DLL Injection for Notepad

先做个注入器

// Injector.cpp
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
#include <iostream>

BOOL InjectDLL(DWORD dwPID, const wchar_t* dllPath)
{
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID);
    if (!hProcess) {
        std::wcout << L"打开进程失败" << std::endl;
        return FALSE;
    }

    LPVOID pRemoteBuf = VirtualAllocEx(hProcess, NULL, (wcslen(dllPath) + 1) * sizeof(wchar_t),
        MEM_COMMIT, PAGE_READWRITE);
    if (!pRemoteBuf) {
        CloseHandle(hProcess);
        return FALSE;
    }

    WriteProcessMemory(hProcess, pRemoteBuf, dllPath,
        (wcslen(dllPath) + 1) * sizeof(wchar_t), NULL);

    HMODULE hKernel32 = GetModuleHandle(L"kernel32.dll");
    LPTHREAD_START_ROUTINE pLoadLibraryW =
        (LPTHREAD_START_ROUTINE)GetProcAddress(hKernel32, "LoadLibraryW");

    HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0,
        pLoadLibraryW, pRemoteBuf, 0, NULL);

    WaitForSingleObject(hThread, INFINITE);

    VirtualFreeEx(hProcess, pRemoteBuf, 0, MEM_RELEASE);
    CloseHandle(hThread);
    CloseHandle(hProcess);

    return TRUE;
}

int wmain(int argc, wchar_t* argv[])
{
    if (argc < 3) {
        std::wcout << L"用法: Injector.exe <PID> <DLL路径>" << std::endl;
        return -1;
    }

    DWORD pid = _wtoi(argv[1]);
    const wchar_t* dllPath = argv[2];

    if (InjectDLL(pid, dllPath)) {
        std::wcout << L"注入成功！" << std::endl;
    }
    else {
        std::wcout << L"注入失败。" << std::endl;
    }

    return 0;
}

再来个测试的DLL

#include <windows.h>
#include <tchar.h>

DWORD WINAPI InjectThread(LPVOID)
{
    Sleep(1000); // 等待窗口初始化

    DWORD myPID = GetCurrentProcessId();

    HWND hwnd = GetTopWindow(NULL);
    while (hwnd)
    {
        DWORD pid = 0;
        GetWindowThreadProcessId(hwnd, &pid);
        if (pid == myPID)
        {
            // 找子窗口：Edit 控件
            HWND hEdit = FindWindowEx(hwnd, NULL, L"Edit", NULL);
            if (hEdit)
            {
                const wchar_t* text = L"Hello from Injected DLL!\r\n";
                SendMessage(hEdit, WM_SETTEXT, 0, (LPARAM)text);
                return 0;
            }
        }
        hwnd = GetNextWindow(hwnd, GW_HWNDNEXT);
    }

    MessageBox(NULL, L"❌ 找不到 Notepad 编辑框", L"DLL 注入失败", MB_OK);
    return 0;
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
    if (ul_reason_for_call == DLL_PROCESS_ATTACH)
    {
        DisableThreadLibraryCalls(hModule); // 避免额外 DLL_THREAD_ATTACH 回调
        CreateThread(NULL, 0, InjectThread, NULL, 0, NULL); // ✅ 在新线程中执行逻辑
    }
    return TRUE;
}

找子窗口 查看控件类 用Visual Studio 2022的Tool => spy++ show window 拖动 狙击镜 到notepad window