为了测试目的,我将一个小DLL注入另一个进程(在本例中是记事本)
我可以传递两个字符串:
C#(主持人)
[StructLayout(LayoutKind.Sequential)]
struct MessageStruct
{
[CustomMarshalAs(CustomUnmanagedType.LPWStr)]
public string Text;
[CustomMarshalAs(CustomUnmanagedType.LPWStr)]
public string Caption;
}
public void DoIt()
{
MessageStruct data = new MessageStruct() { Text = "Some", Caption = "thing" };
injector.CallExport("ClassRPG.dll", "InitWithMessage", data);
}
C ++(目标进程 - 注入的dll)
// header
DWORD WINAPI DllMain( HMODULE, DWORD_PTR, LPVOID );
typedef struct _INIT_STRUCT {
LPCWSTR Title;
LPCWSTR Message;
} INIT_STRUCT, *PINIT_STRUCT;
extern "C" __declspec(dllexport) void InitWithMessage( PVOID );
// cpp
extern "C" __declspec(dllexport) void InitWithMessage( PVOID message ) {
PINIT_STRUCT messageStruct = reinterpret_cast<PINIT_STRUCT>(message);
::MessageBox(NULL, messageStruct->Message, messageStruct->Title, MB_OK);
}
但是使用简单的int它不起作用(目标进程崩溃)
C#
[StructLayout(LayoutKind.Sequential)]
struct DataPasser
{
public int pointer;
}
public void DoIt()
{
IntPtr dataPtr = ChangeAndAllocValues();
DataPasser dp = new DataPasser() { pointer = dataPtr.ToInt32() };
injector.CallExport("ClassRPG.dll", "GetData", dp);
}
C ++(目标进程 - 注入的dll)
// header
DWORD WINAPI DllMain( HMODULE, DWORD_PTR, LPVOID );
typedef struct _INIT_DATA {
int pointer;
} INIT_DATA, *PINIT_DATA;
extern "C" __declspec(dllexport) void GetData( PVOID );
// cpp
extern "C" __declspec(dllexport) void GetData( PVOID data )
{
PINIT_DATA hnd = reinterpret_cast<PINIT_DATA>(data);
}
我几乎尝试了所有的东西,在上面工作了几个小时但是我无法让它工作。