updates and moves

n/a
2026-06-15 23:39:23 +00:00 · 2022-04-11 20:00:13 -05:00
parent 1275ea2e03
commit 900263ea6f
809 changed files with 149115 additions and 1594 deletions
@@ -0,0 +1,337 @@
+/*
+x86和x64的注入因为x64的系统增加了较多的权限的校验，需要进行提权处理。
+x64提权主要就是用到了ntdll.dll中的未导出函数，RtlAdjustPrivilege().
+*/
+#include "stdafx.h"
+#include "CreateRemoteThread.h"
+#include <strsafe.h>
+
+#ifdef _DEBUG
+#define new DEBUG_NEW
+#endif
+
+
+// 唯一的应用程序对象
+
+CWinApp theApp;
+
+using namespace std;
+
+typedef enum  _WIN_VERSION
+{
+    WindowsNT,
+    Windows2000,
+    WindowsXP,
+    Windows2003,
+    WindowsVista,
+    Windows7,
+    Windows8,
+    Windows10,
+    WinUnknown
+}WIN_VERSION;
+typedef NTSTATUS( NTAPI* fnRtlGetVersion )(PRTL_OSVERSIONINFOW lpVersionInformation);  
+
+VOID InjectDll(ULONG_PTR ProcessID, WCHAR* strPath);
+WIN_VERSION  GetWindowsVersion();
+BOOL EnableDebugPrivilege();
+BOOL InjectDllByRemoteThreadXP(const TCHAR* wzDllFile, ULONG_PTR ProcessId);
+BOOL InjectDllByRemoteThreadWin7(const TCHAR* wzDllFile, ULONG_PTR ProcessId);
+
+typedef long (__fastcall *pfnRtlAdjustPrivilege64)(ULONG,ULONG,ULONG,PVOID);
+typedef long (__stdcall *pfnRtlAdjustPrivilege32)(ULONG,ULONG,ULONG,PVOID);
+
+WIN_VERSION  WinVersion = WinUnknown;
+
+int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
+{
+    WinVersion = GetWindowsVersion();
+
+    if(argc == 3)
+    {
+        ULONG ProcessId = 0;
+        swscanf_s(argv[1], L"%d", &ProcessId);
+        InjectDll(ProcessId, argv[2]);
+    }
+    
+    return 0;
+}
+
+VOID InjectDll(ULONG_PTR ProcessID, WCHAR* strPath)
+{
+    WCHAR wzPath[MAX_PATH] = {0};
+
+    if (ProcessID == 0 || strPath == NULL)
+    {
+        printf("Inject Fail ProcessId or strPath is not exists \r\n");
+        return;
+    }
+
+    GetCurrentDirectory(260,wzPath);
+    wcsncat_s(wzPath, L"\\", 2);
+    wcsncat_s(wzPath, strPath, wcslen(strPath));//dll完整路径
+
+    if (!PathFileExists(wzPath))
+    {
+        printf("Inject Fail strPath is not exists LastError [%d]\r\n", GetLastError());
+        return;
+    }    
+
+    printf("Inject Target [%d], strPath [%S]\n", ProcessID, wzPath);
+
+    if(WinVersion >= Windows7)
+    {
+        if (!InjectDllByRemoteThreadWin7(wzPath,ProcessID))
+            printf("Inject Fail\r\n");
+        else 
+            printf ("Inject Success\r\n");
+    }
+    else
+    {
+        if (!InjectDllByRemoteThreadXP(wzPath,ProcessID))
+            printf("Inject Fail\r\n");            
+        else 
+            printf("Inject Success\r\n");
+    }
+}
+
+
+BOOL InjectDllByRemoteThreadWin7(const TCHAR* wzDllFile, ULONG_PTR ProcessId)
+{
+    if (NULL == wzDllFile || 0 == ::_tcslen(wzDllFile) || ProcessId == 0 || -1 == _taccess(wzDllFile, 0))
+    {
+        return FALSE;
+    }
+    HANDLE                 hProcess = NULL;
+    HANDLE                 hThread  = NULL;
+    DWORD                  dwRetVal    = 0;
+    LPTHREAD_START_ROUTINE FuncAddress = NULL;
+    DWORD  dwSize = 0;
+    TCHAR* VirtualAddress = NULL;
+    //预编译，支持Unicode
+#ifdef _UNICODE
+    FuncAddress = (PTHREAD_START_ROUTINE)::GetProcAddress(::GetModuleHandle(_T("Kernel32")), "LoadLibraryW");
+#else
+    FuncAddress = (PTHREAD_START_ROUTINE)::GetProcAddress(::GetModuleHandle(_T("Kernel32")), "LoadLibraryA");
+#endif
+
+    if (FuncAddress==NULL)
+    {
+        return FALSE;
+    }
+
+#ifdef _WIN64
+    pfnRtlAdjustPrivilege64 RtlAdjustPrivilege = NULL;
+    RtlAdjustPrivilege=(pfnRtlAdjustPrivilege64)GetProcAddress((HMODULE)(FuncAddress(L"ntdll.dll")),"RtlAdjustPrivilege");
