上个帖子可能说的不清楚,重开贴,我菜鸟一个,希望高手帮忙!我想实现的功能时:一个主程序调用我的DLL(my.dll),执行my.dll时去改写my.dll自己在内存中的代码,我的测试程序是这样的:执行my.dll时,修改内存中my.dll的以函数Testblue为起始地址的代码为0x01,0x02,我该怎么写这个my.dll呢?
这是我的大体思路,不知道dll自己写自己能不能这样做:
1.OpenProcess
2.VirtualQuery
3.VirtualProtect
4.WriteProcessMemory
这是我的代码,:
主程序传过来的,算是已知:
HMODULE hInst; // this DLL's instance handle
HWND hMainfrm; // parent handle (CMainFrame)
//Dll中供测试的函数,
int Testblue(int i)
{
return ++i;
}
//以下是处理函数中代码:
HANDLE m_handle;
MEMORY_BASIC_INFORMATION mbi;
BYTE buffx[2]={0x1,0x2}; pp = Testblue;
DWORD myID;
int * p;
p = (int *)pp;
sret = GetWindowThreadProcessId(hMainfrm,&myID);// 1. 这里用父窗口的句柄来得到进程的句柄myID,不知 对不对?
m_handle = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ,FALSE,myID);
//2.打开进程,
VirtualQuery(p,&mbi,sizeof(MEMORY_BASIC_INFORMATION));
//3.获取进程修改的页地址属性
sret = VirtualProtect(mbi.BaseAddress,mbi.RegionSize,PAGE_EXECUTE_READWRITE,&mbi.Protect);
//4.去保护
sret = WriteProcessMemory(&myID,p,buffx,sizeof(buffx),returnp);
//5.这里总是返回 0,执行失败,
// 错误码6:The handle is invalid
这是我的大体思路,不知道dll自己写自己能不能这样做:
1.OpenProcess
2.VirtualQuery
3.VirtualProtect
4.WriteProcessMemory
这是我的代码,:
主程序传过来的,算是已知:
HMODULE hInst; // this DLL's instance handle
HWND hMainfrm; // parent handle (CMainFrame)
//Dll中供测试的函数,
int Testblue(int i)
{
return ++i;
}
//以下是处理函数中代码:
HANDLE m_handle;
MEMORY_BASIC_INFORMATION mbi;
BYTE buffx[2]={0x1,0x2}; pp = Testblue;
DWORD myID;
int * p;
p = (int *)pp;
sret = GetWindowThreadProcessId(hMainfrm,&myID);// 1. 这里用父窗口的句柄来得到进程的句柄myID,不知 对不对?
m_handle = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ,FALSE,myID);
//2.打开进程,
VirtualQuery(p,&mbi,sizeof(MEMORY_BASIC_INFORMATION));
//3.获取进程修改的页地址属性
sret = VirtualProtect(mbi.BaseAddress,mbi.RegionSize,PAGE_EXECUTE_READWRITE,&mbi.Protect);
//4.去保护
sret = WriteProcessMemory(&myID,p,buffx,sizeof(buffx),returnp);
//5.这里总是返回 0,执行失败,
// 错误码6:The handle is invalid
LPVOID lpBaseAddress, // address to start writing to
LPVOID lpBuffer, // pointer to buffer to write data to
DWORD nSize, // number of bytes to write
LPDWORD lpNumberOfBytesWritten // actual number of bytes written
);
#include "stdafx.h"
#include "windows.h"
int test1(int i);
int _tmain(int argc, _TCHAR* argv[])
{
int i = test1(3); // release 版 会将 test1 优化成 int i = 4; void* pt1 = test1; DWORD old; // debug 版 test1的地址为 jmp 指令
VirtualProtect(pt1, 4, PAGE_READWRITE, &old); *(int*)pt1 = 0x02; return 0;
}int test1(int i)
{
i++;
return i;
}