当我尝试注入此dll时,它什么也不做。甚至不显示MessageBox。同样是的,这是与ASLR一起使用的,我使用作弊引擎来获取地址,因为我还不知道如何制作自己的工具来做到这一点。我尝试通过将messageBox函数放在每个函数(包括“ DllMain”)的开头来进行调试,该函数什么也没做。无论如何,这里是代码。
bool Hook(void* hookAdress, void* ourFunc, int len)
{
if (len >= 5)
{
DWORD protection;
VirtualProtect(hookAdress, len, PAGE_EXECUTE_READWRITE, &protection);
DWORD relativeAddress = ((DWORD)ourFunc - (DWORD)hookAdress) - 5;
*(BYTE*)hookAdress = 0xE9;
*(DWORD*)((DWORD)hookAdress + 1) = relativeAddress;
DWORD temp;
VirtualProtect(hookAdress, len, PAGE_EXECUTE_READWRITE, &temp);
return true;
}
else
return false;
}
DWORD jmpBack;
_declspec(naked) void ourFunc()
{
_asm
{
sub eax, 0
jmp[jmpBack]
}
}
DWORD WINAPI MainThread(LPVOID param)
{
int hookLength = 8;
DWORD hookAdress = 0x00DB1047;
jmpBack = hookAdress + hookLength;
if (Hook((void*)hookAdress, ourFunc, hookLength))
MessageBoxA(0, "Successfully Hooked!", "Success!", 0);
else
MessageBoxA(0, "Failed To Hook!", "Fail", 0);
while (true)
{
if (GetAsyncKeyState(VK_END))
{
break;
}
Sleep(40);
}
FreeLibraryAndExitThread((HMODULE)param, 0);
return 0;
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
CreateThread(nullptr, 0, MainThread, hModule, 0, nullptr);
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
我想我想知道这是否与我的代码,注入工具或项目属性配置有关。
CreateThread
在这里不应该使用。如果主线程确实退出为ExitProcess
,则在主线程退出时将强制所有子线程退出。 https://devblogs.microsoft.com/oldnewthing/20100827-00/?p=13023
MainThread
功能的任何部分都可以中断。
您无需在此处创建线程。只需调用普通函数即可。
编辑:
DLL_PROCESS_ATTACH
:
DLL正在被加载到当前的虚拟地址空间中由于启动过程或由于调用LoadLibrary。
当我将DLL注入到test.exe进程中时,我不需要调用任何dll函数来执行DLL_PROCESS_ATTACH
下的打印。test.exe:
#include <windows.h>
int main()
{
while (1);
return 0;
}
DLLMain:
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
printf("DLL_PROCESS_ATTACH ...\n");
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
break
case DLL_PROCESS_DETACH:
printf("DLL_PROCESS_DETACH ...\n");
break;
}
return TRUE;
}