从另一个程序调用方法

时间:2019-07-07 12:40:07

标签: c++ dll rpc dll-injection

我有一个云同步客户端,我在其中存储我的业务程序,许多地方的许多工人都在该业务程序上工作。为了防止文件损坏,我想在程序运行之前同步云。 客户端有一个守护进程和一个applet,它们通过RPC协议进行通信。守护程序和小程序还使用它自己的dll进行RPC通信。

我知道要注入dll并调用rpc send函数,但是我不知道如何执行此操作。

这就是我的全部。

int procID = 10884;
HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);
if (process == NULL) {
    OutputDebugStringW(L"Error: the specified process couldn't be found.\n");
}

LPVOID addr = (LPVOID)GetProcAddress(GetModuleHandle(L"kernel32.dll"), "LoadLibraryA");
if (addr == NULL) {
    OutputDebugStringW(L"Error: the LoadLibraryA function was not found inside kernel32.dll library.\n");
}

LPVOID arg = (LPVOID)VirtualAllocEx(process, NULL, strlen(buffer), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (arg == NULL) {
    OutputDebugStringW(L"Error: the memory could not be allocated inside the chosen process.\n");
}

int n = WriteProcessMemory(process, arg, buffer, strlen(buffer), NULL);
if (n == 0) {
    OutputDebugStringW(L"Error: there was no bytes written to the process's address space.\n");
}

HANDLE threadID = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)addr, arg, NULL, NULL);
if (threadID == NULL) {
    OutputDebugStringW(L"Error: the remote thread could not be created.\n");
}
else {
    OutputDebugStringW(L"Success: the remote thread was successfully created.\n");
}

CloseHandle(process);
getchar();

RPC函数的名称和地址:

Adres=0076E000
Symbol=searpc_client_call__string

我在反编译守护进程中找到了解释该命令的命令。 感谢您的帮助!

0 个答案:

没有答案