我正在尝试编写DLL注入器以在计算器进程上执行DLL注入器。
我用C和DLL编写了DLL注入器程序,但是注入器注入了DLL或任何其他DLL(我尝试使用一些计算器不使用的随机Windows DLL)。
class LinkedList:
def __init__(self):
self.head = None
def prepend(self,data):
new_node = Node(data)
new_node.next = self.head
self.head = new_node
def traversal(self):
temp = self.head
while temp is not None:
print(temp.data)
temp = temp.next
def append(self,data):
new_node = Node(data)
place_node = None
temp = self.head
while temp is not None:
place_node = temp
temp = temp.next
new_node.next = place_node.next
place_node.next = new_node
def delete(self,data):
new_node = Node(data)
temp = self.head
while temp is not None:
if temp.data == data:
break
place_node = temp
temp = temp.next
place_node.next = temp.next
class Node:
def __init__(self,data):
self.data = data
self.next = None
ehren = LinkedList()
ehren.prepend(5)
ehren.prepend(3)
ehren.prepend(8)
ehren.append(6)
print(" delete the number")
ehren.delete(6)
print("linked list***********")
ehren.traversal()
运行喷油器后,我得到以下输出:
public void LoadData_element(string player)
{
FirebaseApp.DefaultInstance.SetEditorDatabaseUrl(DATA_URL);
FirebaseDatabase.DefaultInstance.GetReferenceFromUrl(DATA_URL).GetValueAsync()
.ContinueWith((task =>
{
if (task.IsFaulted)
{
print("Falhou o Load dos dados");
}
if (task.IsCanceled)
{
print("Cancelou o load dos dados");
}
if (task.IsCompleted)
{
DataSnapshot datasnap = task.Result;
string pData = datasnap.GetRawJsonValue();
var humidval = datasnap.Child(player).GetRawJsonValue();
string test = humidval.ToString();
print("x:" + test);
Firebase_Database_Player extracted = JsonUtility.FromJson<Firebase_Database_Player>(test);
print("Player_name:" + extracted.pl_name);
print("Player_lfbar:" + extracted.pl_lfbar);
print("Player_hit:" + extracted.pl_hit);
print("Player_superhit:" + extracted.pl_superhit);
print("Player_defend:" + extracted.pl_defend);
print("Player_atuallife:" + extracted.pl_atuallife);
print("Player_atualattack:" + extracted.pl_atualattack);
}
}));
}
在那之后,我仍然无法在进程浏览器中看到新的DLL。
答案 0 :(得分:1)
我发现了问题。我将DLL编译为64位,但不小心将DLL注入程序编译为32位。
答案 1 :(得分:0)
您正在调用GetProcAddress()以获取LoadLibraryA()的地址,这是在本地进程中返回LoadLibraryA的地址,而不是注入的地址。这不能保证在外部过程中是正确的。您无需手动获取地址,CreateRemoteThread将为您解析地址。
这是一个非常简单的喷油器示例,将说明如何执行
#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>
DWORD GetPid(char * targetProcess)
{
HANDLE snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (snap && snap != INVALID_HANDLE_VALUE)
{
PROCESSENTRY32 pe;
pe.dwSize = sizeof(pe);
if (Process32First(snap, &pe))
{
do
{
if (!_stricmp(pe.szExeFile, targetProcess))
{
CloseHandle(snap);
return pe.th32ProcessID;
}
} while (Process32Next(snap, &pe));
}
}
return 0;
}
int main()
{
char * dllpath = "C:\\Users\\me\\Desktop\\dll.dll";
char * processToInject = "csgo.exe";
long pid = 0;
while (!pid)
{
pid = GetPid(processToInject);
Sleep(10);
}
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
if (hProc && hProc != INVALID_HANDLE_VALUE)
{
void * loc = VirtualAllocEx(hProc, 0, MAX_PATH, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
WriteProcessMemory(hProc, loc, dllpath, strlen(dllpath) + 1, 0);
HANDLE hThread = CreateRemoteThread(hProc, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, loc, 0, 0);
CloseHandle(hThread);
}
CloseHandle(hProc);
return 0;
}