+#else
+    pfnRtlAdjustPrivilege32 RtlAdjustPrivilege = NULL;
+    RtlAdjustPrivilege=(pfnRtlAdjustPrivilege32)GetProcAddress((HMODULE)(FuncAddress(L"ntdll.dll")),"RtlAdjustPrivilege");
+#endif
+
+    if (RtlAdjustPrivilege==NULL)
+    {
+        return FALSE;
+    }
+        /*
+        .常量 SE_BACKUP_PRIVILEGE, "17", 公开
+        .常量 SE_RESTORE_PRIVILEGE, "18", 公开
+        .常量 SE_SHUTDOWN_PRIVILEGE, "19", 公开
+        .常量 SE_DEBUG_PRIVILEGE, "20", 公开
+        */
+    RtlAdjustPrivilege(20,1,0,&dwRetVal);  //19
+
+    hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE, ProcessId);
+
+    if (NULL == hProcess)
+    {
+        printf("Open Process Fail lastError [%d]\r\n", GetLastError());
+        return FALSE;
+    }
+
+    // 在目标进程中分配内存空间
+    dwSize = (DWORD)::_tcslen(wzDllFile) + 1;
+    VirtualAddress = (TCHAR*)::VirtualAllocEx(hProcess, NULL, dwSize * sizeof(TCHAR), MEM_COMMIT, PAGE_READWRITE);  
+    if (NULL == VirtualAddress)
+    {
+        printf("Virtual Process Memory Fail lastError [%d]\r\n", GetLastError());
+        CloseHandle(hProcess);
+        return FALSE;
+    }
+
+    // 在目标进程的内存空间中写入所需参数(模块名)
+    if (FALSE == ::WriteProcessMemory(hProcess, VirtualAddress, (LPVOID)wzDllFile, dwSize * sizeof(TCHAR), NULL))
+    {
+        printf("Write Data Fail LastError [%d]\r\n", GetLastError());
+        VirtualFreeEx(hProcess, VirtualAddress, dwSize, MEM_DECOMMIT);
+        CloseHandle(hProcess);
+        return FALSE;
+    }
+
+    hThread = ::CreateRemoteThread(hProcess, NULL, 0, FuncAddress, VirtualAddress, 0, NULL);
+    if (NULL == hThread)
+    {
+        printf("CreateRemoteThread Fail lastError [%d]\r\n", GetLastError());
+        VirtualFreeEx(hProcess, VirtualAddress, dwSize, MEM_DECOMMIT);
+        CloseHandle(hProcess);
+        return FALSE;
+    }
+    // 等待远程线程结束
+    WaitForSingleObject(hThread, INFINITE);
+    // 清理资源
+    VirtualFreeEx(hProcess, VirtualAddress, dwSize, MEM_DECOMMIT);
+    CloseHandle(hThread);
+    CloseHandle(hProcess);
+    return TRUE;
+}
+
+
+BOOL InjectDllByRemoteThreadXP(const TCHAR* wzDllFile, ULONG_PTR ProcessId)
+{
+    // 参数无效
+    if (NULL == wzDllFile || 0 == ::_tcslen(wzDllFile) || ProcessId == 0 || -1 == _taccess(wzDllFile, 0))
+    {    
+        return FALSE;
+    }
+    HANDLE hProcess = NULL;
+    HANDLE hThread  = NULL;
+    DWORD dwSize = 0;
+    TCHAR* VirtualAddress = NULL;
+    LPTHREAD_START_ROUTINE FuncAddress = NULL;
+
+    if(!EnableDebugPrivilege())
+    {
+        printf("EnableDebugPrivilege fail lasterror is [%d]\n", GetLastError());
+        return FALSE;
+    }
+
+    // 获取目标进程句柄
+    hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, ProcessId);
+    if (NULL == hProcess)
+    {
+        printf("Open Process Fail LastError [%d]\r\n", GetLastError());
+        return FALSE;
+    }
+    // 在目标进程中分配内存空间
+    dwSize = (DWORD)::_tcslen(wzDllFile) + 1;
+    VirtualAddress = (TCHAR*)::VirtualAllocEx(hProcess, NULL, dwSize * sizeof(TCHAR), MEM_COMMIT, PAGE_READWRITE);
+    if (NULL == VirtualAddress)
+    {
+        printf("Virtual Process Memory Fail LastError [%d]\r\n", GetLastError());
+        CloseHandle(hProcess);
+        return FALSE;
+    }
+    // 在目标进程的内存空间中写入所需参数(模块名)
+    if (FALSE == ::WriteProcessMemory(hProcess, VirtualAddress, (LPVOID)wzDllFile, dwSize * sizeof(TCHAR), NULL))
+    {
+        printf("Write Data Fail LastError [%d]\r\n", GetLastError());
+        VirtualFreeEx(hProcess, VirtualAddress, dwSize, MEM_DECOMMIT);
+        CloseHandle(hProcess);
+        return FALSE;
