我尝试在kernel32中使用CreateThread在新线程中启动DataCollectorEntry函数,但它没有执行函数上的任何行并且GetLastError返回
0@OptIn(ExperimentalForeignApi::class)
var instanceHandleModule: HMODULE? = null
@OptIn(ExperimentalForeignApi::class)
var functionThread: HANDLE? = null
@ThreadLocal
var globalValueInternal: HANDLE_PTR = 0xdeadbeefUL
@OptIn(ExperimentalNativeApi::class, ExperimentalForeignApi::class)
fun DataCollectorEntry(lpThreadParameter : LPVOID?): DWORD{
OutputDebugStringA("Data Collector Entry")
MessageBoxA(null, "HI", "Test", MB_OK.toUInt())
// val lpBaseAddress: COpaquePointer? = malloc(8UL)
// lpBaseAddress.rawValue
// val lpBuffer = malloc(8UL)
// ReadProcessMemory(GetCurrentProcess(), lpBaseAddress, lpBuffer, 8UL, null)
return 0u
}
@OptIn(ExperimentalNativeApi::class, ExperimentalForeignApi::class)
@CName("DllMain")
fun DllMain(hModule: HMODULE, ul_reason_for_call: DWORD, lpReserved: LPVOID): Boolean {
when (ul_reason_for_call.toInt()) {
DLL_PROCESS_ATTACH -> {
instanceHandleModule = hModule
OutputDebugStringA("DllMain Attached")
// val threadFunc2: CPointer<CFunction<(LPVOID?) -> DWORD>> = GetProcAddress(GetModuleHandleA("kernel32"), "CreateThread")!!.reinterpret()
val threadFunc: CPointer<CFunction<(LPVOID?) -> DWORD>> = staticCFunction(::DataCollectorEntry)
functionThread = CreateThread(null, 0u, threadFunc, NULL, 0u, null)
MessageBoxA(null, "Last Error ${GetLastError()} , $functionThread", "Test", MB_OK.toUInt())
// OutputDebugStringA(GetLastError().toString())
// OutputDebugStringA("Thread Handle:: ${if (functionThread == null) "It Is Null" else functionThread.toLong()}")
}
DLL_PROCESS_DETACH -> {
// Perform cleanup or finalization tasks here
OutputDebugStringA("DllMain Detached")
}
}
return true
}
所以我发现代码是正确的,让我解释一下,当我想测试dll时,我直接用x64dbg打开了dll,但在这种情况下创建了线程,但我不知道为什么线程函数不执行,但是当我尝试将 dll 注入到执行函数的其他进程中,因此代码是正确的