[英]Injecting c++ dll into an exe using c#
为什么我的C#代码没有将dll注入到exe中,但程序显示消息框“Injected!” ? 它自己的.dll用c ++编码,exe用C ++编码,我试图用我的C#代码注入,它怎么不工作? 这是我的注射器方法
[DllImport("kernel32")]
public static extern IntPtr CreateRemoteThread(
IntPtr hProcess,
IntPtr lpThreadAttributes,
uint dwStackSize,
UIntPtr lpStartAddress, // raw Pointer into remote process
IntPtr lpParameter,
uint dwCreationFlags,
out IntPtr lpThreadId
);
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(
UInt32 dwDesiredAccess,
Int32 bInheritHandle,
Int32 dwProcessId
);
[DllImport("kernel32.dll")]
public static extern Int32 CloseHandle(
IntPtr hObject
);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern bool VirtualFreeEx(
IntPtr hProcess,
IntPtr lpAddress,
UIntPtr dwSize,
uint dwFreeType
);
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, ExactSpelling = true)]
public static extern UIntPtr GetProcAddress(
IntPtr hModule,
string procName
);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern IntPtr VirtualAllocEx(
IntPtr hProcess,
IntPtr lpAddress,
uint dwSize,
uint flAllocationType,
uint flProtect
);
[DllImport("kernel32.dll")]
static extern bool WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
string lpBuffer,
UIntPtr nSize,
out IntPtr lpNumberOfBytesWritten
);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern IntPtr GetModuleHandle(
string lpModuleName
);
[DllImport("kernel32", SetLastError = true, ExactSpelling = true)]
internal static extern Int32 WaitForSingleObject(
IntPtr handle,
Int32 milliseconds
);
public Int32 GetProcessId(String proc)
{
Process[] ProcList;
ProcList = Process.GetProcessesByName(proc);
return ProcList[0].Id;
}
public void InjectDLL(IntPtr hProcess, String strDLLName)
{
IntPtr bytesout;
// Length of string containing the DLL file name +1 byte padding
Int32 LenWrite = strDLLName.Length + 1;
// Allocate memory within the virtual address space of the target process
IntPtr AllocMem = (IntPtr)VirtualAllocEx(hProcess, (IntPtr)null, (uint)LenWrite, 0x1000, 0x40); //allocation pour WriteProcessMemory
// Write DLL file name to allocated memory in target process
WriteProcessMemory(hProcess, AllocMem, strDLLName, (UIntPtr)LenWrite, out bytesout);
// Function pointer "Injector"
UIntPtr Injector = (UIntPtr)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
if (Injector == null)
{
MessageBox.Show(" Injector Error! \n ");
// return failed
return;
}
// Create thread in target process, and store handle in hThread
IntPtr hThread = (IntPtr)CreateRemoteThread(hProcess, (IntPtr)null, 0, Injector, AllocMem, 0, out bytesout);
// Make sure thread handle is valid
if (hThread == null)
{
//incorrect thread handle ... return failed
MessageBox.Show(" hThread [ 1 ] Error! \n ");
return;
}
// Time-out is 10 seconds...
int Result = WaitForSingleObject(hThread, 10 * 1000);
// Check whether thread timed out...
if (Result == 0x00000080L || Result == 0x00000102L || Result == 0xFFFFFFFF)
{
/* Thread timed out... */
MessageBox.Show(" hThread [ 2 ] Error! \n ");
// Make sure thread handle is valid before closing... prevents crashes.
if (hThread != null)
{
//Close thread in target process
CloseHandle(hThread);
}
return;
}
// Sleep thread for 1 second
Thread.Sleep(1000);
// Clear up allocated space ( Allocmem )
VirtualFreeEx(hProcess, AllocMem, (UIntPtr)0, 0x8000);
// Make sure thread handle is valid before closing... prevents crashes.
if (hThread != null)
{
//Close thread in target process
CloseHandle(hThread);
}
// return succeeded
return;
}
然后我尝试运行一些程序并用我的dll注入它
private void metroButton2_Click(object sender, EventArgs e)
{
String strDLLName = @"spd.dll";
String strProcessName = "app";
System.Diagnostics.Process.Start("app.exe", "!#@$$$!");
Int32 ProcID = GetProcessId(strProcessName);
if (ProcID >= 0)
{
IntPtr hProcess = (IntPtr)OpenProcess(0x1F0FFF, 1, ProcID);
if (hProcess == null)
{
MessageBox.Show("OpenProcess() Failed!");
return;
}
else
{
InjectDLL(hProcess, strDLLName);
MessageBox.Show("Injected!");
}
}
}
它向我显示输出:“注入!” 但在.exe上没有注入.dll我该怎么办? 在注入/运行.exe之前提供更多Thread.Sleep? 任何帮助将不胜感激!
请注意, C++
的NULL
(0)与C#
的null
。 您正在寻找的等价物是IntPtr.Zero
。
以GetProcAddress
函数为例:
返回值
如果函数成功,则返回值是导出的函数或变量的地址。
如果函数失败,则返回值为NULL。 要获取扩展错误信息,请调用GetLastError。
来源: https : //msdn.microsoft.com/en-us/library/windows/desktop/ms683212(v = vs。85).aspx
这里的NULL
是一个c ++宏,定义如下:
#define NULL 0
null
不等于IntPtr.Zero
,但是(IntPtr)null
等于IntPtr.Zero
。
我知道这是可耻的,我的许多stackoverflow问题由我自己回答,这个想法总是来得晚(在我发布问题之后)所以这就是答案上面的注射器工作正常,为什么注射器没注射呢? 是的,这就像我以前想的那样,注入器没有成功注入dll,因为我需要在启动应用程序之后和注入.dll之前给出Thread.Sleep(1000),然后使用Worker,像这样:
void worker_DoWork2(object sender, DoWorkEventArgs e)
{
System.Diagnostics.Process.Start("app.exe", "!#@$$$!");
}
public void metroButton2_Click(object sender, EventArgs e)
{
var worker2 = new BackgroundWorker();
worker2.DoWork += new DoWorkEventHandler(worker_DoWork2);
worker2.RunWorkerAsync();
Thread.Sleep(1000);
String strDLLName = "spd.dll";
String strProcessName = "app";
Int32 ProcID = GetProcessId(strProcessName);
if (ProcID >= 0)
{
IntPtr hProcess = (IntPtr)OpenProcess(0x1F0FFF, 1, ProcID);
if (hProcess == null)
{
return;
}
else
{
InjectDLL(hProcess, strDLLName);
}
}
Application.Exit();
}
现在注入器工作成功,我需要以管理员权限运行此应用程序。 谢谢 !
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.