Delphi - 尝试使用 DLL 注入覆盖指令时出现访问冲突 [英] Delphi - Access violation when try to overwrite an instruction with DLL Injection

查看:17

问题描述

早上好.我正在尝试了解 DLL 注入,所以我写了一个小软件,它只是获取一个字符串,与 StrCmp() 进行比较,如果输入等于Winner",软件会给出一个 Good boy 消息,带有学习DLL注入的目的.所以我写了一个DLL,在注入时加载一个Form,海豚使用DLL注入,修改比较指令(JNZ(74)到JMP(EB)),并使软件接受任何字符串.我的 DLL 代码是:

Good morning. I'm trying to learn about DLL injection, so I've wrote a little software, that just gets a String, compares with StrCmp() and if the input was equal "Winner", the software gives a Good boy message, with the porpouse of learn DLL injection. So I write a DLL that loads a Form when inject, the porpouse is using the DLL injection, to modify the Instruction of comparison( JNZ(74) to JMP(EB)), and make the software, accept any string. My DLL code is:

library Project2;
uses
  SysUtils,
  Windows,
  Classes,
  Unit1 in 'Unit1.pas' {Form1};

{$R *.res}
var
Hproccess:THandle;
Hid:Cardinal;
b:Boolean=false;

       Procedure Chamar;
       begin
        Form1:=TForm1.Create(nil);
       Form1.ShowModal;
       end;
begin
Hproccess:=OpenProcess(PROCESS_ALL_ACCESS,false,GetCurrentProcessID);
CreateRemoteThread(Hproccess,nil,0,@Chamar,@Chamar,0,Hid);
end.

你怎么看,DLL只是创建了一个新线程来加载Form(Form1).问题是,当我在内存地址中写入覆盖 JNZ 指令时,Windows 不允许我这样做,并在地址 005B55A9 处返回访问冲突消息.我的表单代码也很简单.

How can you see, the DLL just Create a new Thread to load the Form(Form1). The problem is, when I write in the Memory Addres to overwrite the JNZ instruction, Windows don't let me do it, and returns the Message of Access Violation at Address 005B55A9. My form code also is very simple.

    unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls;

type
  TForm1 = class(TForm)
    Button2: TButton;
    procedure Button2Click(Sender: TObject);

  private

  public

  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}
procedure TForm1.Button2Click(Sender: TObject);
var
Memory:Dword;
begin
Memory:=$005B55A9;
PDWORD(Memory)^:=225; {EB=225}
Free();
end;
end.

我做错了什么?如何在没有访问冲突错误的情况下将 JNZ(74) 的指令覆盖到 JMP(EB)?抱歉我的错误,我昨天开始阅读它,这是我的第一个例子.我已经有了注射器(Extreme Injector).我的疑问只是关于 DLL 编码.你能帮我吗?

What Am I doing of wrong? How can I overwrite the instruction of JNZ(74) to JMP(EB) without Access Violation error? Sorry for my mistakes, I started to read about it yesterday, that was my first example. I already have the Injector(Extreme Injector). My doubt is just about the DLL coding. Can you help me?

我忘了说,我用的是 Windows 10...

I forgot to say, I use Windows 10...

推荐答案

假设该地址是您进程中的有效地址,则访问冲突将表明该地址的保护标志不允许写入.您的流程中的代码通常就是这种情况.

Assuming that, as you claim, that address is a valid address in your process, an access violation would indicate that the protection flags for that address do not permit writing. That would typically be the case for the code in your process.

解决这个问题的几种方法:

A couple of ways to deal with that:

  1. 使用VirtualProtect 更改该地址的保护.通常,您需要在进行修改后将保护恢复到其原始值.
  2. 使用 [WriteProcessMemory][3] 执行内存写入.这将更改保护以允许写入、进行修改并恢复原始保护.如果地址实际上指向不同的进程,则必须使用WriteProcessMemory 来修改内存.
  1. Use VirtualProtect to change the protection for that address. Typically you'll want to restore the protection to its original value once you have made your modification.
  2. Use [WriteProcessMemory][3] to perform the memory write. This will change the protection to allow writing, make the modification, and restore the original protection. If the address in fact refers to a different process, then you have to use WriteProcessMemory to modify the memory.

VirtualProtect 用于此类目的的示例比比皆是.例如,这篇文章展示了如何修补一些代码,并使用VirtualProtect来安排内存可以被写入.该帖子中写入的实际数据与您的不同,但重点是演示如何使用 VirtualProtect.

Examples of using VirtualProtect for such purposes abound. For instance, this post shows how to patch some code, and use VirtualProtect to arrange that the memory can be written to. The actual data written in that post differs from yours, but the point is to demonstrate how to use VirtualProtect.

在继续之前,请务必阅读文档 小心.

Before you proceed, make sure you read the documentation carefully.

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