使用DLL注入会使ASLR引起地址的摩擦吗？ [英] Would ASLR cause friction for the address with DLL injection?

问题描述

我正在阅读有关DLL注入技术的内容，我想到了这个问题。

I was reading about the DLL injection technique, and I had this question in mind.

让我们假设我们要将DLL注入Windows中的目标进程7它启用了kernel32.dll的ASLR

Let us assume we want to inject a DLL into a destination process in Windows 7 which has ASLR enabled for kernel32.dll

所以任何一个注入的代码都不能使用任何winapi或任何系统调用，因为我们的地址就是说loadLibrary函数注射器代码将与目标进程中的地址loadLibrary不同，不是吗？

So any piece of the injected code can't use any winapi or any system call since the address of let's say loadLibrary function in the injector code will differ from the address loadLibrary in the destination process, Won't it ?

所以这样调用 CreateRemoteThread 将无法正常工作：

So such a call to CreateRemoteThread won't work:

CreateRemoteThread(hProcess,
                   NULL,
                   0,
                   (LPTHREAD_START_ROUTINE) ::GetProcAddress(hKernel32,
                                                             "LoadLibraryA" ),
                   pLibRemote,
                   0,
                   NULL );

::WaitForSingleObject( hThread, INFINITE );

如果我在这个推理中出错，请更正。

Correct me if I am wrong in this reasoning.

推荐答案

不，我相信这是不正确的。当机器启动但是对所有进程都是相同的时候，模块的地址如 kernel32.dll 被随机化。

No, I believe that is incorrect. The addresses of modules like kernel32.dll are randomized when the machine boots but are the same for all processes.

这篇关于使用DLL注入会使ASLR引起地址的摩擦吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！