带字符串参数示例的CreateRemoteThread [英] CreateRemoteThread with string argument example

问题描述

任何人都可以给我一个如何使用字符串参数调用注入的dll函数的示例吗?我试图以我知道的方式进行操作，但是得到了错误的结果.我使用 VirtualAllocEx 分配内存，然后使用 WriteProcessMemory 向其中写入字符串参数，然后调用 CreateRemoteThread 将该字符串参数作为 lpParameter 参数.我调用的DLL函数具有以下原型:

  DWORD TestFunction(LPVOID str); 

据我了解，当 CreateRemoteThread 调用此函数时， str 包含指向所传递字符串的指针.但事实并非如此；它包含一些垃圾.看起来 str 参数指向错误的地址.我在做什么错了?

这是整个项目文件:
http://pastebin.com/gh4SnhmV
http://pastebin.com/Sq7hpSVx
http://pastebin.com/dvgXpUYz

解决方案

您可能会混淆VA空间，并在您的地址空间而不是目标地址中传递一个指针.

另外，请不要提供试图将线程注入其他进程的软件，这在一般意义上是很难做到的，就像试图在马拉松比赛中对某人进行操作一样.

Can anyone give me an example of how to call an injected dll's function with a string argument? I have tried to do it in the ways I know to do it but have gotten the wrong result. I allocate memory with VirtualAllocEx, then write string argument to it with WriteProcessMemory and after that call CreateRemoteThread passing that string argument as lpParameter parameter. The DLL function I call has following prototype:

DWORD TestFunction(LPVOID str);

From what I understand when this function is called by CreateRemoteThread, str contains a pointer to the passed string. But it doesn't; it contains some trash. It looks like str parameter points to the wrong address. What am I doing wrong?

Here are the whole project files:
http://pastebin.com/gh4SnhmV
http://pastebin.com/Sq7hpSVx
http://pastebin.com/dvgXpUYz

解决方案

You're probably getting the VA spaces mixed up, and passing a pointer in your address space instead of the target's.

Also, please don't ship software that tries to inject threads into other processes, it is extremely difficult to get right in the general sense, it's like trying to operate on someone while they're running a marathon.

这篇关于带字符串参数示例的CreateRemoteThread的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！