我有一个将dll注入进程的代码。执行注入功能的进程始终与注入进程具有相同的体系结构(x86或x64)。但是由于某些原因,当注入和注入的进程是x86体系结构时,CreateRemoteThread函数调用在Win7 64位OS上失败。令人惊讶的是,当操作系统为Win10 64bit时。 32位进程工作正常。该代码也适用于64位Win7 64位进程和32位Win7 32位进程。
我已经在Internet上查找了可能的原因,而我所能找到的只是在Win7中有时会出现过程会话问题。我认为情况并非如此,因为注入和注入过程都是“用户”会话。
运行GetLastError()时,我得到5(ERROR_ACCESS_DENIED)
这是我的注射功能:
DWORD Inject(DWORD PID, const char *dllname)
{
HANDLE hThread = NULL;
BOOL writeSucceed = false;
int cch = 0;
cout << "Injector.dll : Injecting " << dllname << " to " << PID << endl;
DWORD hLibModule;
HMODULE hKernel32 = GetModuleHandle (TEXT ("Kernel32"));
void *hProcess = OpenProcess (PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION |
PROCESS_VM_WRITE, false, PID);
cch = strlen (dllname) + 1;
void *pLibRemote = VirtualAllocEx (hProcess, NULL, cch, MEM_COMMIT,
PAGE_READWRITE);
writeSucceed = WriteProcessMemory (hProcess, pLibRemote, (void *) dllname, cch, NULL);
hThread = CreateRemoteThread (hProcess, NULL, 0,
(PTHREAD_START_ROUTINE)
GetProcAddress (hKernel32,
"LoadLibraryA"),
pLibRemote, 0, NULL);
WaitForSingleObject (hThread, INFINITE);
GetExitCodeThread( hThread, &hLibModule );
CloseHandle (hThread);
VirtualFreeEx (hProcess, pLibRemote, sizeof (dllname), MEM_RELEASE);
hThread = CreateRemoteThread (hProcess, NULL, 0,
(PTHREAD_START_ROUTINE) GetProcAddress (hKernel32,
"FreeLibrary"),
(void *) hLibModule, 0, NULL);
WaitForSingleObject (hThread, INFINITE);
CloseHandle (hThread);
return 0;
}
Is there some special treatment I should do in code for Windows 7?
答案 0 :(得分:1)
问题是我必须在PROCESS_QUERY_INFORMATION标志中添加OpenProcess。这非常棘手,因为如果不包括该标志,它将在除Win7 64位OS和32位应用程序外的任何地方都可以使用。