无法弄清楚如何使用非托管dll调用托管dll文件中的函数。
目前,我能够将一个非托管的dll注入一个正在运行的进程并调用一个托管的dll(并且主要提到我是c ++的新手),如下所示。
#include "stdafx.h"
#include <Windows.h>
#include "dllmain.h"
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved )
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
LoadManagedProject(L"C:\\Users\\nagaganesh.kurcheti\\Desktop\\ExampleProject.dll");
DisplayPid();
break;
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
void DisplayPid()
{
DWORD pid = GetCurrentProcessId();
wchar_t buf[64];
wsprintf(buf, L"Hey, it worked! Pid is %d", pid);
MessageBox(NULL, buf, L"Injected NEW MessageBox", NULL);
}
来自DLL主要我呼吁一个处理注意过程的功能: -
DllExport void LoadManagedProject(const wchar_t * managedDllLocation)
{
HRESULT hr;
ICLRMetaHost* pClrMetaHost = NULL;
ICLRRuntimeInfo* pClrRuntimeInfo = NULL;
ICLRRuntimeHost* pClrRuntimeHost = NULL;
hr = CLRCreateInstance(CLSID_CLRMetaHost, IID_ICLRMetaHost, (LPVOID*)&pClrMetaHost);
if (hr == S_OK)
{
hr = pClrMetaHost->GetRuntime(L"v4.0.30319", IID_PPV_ARGS(&pClrRuntimeInfo));
if (hr == S_OK)
{
BOOL fLoadable;
hr = pClrRuntimeInfo->IsLoadable(&fLoadable);
if ((hr == S_OK) && fLoadable)
{
hr = pClrRuntimeInfo->GetInterface(CLSID_CLRRuntimeHost,
IID_PPV_ARGS(&pClrRuntimeHost));
if (hr == S_OK)
{
hr = pClrRuntimeHost->Start();
if (hr == S_OK)
{
MessageBox(NULL, L"HR=SOK45STTIME", L"Injected MessageBox", NULL);
DWORD result;
hr = pClrRuntimeHost->ExecuteInDefaultAppDomain(
managedDllLocation,
L"ExampleProject.Example",
L"EntryPoint",
L"Argument",
&result);
if (hr == S_OK)
{
MessageBox(NULL, L"HR=SOK6STTIME", L"Injected MessageBox", NULL);
}
}
}
}
}
}
}
经过多次尝试后,我无法注入此过程。 我可以得到我所犯的错误或建议使用注入正在运行的进程的非托管dll调用托管dll(c#)的更好方法。提前谢谢。
更新:
如果以这种方式不可能,您是否可以建议将托管dll注入正在运行的进程的最佳方法。谢谢
答案 0 :(得分:1)
您可以通过使用EasyHook将托管dll注入非托管进程来实现此目的 这是示例代码:
#include <easyhook.h>
#include <string>
#include <iostream>
#include <Windows.h>
DWORD gFreqOffset = 0;
BOOL WINAPI myBeepHook(DWORD dwFreq, DWORD dwDuration)
{
std::cout << "\n BeepHook: ****All your beeps belong to us!\n\n";
return Beep(dwFreq + gFreqOffset, dwDuration);
}
// EasyHook will be looking for this export to support DLL injection. If not found then
// DLL injection will fail.
extern "C" void __declspec(dllexport) __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* inRemoteInfo);
void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* inRemoteInfo)
{
std::cout << "\n\nNativeInjectionEntryPointt(REMOTE_ENTRY_INFO* inRemoteInfo)\n\n" <<
"IIIII jjj tt dd !!! \n"
" III nn nnn eee cccc tt eee dd !!! \n"
" III nnn nn jjj ee e cc tttt ee e dddddd !!! \n"
" III nn nn jjj eeeee cc tt eeeee dd dd \n"
"IIIII nn nn jjj eeeee ccccc tttt eeeee dddddd !!! \n"
" jjjj \n\n";
std::cout << "Injected by process Id: " << inRemoteInfo->HostPID << "\n";
std::cout << "Passed in data size: " << inRemoteInfo->UserDataSize << "\n";
if (inRemoteInfo->UserDataSize == sizeof(DWORD))
{
gFreqOffset = *reinterpret_cast<DWORD *>(inRemoteInfo->UserData);
std::cout << "Adjusting Beep frequency by: " << gFreqOffset << "\n";
}
// Perform hooking
HOOK_TRACE_INFO hHook = { NULL }; // keep track of our hook
std::cout << "\n";
std::cout << "Win32 Beep found at address: " << GetProcAddress(GetModuleHandle(TEXT("kernel32")), "Beep") << "\n";
// Install the hook
NTSTATUS result = LhInstallHook(
GetProcAddress(GetModuleHandle(TEXT("kernel32")), "Beep"),
myBeepHook,
NULL,
&hHook);
if (FAILED(result))
{
std::wstring s(RtlGetLastErrorString());
std::wcout << "Failed to install hook: ";
std::wcout << s;
}
else
{
std::cout << "Hook 'myBeepHook installed successfully.";
}
// If the threadId in the ACL is set to 0,
// then internally EasyHook uses GetCurrentThreadId()
ULONG ACLEntries[1] = { 0 };
// Disable the hook for the provided threadIds, enable for all others
LhSetExclusiveACL(ACLEntries, 1, &hHook);
return;
}
或者您可以在original source
找到更多详情