;主要功能:让exe启动的时候加载我们自己的DLL
.386
.model flat, stdcall
option casemap:none include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib .data?
stStartUp STARTUPINFO <?>
stProcInfo PROCESS_INFORMATION <?>
hMemory dd ?
hh dd ? .data
szDllKernel db ‘Kernel32.dll’,0
szLoadLibrary db ‘LoadLibraryA’,0
szFile db ‘test.exe’,0
szDll db ‘Patch.dll’,0
szCaption db ‘错误!!’,0
szText db ‘进程创建失败,请确认文件存在’,0 .code Main:
invoke GetStartupInfo,offset stStartUp
invoke CreateProcess,offset szFile,NULL,NULL,NULL,NULL,CREATE_SUSPENDED,NULL,NULL, offset stStartUp,offset stProcInfo
cmp eax,0
jz exit
invoke VirtualAllocEx,stProcInfo.hProcess,NULL,12,MEM_COMMIT,PAGE_EXECUTE_READWRITE
mov hMemory,eax
invoke lstrlen,offset szDll
inc eax
invoke WriteProcessMemory,stProcInfo.hProcess,hMemory,offset szDll,eax,NULL
invoke GetModuleHandle,offset szDllKernel
invoke GetProcAddress,eax,offset szLoadLibrary
mov hh,eax
invoke CreateRemoteThread,stProcInfo.hProcess,NULL,1000H,hh,hMemory,NULL,NULL
invoke ResumeThread,stProcInfo.hThread
invoke CloseHandle,stProcInfo.hProcess
invoke CloseHandle,stProcInfo.hThread
invoke ExitProcess,0
exit: invoke MessageBox,NULL,offset szText,offset szCaption,MB_OK
invoke ExitProcess,NULL
end Main
|