c++ 注入器运行,但不注入 DLL
c++ Injector runs but is not injecting DLL
我在Windows 2017上使用Visual Studios 10,我编写了一个c ++程序来打开进程的句柄。程序运行并打开进程。我在调试器中运行了该程序,看起来所有函数都通过了。但是我知道DLL没有注入,因为当我在32位游戏上运行此应用程序时。我可以删除测试.dll我使用了测试,这意味着它没有被使用。关于为什么运行良好但不注入的任何建议?
PS remThread 是值0x0000011c
// DLL Injector.cpp : Defines the entry point for the console application.
#include "stdafx.h"
int InjectDLL(DWORD, string*);
int getDLLpath(string*);
int getPID(int*);
int getProc(HANDLE*, DWORD);
void enableSeDebug();
int main()
{
//Escalate privlege
enableSeDebug();
system("title Dll Injector");
string dllPath = "";
int PID = -1;
getDLLpath(&dllPath);
getPID(&PID);
InjectDLL(PID, &dllPath);
system("pause");
return 0;
}
int getDLLpath(string* dllPath)
{
cout << "Please enter the path to your DLL filen";
cin >> *dllPath;
return 1;
}
int getPID(int* PID)
{
cout << "Please enter the PID to your target processn";
cin >> *PID;
return 1;
}
int getProc(HANDLE* handleToProc, DWORD pid)
{
//Create a handle to the process
*handleToProc = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
if (*handleToProc != 0)
{
cout << "Unable to open process.n";
return -1;
}
else
{
cout << "process opened.n";
return 1;
}
}
int InjectDLL(DWORD PID, string* dllPath)
{
HANDLE handleToProc;
LPVOID LoadLibAddr;
LPVOID baseAddr;
HANDLE remThread;
//Get handle to process
if (getProc(&handleToProc, PID) < 0)
return -1;
//Load kernel32 library
LoadLibAddr = (LPVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
if (!LoadLibAddr)
return -1;
//Allocate memory for DLL injection
baseAddr = VirtualAllocEx(handleToProc, NULL, dllPath->length(), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (!baseAddr)
return -1;
//Write dll path
if (!WriteProcessMemory(handleToProc, baseAddr, dllPath, dllPath->length(), NULL))
return -1;
//Create remote thread
remThread = CreateRemoteThread(handleToProc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddr, baseAddr, 0, NULL);
if (!remThread)
return -1;
//Wait untill DLL exits then deallocate memmory
WaitForSingleObject(remThread, INFINITE);
//Freing memmory
VirtualFreeEx(handleToProc, baseAddr, dllPath->length(), MEM_RELEASE);
//Closing handles
if (CloseHandle(remThread) == 0)
{
cout << "Failed to close handle to remote thread.n";
return -1;
}
if (CloseHandle(handleToProc) == 0)
{
cout << "Failed to close handle to target process.n";
return -1;
}
return 1;
}
void enableSeDebug()
{
/////////////////////////////////////////////////////////
// Note: Enabling SeDebugPrivilege adapted from sample
// MSDN @ http://msdn.microsoft.com/en-us/library/aa446619%28VS.85%29.aspx
// Enable SeDebugPrivilege
HANDLE hToken = NULL;
TOKEN_PRIVILEGES tokenPriv;
LUID luidDebug;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken) != FALSE)
{
if (LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luidDebug) != FALSE)
{
tokenPriv.PrivilegeCount = 1;
tokenPriv.Privileges[0].Luid = luidDebug;
tokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (AdjustTokenPrivileges(hToken, FALSE, &tokenPriv, 0, NULL, NULL) != FALSE)
{
// Always successful, even in the cases which lead to OpenProcess failure
cout << "SUCCESSFULLY CHANGED TOKEN PRIVILEGES" << endl;
}
else
{
cout << "FAILED TO CHANGE TOKEN PRIVILEGES, CODE: " << GetLastError() << endl;
}
}
}
CloseHandle(hToken);
// Enable SeDebugPrivilege
}
上面的代码可以打开一个 32 位进程并在没有函数调用失败但 DLL 没有注入的情况下运行?
我能够解决我的问题。检查 getProc 时,我需要做
int getProc(HANDLE* handleToProc, DWORD pid)
{
//Create a handle to the process
*handleToProc = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
if (*handleToProc == NULL) //I changed this line to check for NULL
{
cout << "Unable to open process.n";
return -1;
}
else
{
cout << "process opened.n";
return 1;
}
}
我需要更改的第二部分是我的 dllPath,它是一个字符串,需要是一个字符*。因此,当我编写DLL字符串时,它是不同的编码。使用 char* 指针修复了此问题,现在注入器可以工作了。
嗯,我认为getProc的测试应该是:
if (*handleToProc == 0)
...
加上其他人在评论中所说的关于测试和报告GetLastError.
可能还有其他问题,我只是略读了代码
在这里,您必须将其重写为更"正确"的代码。(不是亲(。您在条件检查方面遇到了一些问题。一切都对我有用。
#include <windows.h>
#include <iostream>
#include <tlhelp32.h>
#include <string>
using namespace std;
void getPID(DWORD&);
int getProc(HANDLE&, DWORD);
int main()
{
cout << "title Dll Injector" << endl;
string dllPath = "";
DWORD PID = NULL;
HANDLE handleToProc = nullptr;
getPID(PID);
if (getProc(handleToProc, PID) < 0)
return -1;
//Lets check is the handle valid
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
if (hSnapshot) {
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hSnapshot, &pe32)) {
do {
if (pe32.th32ProcessID == GetProcessId(handleToProc))
{
wstring name = wstring(pe32.szExeFile);
wcout << "Process id: " << pe32.th32ProcessID << ", Exe filename: " << name << endl;
}
} while (Process32Next(hSnapshot, &pe32));
}
CloseHandle(hSnapshot);
}
//Cleanup is a must!
CloseHandle(handleToProc);
return 0;
}
//Create a handle to process
int getProc(HANDLE& handleToProc, DWORD pid)
{
//Create a handle to the process
handleToProc = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
if (handleToProc == nullptr)
{
DWORD error = GetLastError();
cout << "Unable to open process. Error: " << error << "n";
return -1;
}
else
{
cout << "process opened.n";
return 0;
}
}
//Get PID from user
void getPID(DWORD& PID)
{
cout << "Please enter the PID to your target processn";
cin >> PID;
}
问题出在指向句柄分配的指针上,然后检查有效的句柄。
相关文章:
- 无法使用加载库卸载注入的 dll (C++)
- 将 dll 文件注入 UWP
- 如何在窗口中使用注入的 dll 中的参数调用函数
- 读取进程内存多级指针(DLL 注入)
- c++ 注入器运行,但不注入 DLL
- 为什么我的DLL只能注入手动映射
- DLL 注入不断失败,出现不一致的错误
- 在窗口执行目标 TLS 回调之前注入 dll
- 注入器不注入 dll
- C 向CMD.EXE监视命令注入DLL
- 调用注入DLL中的函数
- 在注入 dll 时链接到未解析的符号
- C++正在注入dll,是否需要线程
- 注入DLL的函数中出现访问冲突异常(5)
- 注入dll在windows XP上不起作用
- 阻止Dll c++注入Dll
- 通过CreateRemoteThread注入DLL
- 从运行的进程注入DLL后弹出
- 向远程进程注入DLL并显示信息
- 在chrome中注入dll的新方法
