我试图从另一个程序调用一个进程,这个进程是我通过DLL注入的进程。第一个,我们加载库" Client.dll"完美地运行,这是由DllMain中的MessageBox Debug(DLL_PROCESS_ATTACH)播放的。
一旦将DLL加载到程序中,我尝试从Client.dll调用函数MainThread,但是使用相同的方法(复制,粘贴,编辑)并不起作用。两者都张贴在下面,谁能告诉我为什么?我已从MainThread中删除了所有代码,但出于调试原因。
这是主线程:
void MainThread(void * Arguments)
{
MessageBoxA(NULL, "MainThread Started!", "bla", MB_OK); //Not Shown
for (;;)
{
//This loop is here for the main program loop.
}
_endthread();
}
以下是我如何加载Client.dll并尝试调用主线程,请记住实际注入工作但不是主线程的启动。
bool InjectDLL(DWORD ProcessID, const char* Path)
{
HANDLE Handle = OpenProcess(PROCESS_ALL_ACCESS, false, ProcessID);
if (!Handle)
{
std::cout << "Could not access process! Inject Failed!";
return false;
}
LPVOID LoadLibraryAddress = (LPVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
LPVOID Allocate = VirtualAllocEx(Handle, NULL, strlen(Path), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
WriteProcessMemory(Handle, Allocate, Path, strlen(Path), NULL);
HANDLE Thread = CreateRemoteThread(Handle, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibraryAddress, Allocate, 0, NULL);
WaitForSingleObject(Thread, INFINITE); // WAIT FOREVER!
VirtualFreeEx(Handle, Thread, strlen(Path), MEM_RELEASE);
//Start DLL Main Thread
LPVOID MainThreadAddress = (LPVOID)GetProcAddress(GetModuleHandleA("Client.dll"), "MainThread");
Allocate = VirtualAllocEx(Handle, NULL, 0, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
WriteProcessMemory(Handle, Allocate, Path, strlen(Path), NULL);
HANDLE MainThread = CreateRemoteThread(Handle, NULL, NULL, (LPTHREAD_START_ROUTINE)MainThreadAddress, Allocate, 0, NULL);
WaitForSingleObject(MainThread, INFINITE); // Wait for Main Thread to start
VirtualFreeEx(Handle, MainThread, strlen(Path), MEM_RELEASE);
CloseHandle(MainThread);
CloseHandle(Thread);
CloseHandle(Handle);
return true;
}
感谢任何可以提供帮助的人。
答案 0 :(得分:1)
我没有看到任何错误检查 - 特别是在您提取&#34; MainThread&#34;的地址的情况下。这是成功的吗?
为了使其正常工作,您需要明确导出&#34; MainThread&#34;从您的DLL通过.DEF文件或使用__declspec( dllexport )。有关详细信息,请参阅this SO lin k。