我写了一个简单的dll库,想注入到explore.exe中,在调试的过程中各个函数的返回值似乎都正确,可为什么执行不了呢?代码如下:dll的代码:
#include "stdafx.h"
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
MessageBox(NULL,"HelloWorld!","DLL",MB_OK);
return TRUE;
}Loader的代码:
HANDLE hRemoteProcess=NULL,hRemoteThread=NULL;
HWND hWnd=NULL;
DWORD dwRemoteProcessId; //得到explore.exe的句柄,并设置打开该文件的权限
hWnd=::FindWindow(_T("Progman"),_T("Program Manager"));
if (hWnd!=NULL)
GetWindowThreadProcessId(hWnd,&dwRemoteProcessId); hRemoteProcess=OpenProcess(PROCESS_OPEN_MODE,FALSE,dwRemoteProcessId);//设置dll文件的路径
char lpDllFullPathName[50];
WCHAR pszLibFileName[100]={0}; strcpy(lpDllFullPathName,"E:\\VCPrg\\InjectDll\\Debug\\InjectDll.dll");
int iReturnCode = MultiByteToWideChar(CP_ACP, MB_ERR_INVALID_CHARS,lpDllFullPathName, strlen(lpDllFullPathName),pszLibFileName, MAX_PATH);
//测试
// HINSTANCE hIns=::LoadLibraryA(lpDllFullPathName);
// //将dll的地址写入explore.exe中
PWSTR pszLibFileRemote;
int cb=(1+lstrlenW(pszLibFileName))* sizeof(char);
pszLibFileRemote=(PWSTR) VirtualAllocEx( hRemoteProcess, NULL, cb, MEM_COMMIT, PAGE_READWRITE);
iReturnCode = WriteProcessMemory(hRemoteProcess, pszLibFileRemote, (PVOID) pszLibFileName, cb, NULL); //
PTHREAD_START_ROUTINE pfnStartAddr = (PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(_T("Kernel32.dll")), "LoadLibraryA"); hRemoteThread = CreateRemoteThread(hRemoteProcess, NULL, 0, pfnStartAddr, pszLibFileRemote, 0, NULL);在调试过程中hRemoteThread=0x00000770;hRemoteProcess=0x00000774;iReturnCode=1,可是运行的结果是没有反应,而预期应该弹出一个"HelloWorld"的对话框才对!而且在调试的过程中若采用系统的LoadLibrary(),就能弹出"HelloWorld"对话框,这说明dll没有问题的,问题应该出在Loader程序中,但是问题是什么,哪位朋友可以帮助一下?
#include "stdafx.h"
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
MessageBox(NULL,"HelloWorld!","DLL",MB_OK);
return TRUE;
}Loader的代码:
HANDLE hRemoteProcess=NULL,hRemoteThread=NULL;
HWND hWnd=NULL;
DWORD dwRemoteProcessId; //得到explore.exe的句柄,并设置打开该文件的权限
hWnd=::FindWindow(_T("Progman"),_T("Program Manager"));
if (hWnd!=NULL)
GetWindowThreadProcessId(hWnd,&dwRemoteProcessId); hRemoteProcess=OpenProcess(PROCESS_OPEN_MODE,FALSE,dwRemoteProcessId);//设置dll文件的路径
char lpDllFullPathName[50];
WCHAR pszLibFileName[100]={0}; strcpy(lpDllFullPathName,"E:\\VCPrg\\InjectDll\\Debug\\InjectDll.dll");
int iReturnCode = MultiByteToWideChar(CP_ACP, MB_ERR_INVALID_CHARS,lpDllFullPathName, strlen(lpDllFullPathName),pszLibFileName, MAX_PATH);
//测试
// HINSTANCE hIns=::LoadLibraryA(lpDllFullPathName);
// //将dll的地址写入explore.exe中
PWSTR pszLibFileRemote;
int cb=(1+lstrlenW(pszLibFileName))* sizeof(char);
pszLibFileRemote=(PWSTR) VirtualAllocEx( hRemoteProcess, NULL, cb, MEM_COMMIT, PAGE_READWRITE);
iReturnCode = WriteProcessMemory(hRemoteProcess, pszLibFileRemote, (PVOID) pszLibFileName, cb, NULL); //
PTHREAD_START_ROUTINE pfnStartAddr = (PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(_T("Kernel32.dll")), "LoadLibraryA"); hRemoteThread = CreateRemoteThread(hRemoteProcess, NULL, 0, pfnStartAddr, pszLibFileRemote, 0, NULL);在调试过程中hRemoteThread=0x00000770;hRemoteProcess=0x00000774;iReturnCode=1,可是运行的结果是没有反应,而预期应该弹出一个"HelloWorld"的对话框才对!而且在调试的过程中若采用系统的LoadLibrary(),就能弹出"HelloWorld"对话框,这说明dll没有问题的,问题应该出在Loader程序中,但是问题是什么,哪位朋友可以帮助一下?
去掉这一句话就搞定了!
int iReturnCode = MultiByteToWideChar(CP_ACP, MB_ERR_INVALID_CHARS,lpDllFullPathName, strlen(lpDllFullPathName),pszLibFileName, MAX_PATH);
LoadLibraryW