[英]Cast LPVOID to struct
I want to read the arguments I have send through CreateRemoteThread to my injected DLL inside another process. 我想读取通过CreateRemoteThread发送到另一个进程内部注入的DLL的参数。
I can call the function without problem, I just don't know how to cast LPVOID to a struct. 我可以毫无问题地调用该函数,只是不知道如何将LPVOID强制转换为结构。
This is a example: 这是一个例子:
#pragma pack(push,1)
struct tagRemoteThreadParams
{
int Param1;
int Param2;
} RemoteThreadParams, *PRemoteThreadParams;
#pragma pack(pop)
DWORD WINAPI testfunction(LPVOID param)
{
// cast LPVOID to tagRemoteThreadParams (param)
WriteToLog("YES YOU CALLED THE FUNCTION WITH PARAM: ");
return 0;
}
This is my struct and how I have allocated the mem inside the process: 这是我的结构,以及如何在进程内分配内存:
[StructLayout(LayoutKind.Sequential, Pack=1)]
public struct RemoteThreadParams
{
[MarshalAs(UnmanagedType.I4)]
public int Param1;
[MarshalAs(UnmanagedType.I4)]
public int Param2;
}
public uint CallFunction(int _arg1)
{
RemoteThreadParams arguments = new RemoteThreadParams();
arguments.Param1 = 1;
arguments.Param2 = 2;
//pointer to the function im trying to call
IntPtr _functionPtr = IntPtr.Add(this.modulePtr, 69772);
// Allocate some native heap memory in your process big enough to store the
// parameter data
IntPtr iptrtoparams = Marshal.AllocHGlobal(Marshal.SizeOf(arguments));
// Copies the data in your structure into the native heap memory just allocated
Marshal.StructureToPtr(arguments, iptrtoparams, false);
//allocate som mem in remote process
IntPtr lpAddress = VirtualAllocEx(this.processHandle, IntPtr.Zero, (IntPtr)Marshal.SizeOf(arguments), AllocationType.Commit | AllocationType.Reserve, MemoryProtection.ExecuteReadWrite);
if (lpAddress == IntPtr.Zero)
{
return 0;
}
if (WriteProcessMemory(this.processHandle, lpAddress, iptrtoparams, (uint)Marshal.SizeOf(arguments), 0) == 0)
{
return 0;
}
//Free up memory
Marshal.FreeHGlobal(iptrtoparams);
uint threadID = 0;
IntPtr hThread = CreateRemoteThread(this.processHandle, IntPtr.Zero, 0, _functionPtr, lpAddress, 0, out threadID);
if (hThread == IntPtr.Zero)
{
//throw new ApplicationException(Marshal.GetLastWin32Error().ToString());
throw new Win32Exception();
}
WaitForSingleObject(hThread, 0xFFFFFFFF);
// wait for thread to exit
// get the thread exit code
uint exitCode = 0;
GetExitCodeThread(hThread, out exitCode);
// close thread handle
CloseHandle(hThread);
return exitCode;
}
If I understand your code correctly, you inject UT8 encoded string into the other's process memory (I'm kind of surprised that it works). 如果我正确理解您的代码,则可以将UT8编码的字符串注入另一个进程的内存中(我对此感到很惊讶)。
Assuming it does work, in your C++ code you need to convert the UTF8 encoded byte array pointed by param to some kind of string that C++ understands. 假设它确实起作用,那么在您的C ++代码中,您需要将param指向的UTF8编码的字节数组转换为C ++可以理解的某种字符串。
One way to do it is to use MultiByteToWideChar 一种方法是使用MultiByteToWideChar
Another way is to use STL. 另一种方法是使用STL。 I found a question about it here .
我在这里发现了一个问题。
And the answer to the cast problem was: 强制转换问题的答案是:
struct tagRemoteThreadParams *tData = (struct tagRemoteThreadParams *)param;
Thank you for the help guys 谢谢你们的帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.