½Ã½ºÅÛ ÇØÅ·

 1576, 1/79 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   wlgns5721
   dllÀÎÁ§¼ÇÀÌ ¿Ö ¾ÈµÇ´Â °É±î¿ä....

http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=1819 [º¹»ç]


ÄÚµå´Â ¸®¹ö½ºÄھ ÀÖ´Â ¼Ò½ºÀÔ´Ï´Ù.

BOOL InjectDll(DWORD dwPID, LPCTSTR szDllName)
{
        HANDLE hProcess, hThread;
        LPVOID pRemoteBuf;
        DWORD dwBufSize = lstrlen(szDllName) + 1;
        LPTHREAD_START_ROUTINE pThreadProc;

        if (!(hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID)))
                return FALSE;

        pRemoteBuf = VirtualAllocEx(hProcess, NULL, dwBufSize, MEM_COMMIT, PAGE_READWRITE);

        WriteProcessMemory(hProcess, pRemoteBuf, (LPVOID)szDllName, dwBufSize, NULL);

        pThreadProc = (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(L"kernel32.dll"), "LoadLibraryA");
        hThread = CreateRemoteThread(hProcess, NULL, 0, pThreadProc, pRemoteBuf, 0, NULL);
        WaitForSingleObject(hThread, INFINITE);

        CloseHandle(hThread);
        CloseHandle(hProcess);

        return TRUE;
}

µð¹ö±ëÀ» Çغ» °á°ú OpenProcess(), virtualAllocEx(), WriteProcessMemory(), GetProcAddress(), CreateRemoteThread() ÇÔ¼öµé ÀüºÎ 0À» ¸®ÅÏÇÏÁö ¾Ê°í Á¤»óÀûÀ¸·Î ½ÇÇàÀÌ µÇ´Â°ÍÀ» È®ÀÎÇß½À´Ï´Ù. ±×·±µ¥ ¸·»ó procexp¸¦ ÅëÇؼ­ dllÀÎÁ§¼ÇµÇ¾ú´ÂÁö È®ÀÎÀ» Çغ¸¸é ÀüÇô µÇÁö°¡ ¾Ê³×¿ä.... µµµ¥Ã¼ ¹«¾ùÀÌ ¹®Á¦Àϱî¿ä? ¤Ð¤Ð dllÀÎÁ§ÅͶû Ÿ°Ù µÑ´Ù 32bitÀÔ´Ï´Ù.  ¸®¹ö½ºÄھ ÀÖ´Â ÄÚµå¶û Â÷ÀÌÁ¡À» ¸»ÇÏÀÚ¸é dllÆÄÀÏÀÇ °æ·Î¶û, GetModuleHandle("kernel32.dll")¿¡¼­ LÀ» ºÙ¿©¼­ GetModuleHandle(L"kernel32.dll")·Î ¹Ù²Û°ÍÀÔ´Ï´Ù...

µµµ¥Ã¼ ¿Ö ¾ÈµÇ´Â °É±î¿ä ¤Ð¤Ð
  Hit : 3406     Date : 2016/08/30 01:39