C ++ Dll注入 [英] C++ Dll Injection

问题描述

我非常感谢您在这方面的帮助。

I would really appreciate your help in this.

我一直试图让一个Dll注入一个远程进程，并做一些改变，我现在遇到的是我不知道如何让这一切。

I have been trying to get a Dll injected into a remote process and do a few changes inside it, the problem I'm encountering right now is i don't know how to get this going.

所以首先，这里是我的代码，我已经开发了到目前为止：

dllmain.cpp

So first, here is my piece of code that I have developed so far:
dllmain.cpp

#include <windows.h>
#include <stdio.h>

BOOL APIENTRY DllMain (HINSTANCE hInst     /* Library instance handle. */ ,
                       DWORD reason        /* Reason this function is being called. */ ,
                       LPVOID reserved     /* Not used. */ )
{
switch (reason)
    {
      case DLL_PROCESS_ATTACH:
           MessageBox (0, "From DLL\n", "Process Attach", MB_ICONINFORMATION);
        break;

      case DLL_PROCESS_DETACH:
           MessageBox (0, "From DLL\n", "Process Detach", MB_ICONINFORMATION);
        break;

      case DLL_THREAD_ATTACH:
           MessageBox (0, "From DLL\n", "Thread Attach", MB_ICONINFORMATION);
        break;

      case DLL_THREAD_DETACH:
           MessageBox (0, "From DLL\n", "Thread Detach", MB_ICONINFORMATION);
        break;
    }  

    return TRUE;
}

它根据它满足的条件显示一个消息框。
现在我想让我的Dll做的是，在被注入到远程进程后，我想它写一个内存位置并更改它的值。

It simply displays a message box depending on the conditions it meets. Now what I would like my Dll to do is, after being injected into the remote process, I would like it to write a memory location and change it's value.

数据类型：无符号短整型

内存位置：0041D090

Data type: Unsigned Short Int
Memory location: 0041D090

我希望一切清晰，
谢谢您的耐心等待，

I hope everything is clear, Thank you for your patience, help is appreciated.

推荐答案

您不必编写DLL以在固定地址更改另一进程的内存。您可以使用 WriteProcessMemory（） 。

You don't have to write a DLL to change another process's memory at a fixed address. You can use WriteProcessMemory().

但是...将DLL注入另一个进程的方法如下：

However... The way to inject a DLL into another process is the following...

1. 使用 VirtualAllocEx（） 分配目标进程内存中的DLL文件路径长度...这就像远程执行一个 malloc 。

1. Use VirtualAllocEx() to allocate the length of the file path to the DLL inside the target process's memory... This is like remotely doing a malloc.

使用 WriteProcessMemory（） 将DLL的文件路径复制到上一步返回的内容中。这就像远程做一个 strcpy 。

使用 CreateRemoteThread（） 。您可以将它指向 LoadLibrary（）作为入口点，将来自步骤1和2的文件路径作为参数。这是一个有点hacky，说实话，但如果你注入一个DLL，你已经是相当黑客。另一种技术将是使用步骤1和2。

Use CreateRemoteThread(). You can point it at LoadLibrary() as the entry point and the file path from steps 1 and 2 as the argument. That's a bit hacky, to be honest, but if you are injecting a DLL you're already being quite hacky. Another technique would be to use steps 1 & 2 to load some machine code into the remote proceess and point it at that.

请记住，这种技术是一个伟大的方式来破坏目标进程的稳定。特别是，这不是我会在一个产品，最终被运到其他人。

Keep in mind that this technique is a great way to destabilize the target process. In particular, this isn't something I'd do in a product that ends up getting shipped to others.

这篇关于C ++ Dll注入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！