+    }
+    // 从 Kernel32.dll 中获取 LoadLibrary 函数地址
+#ifdef _UNICODE
+    FuncAddress = (PTHREAD_START_ROUTINE)::GetProcAddress(::GetModuleHandle(_T("Kernel32")), "LoadLibraryW");
+#else
+    FuncAddress = (PTHREAD_START_ROUTINE)::GetProcAddress(::GetModuleHandle(_T("Kernel32")), "LoadLibraryA");
+#endif
+
+    if (NULL == FuncAddress)
+    {
+        printf("Get LoadLibrary Fail LastError [%d]\r\n", GetLastError());
+        VirtualFreeEx(hProcess, VirtualAddress, dwSize, MEM_DECOMMIT);
+        CloseHandle(hProcess);
+        return false;
+    }
+
+    // 创建远程线程调用 LoadLibrary
+    hThread = ::CreateRemoteThread(hProcess, NULL, 0, FuncAddress, VirtualAddress, 0, NULL);
+    if (NULL == hThread)
+    {
+        printf("CreateRemoteThread Fail LastError [%d]\r\n", GetLastError());
+        VirtualFreeEx(hProcess, VirtualAddress, dwSize, MEM_DECOMMIT);
+        CloseHandle(hProcess);
+        return FALSE;
+    }
+
+    // 等待远程线程结束
+    WaitForSingleObject(hThread, INFINITE);
+    // 清理
+    VirtualFreeEx(hProcess, VirtualAddress, dwSize, MEM_DECOMMIT);
+    CloseHandle(hThread);
+    CloseHandle(hProcess);
+
+    return TRUE;
+}
+
+WIN_VERSION  GetWindowsVersion()
+{
+    RTL_OSVERSIONINFOEXW verInfo = { 0 };  
+    verInfo.dwOSVersionInfoSize = sizeof( verInfo );  
+
+    fnRtlGetVersion RtlGetVersion = (fnRtlGetVersion)GetProcAddress( GetModuleHandleW( L"ntdll.dll" ), "RtlGetVersion" );  
+    if(RtlGetVersion != NULL && RtlGetVersion((PRTL_OSVERSIONINFOW)&verInfo) == 0)
+    {
+        if (verInfo.dwMajorVersion <= 4 )
+        {
+            return WindowsNT;
+        }
+        if (verInfo.dwMajorVersion == 5 && verInfo.dwMinorVersion == 0)
+        {
+            return Windows2000;
+        }
+
+        if (verInfo.dwMajorVersion == 5 && verInfo.dwMinorVersion == 1)
+        {
+            return WindowsXP;
+        }
+        if (verInfo.dwMajorVersion == 5 && verInfo.dwMinorVersion == 2)
+        {
+            return Windows2003;
+        }
+        if (verInfo.dwMajorVersion == 6 && verInfo.dwMinorVersion == 0)
+        {
+            return WindowsVista;
+        }
+
+        if (verInfo.dwMajorVersion == 6 && verInfo.dwMinorVersion == 1)
+        {
+            return Windows7;
+        }
+        if (verInfo.dwMajorVersion == 6 && verInfo.dwMinorVersion == 2 )
+        {
+            return Windows8;
+        }
+        if (verInfo.dwMajorVersion == 10 && verInfo.dwMinorVersion == 0 && verInfo.dwBuildNumber >= 10240)
+        {
+            return Windows10;
+        }
+    }
+
+    return WinUnknown;
+}
+
+BOOL EnableDebugPrivilege()
+{
+    HANDLE hToken;   
+    TOKEN_PRIVILEGES TokenPrivilege;
+    LUID uID;
+    if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
+    {
+        printf("OpenProcessToken is Error\n");
+        return FALSE;
+    }
+    if (!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&uID))
+    {
+        printf("LookupPrivilegeValue is Error\n");
+        return FALSE;
+    }
+    TokenPrivilege.PrivilegeCount = 1;
+    TokenPrivilege.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+    TokenPrivilege.Privileges[0].Luid = uID;
+    //在这里我们进行调整权限
+    if (!AdjustTokenPrivileges(hToken,false,&TokenPrivilege,sizeof(TOKEN_PRIVILEGES),NULL,NULL))
+    {
+        printf("AdjuestTokenPrivileges is Error\n");
+        return  FALSE;
+    }
+    return TRUE;
+}
@@ -0,0 +1,3 @@
+#pragma once
+
+#include "resource.h"
