堆栈内存溢出
  简体   繁体   English

C ++ Dll Injection

[英]C++ Dll Injection

 原文  2009-11-22 01:56:04       c++/ dll/ process/ code-injection

问题描述

I would really appreciate your help in this. 我非常感谢你的帮助。

I have been trying to get a Dll injected into a remote process and do a few changes inside it, the problem I'm encountering right now is i don't know how to get this going. 我一直试图将Dll注入远程进程并在其中进行一些更改,我现在遇到的问题是我不知道如何实现这一目标。

So first, here is my piece of code that I have developed so far: 首先,这是我迄今为止开发的代码片段:
dllmain.cpp dllmain.cpp 

#include <windows.h>
#include <stdio.h>

BOOL APIENTRY DllMain (HINSTANCE hInst     /* Library instance handle. */ ,
                       DWORD reason        /* Reason this function is being called. */ ,
                       LPVOID reserved     /* Not used. */ )
{
switch (reason)
    {
      case DLL_PROCESS_ATTACH:
           MessageBox (0, "From DLL\n", "Process Attach", MB_ICONINFORMATION);
        break;

      case DLL_PROCESS_DETACH:
           MessageBox (0, "From DLL\n", "Process Detach", MB_ICONINFORMATION);
        break;

      case DLL_THREAD_ATTACH:
           MessageBox (0, "From DLL\n", "Thread Attach", MB_ICONINFORMATION);
        break;

      case DLL_THREAD_DETACH:
           MessageBox (0, "From DLL\n", "Thread Detach", MB_ICONINFORMATION);
        break;
    }  

    return TRUE;
}

It simply displays a message box depending on the conditions it meets. 它只是根据它遇到的条件显示一个消息框。 Now what I would like my Dll to do is, after being injected into the remote process, I would like it to write a memory location and change it's value. 现在我想要我的Dll做的是,在注入远程进程后,我希望它写一个内存位置并改变它的值。

Data type: Unsigned Short Int 数据类型:Unsigned Short Int
Memory location: 0041D090 内存位置:0041D090

I hope everything is clear, Thank you for your patience, help is appreciated. 我希望一切都清楚,感谢您的耐心等待,感谢您的帮助。

1 个解决方案

解决方案1
 6 已采纳  2009-11-22 02:03:28

You don't have to write a DLL to change another process's memory at a fixed address. 您不必编写DLL来在固定地址更改另一个进程的内存。 You can use WriteProcessMemory() . 您可以使用WriteProcessMemory()

However... The way to inject a DLL into another process is the following... 但是......将DLL注入另一个进程的方法如下......

  1. Use VirtualAllocEx() to allocate the length of the file path to the DLL inside the target process's memory... This is like remotely doing a malloc . 使用VirtualAllocEx()在目标进程的内存中分配DLL的文件路径长度......这就像远程执行malloc

  2. Use WriteProcessMemory() to copy the file path to the DLL into what was returned from the previous step. 使用WriteProcessMemory()将DLL的文件路径复制到上一步返回的内容中。 This is like remotely doing a strcpy . 这就像远程做strcpy

  3. Use CreateRemoteThread() . 使用CreateRemoteThread() You can point it at LoadLibrary() as the entry point and the file path from steps 1 and 2 as the argument. 您可以将它指向LoadLibrary()作为入口点,将步骤1和2中的文件路径指定为参数。 That's a bit hacky, to be honest, but if you are injecting a DLL you're already being quite hacky. 说实话,这有点笨拙,但是如果你注射了一个DLL,你就已经非常hacky了。 Another technique would be to use steps 1 & 2 to load some machine code into the remote proceess and point it at that. 另一种技术是使用步骤1和2将一些机器代码加载到远程过程中并将其指向该过程。

Keep in mind that this technique is a great way to destabilize the target process. 请记住,这种技术是破坏目标进程稳定性的好方法。 In particular, this isn't something I'd do in a product that ends up getting shipped to others. 特别是,这不是我在最终被运送给他人的产品中所做的事情。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 C++ DLL 注入 - DLL Injection with C++ C++ dll 注入失败 - C++ dll injection failed 使用DLL注入的ASM到C ++ - Asm to C++ with DLL Injection 防止来自Dll C ++的Dll注入 - Prevent Dll injection from an Dll C++ C ++,Winsocket DLL发送注入 - C++, Winsocket DLL Send injection C ++ DLL注入:具有特殊字符的路径 - C++ DLL Injection: path with special characters C ++-DLL注入和调用函数 - C++ - DLL injection and call function C ++-CreateRemoteThread DLL注入[Windows 7] - C++ - CreateRemoteThread DLL Injection [Windows 7] 使用DLL注入C ++进行读写 - Reading and writing with a DLL injection C++ C++ DLL 注入“CreateRemoteThread”返回 0 - C++ DLL Injection "CreateRemoteThread" returning 0
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM