我正在努力将dll注入Windows上的任何进程。我已经有一个适用于我自己的程序的代码,例如hello world或类似的东西,但其他程序,例如记事本,calc,chrome等。
程序可以阻止dll的注入,所以我不知道该怎么做才能绕过它。
我的最终目标是挂钩任何程序的api调用。
此域对我来说是新的,因此,如果您有任何资源或解决方案,那么我是这里的初学者!
injector.cpp
#include <iostream>
#include <Windows.h>
int main()
{
// path to our dll
LPCSTR DllPath = "D:\\projects\\standardinjection\\release\\testlib.dll";
INT process_id = 14367;
// Open a handle to target process
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_id);
// Allocate memory for the dllpath in the target process
// length of the path string + null terminator
LPVOID pDllPath = VirtualAllocEx(hProcess, 0, strlen(DllPath) + 1,
MEM_COMMIT, PAGE_READWRITE);
// Write the path to the address of the memory we just allocated
// in the target process
WriteProcessMemory(hProcess, pDllPath, (LPVOID)DllPath,
strlen(DllPath) + 1, 0);
// Create a Remote Thread in the target process which
// calls LoadLibraryA as our dllpath as an argument -> program loads our dll
HANDLE hLoadThread = CreateRemoteThread(hProcess, 0, 0,
(LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandleA("Kernel32.dll"),
"LoadLibraryA"), pDllPath, 0, 0);
// Wait for the execution of our loader thread to finish
WaitForSingleObject(hLoadThread, INFINITE);
std::cout << "Dll path allocated at: " << std::hex << pDllPath << std::endl;
std::cin.get();
// Free the memory allocated for our dll path
VirtualFreeEx(hProcess, pDllPath, strlen(DllPath) + 1, MEM_RELEASE);
return 0;
}
我的dll
#include <Windows.h>
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
MessageBox(0, L"Hello From testlib!", L"Hello", MB_ICONINFORMATION);
return TRUE;
}
我目前在Windows 10 x64上来自Unix操作系统,因此Windows对我来说是个新手!
感谢您的时间!
对于99%的注入方法,您必须能够将代码写入目标进程。为此,您需要能够通过将OpenProcess()与所需的privileges一起使用来打开进程句柄。
如果您要注入的进程是带有内核模式防tic火的游戏,它将通过ObjRegisterCallbacks阻止您。您还需要处于内核模式才能绕过此保护。
如果您要注入的进程正在以SYSTEM或Protected Process Light进程的形式运行,那么那里也会遇到麻烦。有关更多信息,请访问我的previous answer