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{62BBF757-A1B4-4FF4-89C0-2890DEF4983F}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>CreateRemoteThread</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <CharacterSet>Unicode</CharacterSet>
+    <UseOfMfc>Dynamic</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <CharacterSet>Unicode</CharacterSet>
+    <UseOfMfc>Dynamic</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+    <UseOfMfc>Dynamic</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+    <UseOfMfc>Dynamic</UseOfMfc>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <None Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="CreateRemoteThread.h" />
+    <ClInclude Include="Resource.h" />
+    <ClInclude Include="stdafx.h" />
+    <ClInclude Include="targetver.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="CreateRemoteThread.cpp" />
+    <ClCompile Include="stdafx.cpp">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="CreateRemoteThread.rc" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="源文件">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="头文件">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="资源文件">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="stdafx.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+    <ClInclude Include="targetver.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+    <ClInclude Include="Resource.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+    <ClInclude Include="CreateRemoteThread.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="stdafx.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+    <ClCompile Include="CreateRemoteThread.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="CreateRemoteThread.rc">
+      <Filter>资源文件</Filter>
+    </ResourceCompile>
+  </ItemGroup>
+</Project>
@@ -0,0 +1,4 @@
+32 bit process Inject The dll to 32 bit process
+64 bit process Inject The dll to 64 bit process
+sometimes you maybe fail to inject because cann't openprocess successful
+and many safe software will protect it avoiding you to inject
@@ -0,0 +1,17 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Visual C++ generated include file.
+// Used by CreateRemoteThread.rc
+//
+
+#define IDS_APP_TITLE            103
+
+// 新对象的下一组默认值
+//
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NEXT_RESOURCE_VALUE    101
+#define _APS_NEXT_COMMAND_VALUE        40001
+#define _APS_NEXT_CONTROL_VALUE        1000
+#define _APS_NEXT_SYMED_VALUE        101
+#endif
+#endif
@@ -0,0 +1,8 @@
+// stdafx.cpp : 只包括标准包含文件的源文件
+// CreateRemoteThread.pch 将作为预编译头
+// stdafx.obj 将包含预编译类型信息
+
+#include "stdafx.h"
+
+// TODO: 在 STDAFX.H 中
+// 引用任何所需的附加头文件，而不是在此文件中引用
@@ -0,0 +1,32 @@
+// stdafx.h : 标准系统包含文件的包含文件，
+// 或是经常使用但不常更改的
+// 特定于项目的包含文件
+//
+
+#pragma once
+
+#include "targetver.h"
+
+#include <stdio.h>
+#include <tchar.h>
+#define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS      // 某些 CString 构造函数将是显式的
+
+#ifndef VC_EXTRALEAN
+#define VC_EXTRALEAN            //  从 Windows 头文件中排除极少使用的信息
+#endif
+
+#include <afx.h>
+#include <afxwin.h>         // MFC 核心组件和标准组件
+#include <afxext.h>         // MFC 扩展
+#ifndef _AFX_NO_OLE_SUPPORT
+#include <afxdtctl.h>           // MFC 对 Internet Explorer 4 公共控件的支持
+#endif
+#ifndef _AFX_NO_AFXCMN_SUPPORT
+#include <afxcmn.h>                     // MFC 对 Windows 公共控件的支持
+#endif // _AFX_NO_AFXCMN_SUPPORT
+
+#include <iostream>
+
+
+
+// TODO: 在此处引用程序需要的其他头文件
@@ -0,0 +1,8 @@
+#pragma once
+
+// 包括 SDKDDKVer.h 将定义可用的最高版本的 Windows 平台。
+
+// 如果要为以前的 Windows 平台生成应用程序，请包括 WinSDKVer.h，并将
+// WIN32_WINNT 宏设置为要支持的平台，然后再包括 SDKDDKVer.h。
+
+#include <SDKDDKVer.h>