为什么CreateRemoteThread（）导致Debug Assertion Failed错误？

Question

我偶然发现a tutorial about dll injection in c。当我运行我的代码时，在我的代码中使用CreateRemoteThread()函数时，它会给我一个Debug Assertion Failed错误。

我在Windows 10上使用Visual Studio Express 2015

错误：

#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>


int main(int argc, char* argv[])
{
char* buffer = "C:\\inject2.dll";

//Get the process handle passing in the process ID
int procID = 9872;
HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);

if (process == NULL) {
    printf("Error: the specified process couldn't be found\n");
}


//Get the address of the LoadLibrary function
LPVOID addr = (LPVOID)GetProcAddress(GetModuleHandle(L"kernel32.dll"), "LoadLibraryA");

if (addr == NULL) {
    printf("Error: the LoadLibraryA function was not found inside kernel32.dll library.\n");
}



//Allocate new memory region inside the process's address space
LPVOID arg = (LPVOID)VirtualAllocEx(process, NULL, strlen(buffer), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);

if (arg == NULL)
{
    printf("Error: the memory could not be allocated inside the chosen process.\n");
}



//Write the argument to LoadLibraryA to the process's newly allocated memory region
int n = WriteProcessMemory(process, arg, buffer, strlen(buffer), NULL);

if (n == 0) {
    printf("Error: there were not bytes written to the process's address space.\n");
}




//Inject our DLL into the process's address space
HANDLE threadID = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)addr, arg, NULL, NULL);

if (threadID == NULL)
{
    printf("Error: the remote thread could not be created.\n");
}

else
{
    printf("Success: the remote thread was succesfully created.\n");
}


//Close the handle to the process because we have already injected the DLL

CloseHandle(process);
getchar();

return 0;
}

Answer 1

如果您使用自己提供的链接中的DLL，它可能会失败，因为它试图写入系统驱动器的根目录（"C:\\temp.txt",）。将此路径更改为目标进程可以写入的内容。