1: using System;
2: using System.Collections.Generic;
3: using System.ComponentModel;
4: using System.Data;
5: using System.Diagnostics;
6: using System.Drawing;
7: using System.Linq;
8: using System.Runtime.InteropServices;
9: using System.Text;
10: using System.Windows.Forms;
11:
12: namespace hooktest01
13: { 14: public partial class Form1 : Form
15: { 16: [DllImport("kernel32.dll")] 17: public static extern int VirtualAllocEx(IntPtr hwnd, Int32 lpaddress, int size, int type, Int32 tect);
18: [DllImport("kernel32.dll")] 19: public static extern Boolean WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten);
20: [DllImport("kernel32.dll")] 21: public static extern int GetProcAddress(int hwnd, string lpname);
22: [DllImport("kernel32.dll")] 23: public static extern int GetModuleHandleA(string name);
24: [DllImport("kernel32.dll")] 25: public static extern IntPtr CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);
26: [DllImport("kernel32.dll")] 27: public static extern Int32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds);
28: [DllImport("kernel32.dll")] 29: public static extern Boolean VirtualFree(IntPtr lpAddress, Int32 dwSize, Int32 dwFreeType);
30: Process pname;
31: UInt32 INFINITE = 0xFFFFFFFF;
32: Int32 PAGE_EXECUTE_READWRITE = 0x40;
33: Int32 MEM_COMMIT = 0x1000;
34: Int32 MEM_RESERVE = 0x2000;
35: Int32 MEM_RELEASE = 0x8000;
36: Int32 AllocBaseAddress;
37: IntPtr hwnd;
38: string dllname;
39: Int32 Pid;
40: Boolean ok;
41: Int32 loadaddr;
42: IntPtr ThreadHwnd;
43:
44:
45: public Form1()
46: { 47: InitializeComponent();
48: }
49:
50: private void button1_Click(object sender, EventArgs e)
51: { 52: try
53: { 54: if (textBox1.Text == "" || textBox1.Text == null)
55: { 56: MessageBox.Show("Pid is null"); return; 57: }
58: if (textBox2.Text == "" || textBox2.Text == null)
59: { 60: MessageBox.Show("dll name is null"); return; 61: }
62: Pid = Int32.Parse(textBox1.Text);
63: dllname = textBox2.Text;
64: }
65: catch(Exception error)
66: { 67: MessageBox.Show(error.Message); return;
68: }
69: try
70: { 71: pname = Process.GetProcessById(Pid);
72: hwnd = pname.Handle;
73: }
74: catch(Exception error)
75: { //当标示pid的进程不存在时发生异常; 76: MessageBox.Show (error.Message); return;
77: }
78: AllocBaseAddress= VirtualAllocEx(hwnd, 0, dllname.Length + 1, MEM_COMMIT+ MEM_RESERVE, PAGE_EXECUTE_READWRITE);
79: if (AllocBaseAddress == 0)
80: { 81: MessageBox.Show("virtualallocex fail"); return; 82: }
83: ok=WriteProcessMemory(hwnd, AllocBaseAddress, dllname, dllname.Length + 1,0);
84: if (!ok)
85: { 86: MessageBox.Show("writeprocessmemory fail"); return; 87: }
88: loadaddr = GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA"); 89: if (loadaddr == 0)
90: { //取得LoadLibraryA的地址失败时返回 91: MessageBox.Show("get loadlibraryA fail"); return; 92: }
93: ThreadHwnd=CreateRemoteThread(hwnd, 0, 0, loadaddr, AllocBaseAddress,0, 0);
94: if (ThreadHwnd ==IntPtr.Zero)
95: { 96: MessageBox.Show("createremotethread fail"); return; 97: }
98:
99:
100: WaitForSingleObject(ThreadHwnd, INFINITE);
101: MessageBox.Show("ok ,you can check now!!!"); 102: VirtualFree(hwnd, 0, MEM_RELEASE);
103: //下面开始枚举模块列表;
104: ProcessModuleCollection pmodule = pname.Modules;
105: foreach (ProcessModule processm in pmodule)
106: { 107: listBox1.Items.Add(processm.FileName);
108: }
109: pname.Dispose();
110: }
111: //进程 句柄
112:
113: }
114: }
