我编写了一个C ++ DLL Injector,但它没有注入,也没有正常工作。它只是在visual studio或code :: blocks中编译时崩溃。
这是我的完整源代码:
#include <stdio.h>
#include <windows.h>
#include <stdlib.h>
#include <shlwapi.h>
#include <tlhelp32.h>
#include <conio.h>
//prototypes
BOOL InjectDLL(DWORD ID, const char* dll);
DWORD GetProcessId(IN PCHAR szExeName);
BOOL SetDebugPriviledge(BOOL State);
//Main codes
int main()
{
char dll[MAX_PATH];
GetFullPathName("DLLTest.dll",MAX_PATH,dll,NULL);
DWORD ID = GetProcessId("Odesk.exe");
SetDebugPriviledge(TRUE);
if(!InjectDLL(ID,dll))
{
printf("Injection Failed, Reason :%s", GetLastError());
Sleep(3000);
exit(1);
}
else
{
printf("Success!");
Sleep(3000);
exit(1);
}
return 0;
}
//Functions
DWORD GetProcessId(IN PCHAR szExeName)
{
DWORD dwRet = 0;
DWORD dwCount = 0;
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot !=INVALID_HANDLE_VALUE)
{
PROCESSENTRY32 pe = {0};
pe.dwSize = sizeof(PROCESSENTRY32);
BOOL bRet = Process32First(hSnapshot, &pe);
while(bRet)
{
if(!_stricmp(pe.szExeFile,szExeName))
{
dwCount++;
dwRet = pe.th32ProcessID;
}
bRet = Process32Next(hSnapshot, &pe);
}
if(dwCount >1)
dwRet = 0XFFFFFFFF;
CloseHandle(hSnapshot);
}
return dwRet;
}
BOOL SetDebugPriviledge(BOOL State)
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
DWORD dwSize;
ZeroMemory(&tp,sizeof(tp));
tp.PrivilegeCount =1;
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS, &hToken))
{
return FALSE;
}
if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME,&tp.Privileges[0].Luid))
{
CloseHandle(hToken);
}
if(State)
{
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
}else
{
tp.Privileges[0].Attributes = SE_PRIVILEGE_REMOVED;
}
if(!AdjustTokenPrivileges(hToken,FALSE,&tp, 0, NULL, &dwSize))
{
CloseHandle(hToken);
}
return CloseHandle(hToken);
}
BOOL InjectDLL(DWORD ID, const char* dll)
{
HANDLE hProcess;
LPVOID Memory;
LPVOID LoadLibrary;
if(!ID)
{
return false;
}
hProcess = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_VM_OPERATION,FALSE,ID);
if(!hProcess)
{
printf("Error, Reason: %s",GetLastError());
}
LoadLibraryA = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"),"LoadLibraryA");
if(!LoadLibraryA)
{
printf("Error, Reason: %s",GetLastError());
}
Memory = (LPVOID)VirtualAllocEx(hProcess,NULL,strlen(dll)+1,MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE);
if(!Memory)
{
printf("Error, Reason: %s",GetLastError());
}
if(!WriteProcessMemory(hProcess,(LPVOID)Memory, dll, strlen(dll)+1,NULL))
{
printf("Error, Reason: %s",GetLastError());
}
if(!CreateRemoteThread(hProcess,NULL,NULL,(LPTHREAD_START_ROUTINE)LoadLibrary,(LPVOID)Memory,NULL,NULL))
{
printf("Error, Reason: %s",GetLastError());
}
if(!CloseHandle(hProcess))
{
printf("Error, Reason: %s",GetLastError());
}
return true;
}
有人可以帮我理解我做错了什么吗?
答案 0 :(得分:0)
放置错误会很有用。
我看到一些语法错误(可能还有更多)
1:
LoadLibraryA = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"),"LoadLibraryA");
您只能为变量指定值。 LoadLibraryA 不是变量,但是您的名称已经在程序中已经存在( kernel32.dll 在运行时默认加载)。
2: GetLastError 返回一个DWORD,
printf("Error, Reason: %s",GetLastError());
因此您应该%s替换%d。