C ++ Dll注入 [英] C++ Dll Injection
问题描述
我非常感谢您在这方面的帮助。
I would really appreciate your help in this.
我一直试图让一个Dll注入一个远程进程,并做一些改变,我现在遇到的是我不知道如何让这一切。
I have been trying to get a Dll injected into a remote process and do a few changes inside it, the problem I'm encountering right now is i don't know how to get this going.
所以首先,这里是我的代码,我已经开发了到目前为止:
dllmain.cpp
So first, here is my piece of code that I have developed so far:
dllmain.cpp
#include <windows.h>
#include <stdio.h>
BOOL APIENTRY DllMain (HINSTANCE hInst /* Library instance handle. */ ,
DWORD reason /* Reason this function is being called. */ ,
LPVOID reserved /* Not used. */ )
{
switch (reason)
{
case DLL_PROCESS_ATTACH:
MessageBox (0, "From DLL\n", "Process Attach", MB_ICONINFORMATION);
break;
case DLL_PROCESS_DETACH:
MessageBox (0, "From DLL\n", "Process Detach", MB_ICONINFORMATION);
break;
case DLL_THREAD_ATTACH:
MessageBox (0, "From DLL\n", "Thread Attach", MB_ICONINFORMATION);
break;
case DLL_THREAD_DETACH:
MessageBox (0, "From DLL\n", "Thread Detach", MB_ICONINFORMATION);
break;
}
return TRUE;
}
它根据它满足的条件显示一个消息框。
现在我想让我的Dll做的是,在被注入到远程进程后,我想它写一个内存位置并更改它的值。
It simply displays a message box depending on the conditions it meets. Now what I would like my Dll to do is, after being injected into the remote process, I would like it to write a memory location and change it's value.
数据类型:无符号短整型
内存位置:0041D090
Data type: Unsigned Short Int
Memory location: 0041D090
我希望一切清晰,
谢谢您的耐心等待,
I hope everything is clear, Thank you for your patience, help is appreciated.
推荐答案
您不必编写DLL以在固定地址更改另一进程的内存。您可以使用 WriteProcessMemory()
。
You don't have to write a DLL to change another process's memory at a fixed address. You can use WriteProcessMemory()
.
但是...将DLL注入另一个进程的方法如下:
However... The way to inject a DLL into another process is the following...
-
使用
VirtualAllocEx()
分配目标进程内存中的DLL文件路径长度...这就像远程执行一个malloc
。
Use
VirtualAllocEx()
to allocate the length of the file path to the DLL inside the target process's memory... This is like remotely doing amalloc
.
使用 WriteProcessMemory()
将DLL的文件路径复制到上一步返回的内容中。这就像远程做一个 strcpy
。
使用 CreateRemoteThread()
。您可以将它指向 LoadLibrary()
作为入口点,将来自步骤1和2的文件路径作为参数。这是一个有点hacky,说实话,但如果你注入一个DLL,你已经是相当黑客。另一种技术将是使用步骤1和2。
Use CreateRemoteThread()
. You can point it at LoadLibrary()
as the entry point and the file path from steps 1 and 2 as the argument. That's a bit hacky, to be honest, but if you are injecting a DLL you're already being quite hacky. Another technique would be to use steps 1 & 2 to load some machine code into the remote proceess and point it at that.
请记住,这种技术是一个伟大的方式来破坏目标进程的稳定。特别是,这不是我会在一个产品,最终被运到其他人。
Keep in mind that this technique is a great way to destabilize the target process. In particular, this isn't something I'd do in a product that ends up getting shipped to others.
这篇关于C ++ Dll注入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!