注入C ++ DLL [英] Injecting C++ DLL
问题描述
我知道这里有各种问题和书籍,但我似乎无法将我的C ++ DLL注入任何进程。
I know there are various questions and books on this but I can't seem to get my C++ DLL injected into any processes.
注入DLL的代码:
#include <iostream>
#include "windows.h"
bool Inject(DWORD pId, char *dllName);
using namespace std;
int main()
{
Inject(600, "C:\\d.dll");
return 0;
}
bool Inject(DWORD pId, char *dllName)
{
HANDLE h = OpenProcess(PROCESS_ALL_ACCESS, false, pId);
if(h)
{
LPVOID LoadLibAddr = (LPVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
LPVOID dereercomp = VirtualAllocEx(h, NULL, strlen(dllName), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
WriteProcessMemory(h, dereercomp, dllName, strlen(dllName), NULL);
HANDLE asdc = CreateRemoteThread(h, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddr, dereercomp, 0, NULL);
WaitForSingleObject(asdc, INFINITE);
VirtualFreeEx(h, dereercomp, strlen(dllName), MEM_RELEASE);
CloseHandle(asdc);
CloseHandle(h);
return true;
}
return false;
}
和我试图注入的DLL:
and the DLL I am trying to inject:
#include <windows.h>
#include <stdio.h>
BOOL APIENTRY DllMain (HINSTANCE hInst /* Library instance handle. */ ,
DWORD reason /* Reason this function is being called. */ ,
LPVOID reserved /* Not used. */ )
{
switch (reason)
{
case DLL_PROCESS_ATTACH:
MessageBox (0, "From DLL\n", "Process Attach", MB_ICONINFORMATION);
break;
case DLL_PROCESS_DETACH:
MessageBox (0, "From DLL\n", "Process Detach", MB_ICONINFORMATION);
break;
case DLL_THREAD_ATTACH:
MessageBox (0, "From DLL\n", "Thread Attach", MB_ICONINFORMATION);
break;
case DLL_THREAD_DETACH:
MessageBox (0, "From DLL\n", "Thread Detach", MB_ICONINFORMATION);
break;
}
return TRUE;
}
我不知道足够的C ++知道这是怎么回事。我已经运行过程浏览器的进程我试图注入(进程运行作为管理员aswell),但它不是注入。
I don't know enough C++ to know where this is going wrong. I have run Process Explorer on the process I am trying to inject to (process run as admin aswell) but it isn't being injected. When I run it, nothing happens, any ideas?
推荐答案
不要执行 MessageBox 从 DllMain 。为什么?请参阅:
Don't do MessageBox from DllMain. Why? See:
- DLL_PROCESS_ATTACH未能在Windows 7 C ++上执行
-
- 有些原因不能在DllMain中做任何可怕的事情 < /blog.barthe.ph/2009/07/30/no-stdlib-in-dllmai/\">不要在静态初始化器/ DllMain中使用标准库/ CRT函数
- DLL_PROCESS_ATTACH failing to execute on Windows 7 C++
- Some reasons not to do anything scary in your DllMain
- Don’t use standard library/CRT functions in static initializers/DllMain!
您的消息框可能在显示在那里之前可能已死锁。要确保您能够访问感兴趣的代码行,请改用 OutputDebugString 。正如你指出你熟悉Process Explorer,你可能会注意到这里有一个创建的线程(你可以通过在你的 CreateRemoteThread 中提供最后一个参数来获得它的标识符)在内核库中执行。
Your message box might just deadlock before showing up there. To ensure you reach the code line of interest, use OutputDebugString instead. As you indicated you are familiar with Process Explorer, you might notice created thread there (you can obtain its identifier in your launcher by providing last argument in your CreateRemoteThread) and its locked state with execution inside kernel libraries.
这是你需要放置 OutputDebugString :
BOOL APIENTRY DllMain(HMODULE hModule, DWORD nReason, VOID* pvReserved)
{
pvReserved;
TCHAR pszMessage[1024] = { 0 };
_stprintf_s(pszMessage, _T("GetCurrentProcessId() %d, hModule 0x%p, nReason %d\r\n"), GetCurrentProcessId(), hModule, nReason);
OutputDebugString(pszMessage);
/*switch(nReason)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}*/
return TRUE;
}
另一件事要确保你正在加载正确位数的DLL。 Win32 进入进程或者处理。 x64 code> x64
Another thing to make sure is that you are loading DLL of correct bitness. Win32 DLL into Win32 process, or x64 DLL into x64 process.
UPDATE。我把这个从注释:这里是Visual Studio 2010项目的源代码做的事情: SVN 或 Trac 。
UPDATE. I am putting this up from comment: here is the source code for the Visual Studio 2010 project that does the thing: SVN or Trac.
- 您将进程标识符放入源代码
- 可执行文件创建远程线程并加载库
-
- 该库从DllMain开始并生成调试输出
-
DebugView显示输出 -
ProcessExplorer显示您创建的主题,并且还标识了其标识符
- You put process identifier into source code
- The executable creates remote thread and loads library
- The library starts from DllMain and generates debug output
DebugViewshows you the outputProcessExplorershows you the thread created, and you also have its identifier printed
这篇关于注入C ++ DLL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
