Delphi-尝试使用DLL注入覆盖指令时发生访问冲突 [英] Delphi - Access violation when try to overwrite an instruction with DLL Injection
问题描述
早上好。
我正在尝试了解DLL注入,所以我写了一个小软件,只得到一个String,与StrCmp()比较,如果输入等于 Winner,则该软件会产生一个好孩子消息,并带有学习DLL注入的功能。
因此,我编写了一个在注入时加载Form的DLL,海豚正在使用DLL注入,修改比较指令(JNZ(74)到JMP(EB)),并使该软件接受任何字符串。我的DLL代码是:
Good morning. I'm trying to learn about DLL injection, so I've wrote a little software, that just gets a String, compares with StrCmp() and if the input was equal "Winner", the software gives a Good boy message, with the porpouse of learn DLL injection. So I write a DLL that loads a Form when inject, the porpouse is using the DLL injection, to modify the Instruction of comparison( JNZ(74) to JMP(EB)), and make the software, accept any string. My DLL code is:
library Project2;
uses
SysUtils,
Windows,
Classes,
Unit1 in 'Unit1.pas' {Form1};
{$R *.res}
var
Hproccess:THandle;
Hid:Cardinal;
b:Boolean=false;
Procedure Chamar;
begin
Form1:=TForm1.Create(nil);
Form1.ShowModal;
end;
begin
Hproccess:=OpenProcess(PROCESS_ALL_ACCESS,false,GetCurrentProcessID);
CreateRemoteThread(Hproccess,nil,0,@Chamar,@Chamar,0,Hid);
end.
您怎么看,DLL只是创建一个新线程来加载Form(Form1)。问题是,当我在Memory Addres中写入以覆盖JNZ指令时,Windows不允许我这样做,而是在地址005B55A9返回访问冲突消息。我的表单代码也非常简单。
How can you see, the DLL just Create a new Thread to load the Form(Form1). The problem is, when I write in the Memory Addres to overwrite the JNZ instruction, Windows don't let me do it, and returns the Message of Access Violation at Address 005B55A9. My form code also is very simple.
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TForm1 = class(TForm)
Button2: TButton;
procedure Button2Click(Sender: TObject);
private
public
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.Button2Click(Sender: TObject);
var
Memory:Dword;
begin
Memory:=$005B55A9;
PDWORD(Memory)^:=225; {EB=225}
Free();
end;
end.
我在做什么错了?如何在没有访问冲突错误的情况下将JNZ(74)的指令覆盖到JMP(EB)?抱歉,我的错误是我昨天开始阅读的,这是我的第一个例子。我已经有喷油器(极端喷油器)。我的疑问仅在于DLL编码。您能帮我吗?
What Am I doing of wrong? How can I overwrite the instruction of JNZ(74) to JMP(EB) without Access Violation error? Sorry for my mistakes, I started to read about it yesterday, that was my first example. I already have the Injector(Extreme Injector). My doubt is just about the DLL coding. Can you help me?
我忘了说,我使用Windows 10 ...
I forgot to say, I use Windows 10...
推荐答案
假定您声称该地址是进程中的有效地址,那么访问冲突将表明该地址的保护标志不允许写入。
Assuming that, as you claim, that address is a valid address in your process, an access violation would indicate that the protection flags for that address do not permit writing. That would typically be the case for the code in your process.
处理该问题的几种方法:
A couple of ways to deal with that:
- 使用
VirtualProtect更改该地址的保护。通常,一旦完成修改,您就希望将保护恢复到其原始值。 - 使用[
WriteProcessMemory] [3 ]执行内存写入。这将更改保护以允许写入,进行修改并恢复原始保护。如果地址实际上是指其他进程,则必须使用WriteProcessMemory来修改内存。
- Use
VirtualProtectto change the protection for that address. Typically you'll want to restore the protection to its original value once you have made your modification. - Use [
WriteProcessMemory][3] to perform the memory write. This will change the protection to allow writing, make the modification, and restore the original protection. If the address in fact refers to a different process, then you have to useWriteProcessMemoryto modify the memory.
为此目的使用 VirtualProtect 的示例很多。例如,这篇文章显示了如何修补一些代码并使用 VirtualProtect 安排可以写入的内存。该帖子中写的实际数据与您的不同,但重点是演示如何使用 VirtualProtect 。
Examples of using VirtualProtect for such purposes abound. For instance, this post shows how to patch some code, and use VirtualProtect to arrange that the memory can be written to. The actual data written in that post differs from yours, but the point is to demonstrate how to use VirtualProtect.
在继续之前,请确保已阅读文档小心。
Before you proceed, make sure you read the documentation carefully.
这篇关于Delphi-尝试使用DLL注入覆盖指令时发生访问冲突的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
