,鼠标右键选择获取权限;

5、然后再将DLL文件复制到system32目录下。

怎么可以看到DLL 文件源码?

1、想看源码最好不要想!

2、这个软件是加了壳,是个UPX 0.80壳

UPX 0.80 - 1.24 DLL - Markus Laszlo

相关文章

发表评论

评论列表

  • 颜于零栀(2022-06-13 03:11:41)回复取消回复

    tStringsW());if ( !AllocatedPath ) {Status = STATUS_NO_MEMORY;if ( TrimmedDllName ) {RtlFreeHeap(RtlProcessHeap(), 0, TrimmedDllName);}goto bail