[英]calling an managed dll from an unmanaged dll file (that is injected into the running process)
無法弄清楚如何使用非托管dll調用托管dll文件中的函數。
目前,我能夠使用如下所示的方法將非托管的dll注入正在運行的進程中,並調用托管的dll(主要是我是c ++的新手)。
#include "stdafx.h"
#include <Windows.h>
#include "dllmain.h"
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved )
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
LoadManagedProject(L"C:\\Users\\nagaganesh.kurcheti\\Desktop\\ExampleProject.dll");
DisplayPid();
break;
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
void DisplayPid()
{
DWORD pid = GetCurrentProcessId();
wchar_t buf[64];
wsprintf(buf, L"Hey, it worked! Pid is %d", pid);
MessageBox(NULL, buf, L"Injected NEW MessageBox", NULL);
}
從DLL中,我正在調用處理看起來像這樣的注入過程的功能:
DllExport void LoadManagedProject(const wchar_t * managedDllLocation)
{
HRESULT hr;
ICLRMetaHost* pClrMetaHost = NULL;
ICLRRuntimeInfo* pClrRuntimeInfo = NULL;
ICLRRuntimeHost* pClrRuntimeHost = NULL;
hr = CLRCreateInstance(CLSID_CLRMetaHost, IID_ICLRMetaHost, (LPVOID*)&pClrMetaHost);
if (hr == S_OK)
{
hr = pClrMetaHost->GetRuntime(L"v4.0.30319", IID_PPV_ARGS(&pClrRuntimeInfo));
if (hr == S_OK)
{
BOOL fLoadable;
hr = pClrRuntimeInfo->IsLoadable(&fLoadable);
if ((hr == S_OK) && fLoadable)
{
hr = pClrRuntimeInfo->GetInterface(CLSID_CLRRuntimeHost,
IID_PPV_ARGS(&pClrRuntimeHost));
if (hr == S_OK)
{
hr = pClrRuntimeHost->Start();
if (hr == S_OK)
{
MessageBox(NULL, L"HR=SOK45STTIME", L"Injected MessageBox", NULL);
DWORD result;
hr = pClrRuntimeHost->ExecuteInDefaultAppDomain(
managedDllLocation,
L"ExampleProject.Example",
L"EntryPoint",
L"Argument",
&result);
if (hr == S_OK)
{
MessageBox(NULL, L"HR=SOK6STTIME", L"Injected MessageBox", NULL);
}
}
}
}
}
}
}
經過多次嘗試,我無法注入該過程。 我能得到我所犯的錯誤還是建議使用注入到正在運行的進程中的非托管dll調用托管dll(c#)的更好方法。 先感謝您。
更新:
如果無法通過這種方式,您能否建議將托管dll注入正在運行的進程中的任何最佳方法。 謝謝
您可以通過使用EasyHook將托管dll注入非托管進程來實現此目的,以下是示例代碼:
#include <easyhook.h>
#include <string>
#include <iostream>
#include <Windows.h>
DWORD gFreqOffset = 0;
BOOL WINAPI myBeepHook(DWORD dwFreq, DWORD dwDuration)
{
std::cout << "\n BeepHook: ****All your beeps belong to us!\n\n";
return Beep(dwFreq + gFreqOffset, dwDuration);
}
// EasyHook will be looking for this export to support DLL injection. If not found then
// DLL injection will fail.
extern "C" void __declspec(dllexport) __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* inRemoteInfo);
void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* inRemoteInfo)
{
std::cout << "\n\nNativeInjectionEntryPointt(REMOTE_ENTRY_INFO* inRemoteInfo)\n\n" <<
"IIIII jjj tt dd !!! \n"
" III nn nnn eee cccc tt eee dd !!! \n"
" III nnn nn jjj ee e cc tttt ee e dddddd !!! \n"
" III nn nn jjj eeeee cc tt eeeee dd dd \n"
"IIIII nn nn jjj eeeee ccccc tttt eeeee dddddd !!! \n"
" jjjj \n\n";
std::cout << "Injected by process Id: " << inRemoteInfo->HostPID << "\n";
std::cout << "Passed in data size: " << inRemoteInfo->UserDataSize << "\n";
if (inRemoteInfo->UserDataSize == sizeof(DWORD))
{
gFreqOffset = *reinterpret_cast<DWORD *>(inRemoteInfo->UserData);
std::cout << "Adjusting Beep frequency by: " << gFreqOffset << "\n";
}
// Perform hooking
HOOK_TRACE_INFO hHook = { NULL }; // keep track of our hook
std::cout << "\n";
std::cout << "Win32 Beep found at address: " << GetProcAddress(GetModuleHandle(TEXT("kernel32")), "Beep") << "\n";
// Install the hook
NTSTATUS result = LhInstallHook(
GetProcAddress(GetModuleHandle(TEXT("kernel32")), "Beep"),
myBeepHook,
NULL,
&hHook);
if (FAILED(result))
{
std::wstring s(RtlGetLastErrorString());
std::wcout << "Failed to install hook: ";
std::wcout << s;
}
else
{
std::cout << "Hook 'myBeepHook installed successfully.";
}
// If the threadId in the ACL is set to 0,
// then internally EasyHook uses GetCurrentThreadId()
ULONG ACLEntries[1] = { 0 };
// Disable the hook for the provided threadIds, enable for all others
LhSetExclusiveACL(ACLEntries, 1, &hHook);
return;
}
或者您可以在原始來源找到更多詳細信息
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.