这段DLL注入的代码哪儿有有关问题,求解(高分求)
这段DLL注入的代码哪儿有问题,求解(高分求)。
能够运行,函数也返回TRUE,但是注入的进程没有任何反应,1836是我电脑上explorer.exe的当前PID
dlld.dll中的代码如下
求大牛不吝指点,感激不尽。
------解决方案--------------------
用procexp查看dll是否装载了
------解决方案--------------------
- C/C++ code
#include <windows.h>
#include <iostream>
#include <cstdio>
using namespace std;
BOOL WINAPI LoadLib(DWORD dwProcessId, LPWSTR lpszLibName)
{
HANDLE hProcess = NULL,
hThread = NULL;
LPWSTR lpszRemoteFile = NULL;
hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE,FALSE,dwProcessId);
if (hProcess == NULL)
{
return FALSE;
}
lpszRemoteFile = (LPWSTR)VirtualAllocEx(hProcess, NULL, sizeof(WCHAR) * lstrlenW(lpszLibName) + 1, MEM_COMMIT, PAGE_READWRITE);
if (lpszRemoteFile == NULL)
{
return FALSE;
}
if (!WriteProcessMemory(hProcess,lpszRemoteFile,(PVOID)lpszLibName, sizeof(WCHAR) * lstrlenW(lpszLibName) + 1,NULL))
{
return FALSE;
}
FARPROC pfnThreadRtn = (FARPROC)GetProcAddress(GetModuleHandle("Kernel32.dll"),"LoadLibraryW");
if (pfnThreadRtn == NULL)
{
return FALSE;
}
hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)pfnThreadRtn,lpszRemoteFile,0,NULL);
if (hThread == NULL)
{
return FALSE;
}
WaitForSingleObject(hThread, INFINITE);
VirtualFreeEx(hProcess, lpszRemoteFile, 0, MEM_RELEASE);
CloseHandle(hThread);
CloseHandle(hProcess);
return TRUE;
}
int main(int argc,char* argv[])
{
if(LoadLib(1836,(LPWSTR)"dll.dll") == FALSE)
{
cout << "注入失败" << endl;
}
else
{
cout << "注入成功" << endl;
}
system("pause");
return 0;
}
能够运行,函数也返回TRUE,但是注入的进程没有任何反应,1836是我电脑上explorer.exe的当前PID
dlld.dll中的代码如下
- C/C++ code
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
MessageBox(NULL,"已经注入","Message",MB_OK);
break;
case DLL_PROCESS_DETACH:
MessageBox(NULL,"已经注销","Message",MB_OK);
break;
}
return TRUE;
}
求大牛不吝指点,感激不尽。
------解决方案--------------------
用procexp查看dll是否装载了
------解决方案--------------------
- C/C++ code
#include "stdafx.h"
#include <windows.h>
#include <iostream>
#include <cstdio>
using namespace std;
BOOL WINAPI LoadLib(DWORD dwProcessId, LPWSTR lpszLibName)
{
HANDLE hProcess = NULL,
hThread = NULL;
LPWSTR lpszRemoteFile = NULL;
hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE,FALSE,dwProcessId);
if (hProcess == NULL)
{
return FALSE;
}
lpszRemoteFile = (LPWSTR)VirtualAllocEx(hProcess, NULL, sizeof(WCHAR) * lstrlenW(lpszLibName) + 1, MEM_COMMIT, PAGE_READWRITE);
if (lpszRemoteFile == NULL)
{
return FALSE;
}
if (!WriteProcessMemory(hProcess,lpszRemoteFile,(PVOID)lpszLibName, sizeof(WCHAR) * lstrlenW(lpszLibName) + 1,NULL))
{
return FALSE;
}
FARPROC pfnThreadRtn = (FARPROC)GetProcAddress(GetModuleHandle(TEXT("Kernel32.dll")),"LoadLibraryW");
if (pfnThreadRtn == NULL)
{
return FALSE;
}
hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)pfnThreadRtn,lpszRemoteFile,0,NULL);
if (hThread == NULL)
{
return FALSE;
}
WaitForSingleObject(hThread, INFINITE);
VirtualFreeEx(hProcess, lpszRemoteFile, 0, MEM_RELEASE);
CloseHandle(hThread);
CloseHandle(hProcess);
return TRUE;
}
int _tmain(int argc, _TCHAR* argv[])
{
HWND hTarget = FindWindow(NULL, TEXT("无标题 - 记事本"));
_ASSERT(hTarget != NULL);
DWORD dwPID;
GetWindowThreadProcessId(hTarget, &dwPID);
if(LoadLib(dwPID, TEXT("d:\\dll.dll")) == FALSE)
{
cout << "注入失败" << endl;
}
else
{
cout << "注入成功" << endl;
}
system("pause");
return 0;
}