DLL Injector崩溃

时间:2015-05-14 19:38:29

标签: c++ windows visual-studio dll codeblocks

我编写了一个C ++ DLL Injector,但它没有注入,也没有正常工作。它只是在visual studio或code :: blocks中编译时崩溃。

这是我的完整源代码:

#include <stdio.h>
#include <windows.h>
#include <stdlib.h>
#include <shlwapi.h>
#include <tlhelp32.h>
#include <conio.h>

//prototypes 
BOOL InjectDLL(DWORD ID, const char* dll);
DWORD GetProcessId(IN PCHAR szExeName);
BOOL SetDebugPriviledge(BOOL State);

//Main codes
int main()
{
    char dll[MAX_PATH];

    GetFullPathName("DLLTest.dll",MAX_PATH,dll,NULL);
    DWORD ID = GetProcessId("Odesk.exe");

    SetDebugPriviledge(TRUE);

    if(!InjectDLL(ID,dll))
    {
        printf("Injection Failed, Reason :%s", GetLastError());
        Sleep(3000);
        exit(1);
    }
    else
    {
        printf("Success!");
        Sleep(3000);
        exit(1);
    }
    return 0;   
}

//Functions

DWORD GetProcessId(IN PCHAR szExeName)
{
    DWORD dwRet = 0;
    DWORD dwCount = 0;

    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (hSnapshot !=INVALID_HANDLE_VALUE)
    {
        PROCESSENTRY32 pe = {0};
        pe.dwSize = sizeof(PROCESSENTRY32);

        BOOL bRet = Process32First(hSnapshot, &pe);

        while(bRet)
        {
            if(!_stricmp(pe.szExeFile,szExeName))
            {
                dwCount++;
                dwRet = pe.th32ProcessID;
            }
            bRet = Process32Next(hSnapshot, &pe);
        }
        if(dwCount >1)
            dwRet = 0XFFFFFFFF;
        CloseHandle(hSnapshot);
    }
    return dwRet;
}

BOOL SetDebugPriviledge(BOOL State)
{
    HANDLE hToken;
    TOKEN_PRIVILEGES tp;
    DWORD dwSize;
    ZeroMemory(&tp,sizeof(tp));
    tp.PrivilegeCount =1;
    if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS, &hToken))
    {
        return FALSE;
    }
    if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME,&tp.Privileges[0].Luid))
    {
        CloseHandle(hToken);
    }
    if(State)
    {
        tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    }else
    {
        tp.Privileges[0].Attributes = SE_PRIVILEGE_REMOVED;
    }
    if(!AdjustTokenPrivileges(hToken,FALSE,&tp, 0, NULL, &dwSize))
    {
        CloseHandle(hToken);
    }
    return CloseHandle(hToken);
}

BOOL InjectDLL(DWORD ID, const char* dll)
{
    HANDLE hProcess;
    LPVOID Memory;
    LPVOID LoadLibrary;

    if(!ID)
    {
        return false;
    }   
    hProcess = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_VM_OPERATION,FALSE,ID);
    if(!hProcess)
    {
        printf("Error, Reason: %s",GetLastError());
    }   
    LoadLibraryA = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"),"LoadLibraryA");
    if(!LoadLibraryA)
    {
        printf("Error, Reason: %s",GetLastError());
    } 
    Memory = (LPVOID)VirtualAllocEx(hProcess,NULL,strlen(dll)+1,MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE);
    if(!Memory)
    {
        printf("Error, Reason: %s",GetLastError());
    } 
    if(!WriteProcessMemory(hProcess,(LPVOID)Memory, dll, strlen(dll)+1,NULL))
    {
        printf("Error, Reason: %s",GetLastError());
    }   
    if(!CreateRemoteThread(hProcess,NULL,NULL,(LPTHREAD_START_ROUTINE)LoadLibrary,(LPVOID)Memory,NULL,NULL))
    {
        printf("Error, Reason: %s",GetLastError());
    } 
    if(!CloseHandle(hProcess))
    {
        printf("Error, Reason: %s",GetLastError());
    }  
    return true; 
}

有人可以帮我理解我做错了什么吗?

1 个答案:

答案 0 :(得分:0)

放置错误会很有用。

我看到一些语法错误(可能还有更多)

1:

LoadLibraryA = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"),"LoadLibraryA");

您只能为变量指定值。 LoadLibraryA 不是变量,但是您的名称已经在程序中已经存在( kernel32.dll 在运行时默认加载)。

2: GetLastError 返回一个DWORD,

printf("Error, Reason: %s",GetLastError());

因此您应该%s替换%d

相关问题
最新问题