调用由另一个进程加载的DLL中的函数 [英] Calling functions in a DLL loaded by another process

问题描述

我有一个DLL注入到另一个进程，但我想能够从我的应用程序调用该DLL的导出。我在别的地方读过你对SendMessage API，但我不知道该怎么办。是否有任何示例代码如何完成？

I have a DLL that I inject into another process but I want to be able to call the exports on that DLL from my application. I've read elsewhere that you have to the SendMessage API but I have no idea what to do. Is there any example code on how this is done?

推荐答案

一般来说，你不能在另一个进程中直接调用函数。但是，您可以使用一些解决方法。

You can't directly call functions in another process, in general. There are, however, some workarounds you can use.

首先，如果您知道导出的地址（这在很多时候不是这样）并且您调用的函数使用 __ stdcall 调用约定，以指针大小的整数作为参数，并返回一个DWORD，可以使用 CreateRemoteThread 在远程进程的线程中执行它。这通常用于运行 LoadLibrary 将DLL注入目标进程，因为 LoadLibrary 加载到同一地址对于给定计算机上的所有进程。

First, if you know the address of the export (which isn't the case a lot of the time), and the function you call uses the __stdcall calling convention, takes a pointer-sized integer as an argument, and returns a DWORD, you can use CreateRemoteThread to execute it in a thread in the remote process. This is often used to run LoadLibrary to inject a DLL into a target process, since LoadLibrary is loaded in the same address on all processes on a given computer.

否则，你注入的DLL将需要做一些RPC与调用它的过程。例如，您可以让注入的DLL在其DLL_PROCESS_ATTACH处理程序中生成一个线程，该处理程序又连接到命名管道，或通过COM或某个连接到主进程。

Otherwise, the DLL you inject will need to do some sort of RPC with the process that called it. For example, you could have your injected DLL spawn a thread in its DLL_PROCESS_ATTACH handler, which in turn connects to a named pipe, or connects over COM or something to the master process.

这篇关于调用由另一个进程加载的DLL中的函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！