如何解决在C ++中出现DLL注入器错误
我正在制造DLL注射器。一个非常简单的应用程序:控制台应用程序,输入DLL,输入过程。但我在第26行遇到错误:
LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"),"LoadLibraryA");
有人可以帮我吗?
#include<Windows.h> //DWORD
#include <iostream>
#include <string>
#include <psapi.h> //EnumProcessModules
#include <VersionHelpers.h>
#include <atlstr.h> // CString
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
BOOL InjectDLL(DWORD ProcessID)
{
LPCSTR DLL_PATH = "dll file here";
LPVOID LoadLibAddy,RemoteString;
if (!ProcessID)
return false;
HANDLE Proc = OpenProcess(CREATE_THREAD_ACCESS,FALSE,ProcessID);
if (!Proc)
{
std::cout << "OpenProcess() failed: " << GetLastError() << std::endl;
return false;
}
LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"),"LoadLibraryA");
RemoteString = (LPVOID)VirtualAllocEx(Proc,NULL,strlen(DLL_PATH) + 1,MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(Proc,RemoteString,(LPVOID)DLL_PATH,strlen(DLL_PATH)+1,NULL);
CreateRemoteThread(Proc,(LPTHREAD_START_ROUTINE)LoadLibAddy,NULL);
CloseHandle(Proc);
return true;
...
解决方法
您没有说您遇到什么样的错误。但是我怀疑您在GetModuleHandle("kernel32.dll")
上遇到了编译时错误。如果您的项目设置为使用Unicode字符集,则需要使用GetModuleHandle(L"kernel32.dll")
来代替。或更好,因为GetModuleHandle()
是基于TCHAR
的宏,请使用TEXT("kernel32.dll")
进行匹配:
LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"LoadLibraryA");
否则,请改用GetModuleHandleA()
或GetModuleHandleW()
:
LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"),"LoadLibraryA");
LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandleW(L"kernel32.dll"),"LoadLibraryA");
话虽如此,您在分配内存或创建远程线程时也不会执行任何错误处理。而且,由于泄漏分配的内存和资源,您的逻辑是不完整的。您需要等待远程线程完成,然后释放您分配的虚拟内存,然后关闭线程的句柄。
尝试以下方法:
#include <Windows.h> //DWORD
#include <iostream>
#include <string>
#include <psapi.h> //EnumProcessModules
#include <VersionHelpers.h>
#include <atlstr.h> // CString
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
bool InjectDLL(DWORD ProcessID)
{
LPCSTR DLL_PATH = "dll file here";
int DLL_PATH_SIZE = strlen(DLL_PATH) + 1;
if (ProcessID == 0)
return false;
FARPROC LoadLibAddy = GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")),"LoadLibraryA");
if (!LoadLibAddy)
{
DWORD err = GetLastError();
std::cout << "Can't find LoadLibraryA: " << err << std::endl;
return false;
}
HANDLE Proc = OpenProcess(CREATE_THREAD_ACCESS,FALSE,ProcessID);
if (!Proc)
{
DWORD err = GetLastError();
std::cout << "OpenProcess() failed: " << err << std::endl;
return false;
}
LPVOID RemoteString = VirtualAllocEx(Proc,NULL,DLL_PATH_SIZE,MEM_COMMIT,PAGE_READWRITE);
if (!RemoteString)
{
DWORD err = GetLastError();
std::cout << "VirtualAllocEx() failed: " << err << std::endl;
CloseHandle(Proc);
return false;
}
if (!WriteProcessMemory(Proc,RemoteString,DLL_PATH,NULL))
{
DWORD err = GetLastError();
std::cout << "WriteProcessMemory() failed: " << err << std::endl;
VirtualFreeEx(Proc,MEM_RELEASE);
CloseHandle(Proc);
return false;
}
HANDLE Thread = CreateRemoteThread(Proc,(LPTHREAD_START_ROUTINE)LoadLibAddy,NULL);
if (!Thread)
{
DWORD err = GetLastError();
std::cout << "CreateRemoteThread() failed: " << err << std::endl;
VirtualFreeEx(Proc,MEM_RELEASE);
CloseHandle(Proc);
return false;
}
WaitForSingleObject(Thread,INFINITE);
// If the target process is 32bit,you can use GetExitCodeThread()
// to find out if LoadLibraryA() was successful or not.
//
// If the target process is 64bit,it is much harder to determine
// that. You would have to allocate an entire function containing
// shellcode that calls LoadLibraryA() and saves the result in
// memory that you can then read via ReadProcessMemory(). Or,// you would have to enumerate the target process's modules list
// looking for the DLL that you just injected.
CloseHandle(Thread);
VirtualFreeEx(Proc,MEM_RELEASE);
CloseHandle(Proc);
return true;
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。