我一直试图通过一个"注射器"来切换我不拥有的程序的Dll目录。程序,它假设切换Dll加载目录以加载修改或点击的Dll。
这里的功能是:
void AddDirectory(HANDLE Handle, const char* DllPath)
{
void *Function, *String;
Function = (void*)(SetDllDirectoryA);
String = (void*)VirtualAllocEx(Handle, NULL, strlen(DllPath), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
CreateRemoteThread(Handle, NULL, NULL, (LPTHREAD_START_ROUTINE)Function, (void*)String, NULL, NULL);
}
我无法弄清楚为什么这不起作用?
答案 0 :(得分:0)
感谢Ben Volgt提供的帮助!
编辑:注意,正如Ben Volgt所说,你必须确定你可以在加载DLL之前及时拦截进程以更改目录。因此,这不会一直有效,尽管在我的情况下确实如此。
如果有人想截取进程加载位置,可以在此处找到代码:
void AddDirectory(HANDLE Handle, const char* DllPath)
{
if (!Handle)
{
//Error Message or Redirect
}
LPVOID AddDllDirAddr = (LPVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "SetDllDirectoryA");
if (!AddDllDirAddr)
{
//Error Message or Redirect
}
LPVOID Alloc = VirtualAllocEx(Handle, NULL, strlen(DllPath), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (!Alloc)
{
//Error Message or Redirect
}
WriteProcessMemory(Handle, Alloc, DllPath, strlen(DllPath), NULL);
HANDLE Thread = CreateRemoteThread(Handle, NULL, NULL, (LPTHREAD_START_ROUTINE)AddDllDirAddr, Alloc, 0, NULL);
if (!Thread)
{
//Error Message or Redirect
}
WaitForSingleObject(Thread, INFINITE);
VirtualFreeEx(Handle, Alloc, strlen(DllPath), MEM_RELEASE);
CloseHandle(Thread);
CloseHandle(Handle);
}