«

»

21

关于LdrLoadDll

调用过程:LoadLibraryA->LoadLibraryW->LdrLoadDll……

针对有些未加载kernel32.dll的进程,可以用ShellCode+LdrLoadDll进行DLL注入

还有就是可以用LdrGetProcedureAddress代替GetProcAddress

使用方法:

Private Declare Function LdrLoadDll Lib "NTDLL.DLL" (PathToFile As String, ByVal Flags As Long, ModuleFileName As UNICODE_STRING, ModuleHandle As Long) As Long

Private Type UNICODE_STRING
    Length As Integer
    MaximumLength As Integer
    Buffer As Long
End Type

Private Sub xx()

    Dim uPath As UNICODE_STRING
    Dim hModule As Long
  
    uPath.Buffer = StrPtr(dllPath)
    uPath.Length = LenB(dllPath)
    uPath.MaximumLength = uPath.Length

    LdrLoadDll vbNullString, 0, uPath, hModule

End Sub

 

1 comment

  1. NewbieCoder

    不加载kernel32的基本都绝种了吧。

    [回复]

发表评论

电子邮件地址不会被公开。 必填项已用*标注

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>