Código dll
Código
#include <Windows.h> BOOL APIENTRY DllMain(HMODULE hMod, DWORD callback, LPVOID Param) { switch(callback) { case DLL_PROCESS_ATTACH: aqui ponemos el codigo que queremos que se ejecute en la dll MessageBoxW(NULL, TEXT("Hola desde proceso injectado !"), TEXT("Test"), MB_ICONINFORMATION); case DLL_PROCESS_DETACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: default: break; } return TRUE; }
codigo de la aplicacion externa
Código
http://imgur.com/DsEoTz4
#include <Windows.h> #include <stdio.h> #include <winternl.h> #pragma comment(lib, "ntdll.lib") typedef struct _CLIENT_ID { HANDLE UniqueProcess; HANDLE UniqueThread; } CLIENT_ID, *PCLIENT_ID; extern "C" NTSTATUS NTAPI ZwOpenProcess(PHANDLE ProcessHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PCLIENT_ID ClientID); int main(int argc, char *argv[]) { char *ruta_dll = "C:\\Dlltest.dll"; ULONG pid; OBJECT_ATTRIBUTES oa; HANDLE hproc; CLIENT_ID cid; NTSTATUS status; cid.UniqueProcess = (HANDLE)pid; cid.UniqueThread = 0; InitializeObjectAttributes(&oa, NULL, 0, NULL, NULL); if(NT_SUCCESS(ZwOpenProcess(&hproc, PROCESS_ALL_ACCESS, &oa, &cid))) { if(NT_SUCCESS(status)) { HMODULE dll = GetModuleHandle(L"kernel32"); if(dll != NULL) { FARPROC load = GetProcAddress(dll, "LoadLibraryA"); if(load != ERROR) { LPVOID base = VirtualAllocEx(hproc, NULL, 256, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); if(base != ERROR) { if(exito != 0) { HANDLE thread = CreateRemoteThread(hproc, NULL, NULL, (LPTHREAD_START_ROUTINE)load, base, NULL, NULL); if(thread != ERROR) { } } } } } } } return 0; }
http://imgur.com/6HoVbVR
http://imgur.com/jD3CYTH