C将EXE注入另一个进程的问题
您好,我正在尝试将一个显示消息框的小.exe注入另一个进程,但每次调用CreateRemoteThread时,该进程都会崩溃。 我见过其他人使用Get/Set Context执行他们的exe,并尝试做同样的事情,除了我尝试使用CreateRemoteThread: CreateRemoteThread不返回错误,所以Idk我做错了什么C将EXE注入另一个进程的问题,c,portable-executable,C,Portable Executable,您好,我正在尝试将一个显示消息框的小.exe注入另一个进程,但每次调用CreateRemoteThread时,该进程都会崩溃。 我见过其他人使用Get/Set Context执行他们的exe,并尝试做同样的事情,除了我尝试使用CreateRemoteThread: CreateRemoteThread不返回错误,所以Idk我做错了什么 #include <stdio.h> #include <stdlib.h> #include <windows.h> ch
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
char * load(char* File)
{
FILE * f = fopen(File,"rb");
fseek(f,0,SEEK_END);
int x = ftell(f);
fseek(f,0,SEEK_SET);
char * Buff = malloc(x);
x = fread(Buff,1,x,f);
printf("%d Bytes gelesen!",x);
return Buff;
}
int main(int argc, char **argv)
{
void* Base = load("Injection.exe");
IMAGE_DOS_HEADER * hDOS = Base;
IMAGE_NT_HEADERS * hNT = Base + hDOS->e_lfanew;
STARTUPINFOA SI;
PROCESS_INFORMATION PI;
ZeroMemory(&SI,sizeof(SI));
ZeroMemory(&PI,sizeof(PI));
if (!CreateProcessA("Test.exe",NULL,NULL,NULL,0,CREATE_NEW_CONSOLE,NULL,NULL,&SI,&PI))
printf("\n\nERROR CREATING PROCESS: %d",GetLastError());
HANDLE hProc = PI.hProcess;
BYTE * ImageBase = VirtualAllocEx(hProc,NULL,hNT->OptionalHeader.SizeOfImage,MEM_RESERVE|MEM_COMMIT,PAGE_EXECUTE_READWRITE);
printf("\nAllocated Base: %p",ImageBase);
int NoS = hNT->FileHeader.NumberOfSections;
int OHSize = hNT->FileHeader.SizeOfOptionalHeader;
printf("\nNumber of Sections: %d",NoS);
printf("\nSize of Optional Headers %d",OHSize);
IMAGE_SECTION_HEADER * SEC = (hDOS->e_lfanew + Base + sizeof(IMAGE_FILE_HEADER) + 4 + hNT->FileHeader.SizeOfOptionalHeader);
for (int i = 0; i <= NoS; i++)
{
printf("\nSECTION NUMBER: %d NAME: %s",i,SEC[i].Name);
SIZE_T BW;
if (0 == WriteProcessMemory(hProc,(ImageBase+SEC[i].VirtualAddress),(Base+ SEC[i].PointerToRawData),SEC[i].SizeOfRawData,&BW))
printf("\nERROR WRITING SECTION: %d",GetLastError());
else
printf(" SIZE: %d WRITTEN: %d",SEC[i].SizeOfRawData,BW);
}
LPTHREAD_START_ROUTINE TA = (hNT->OptionalHeader.AddressOfEntryPoint + ImageBase);
DWORD TID = 0;
if (NULL == CreateRemoteThread(hProc,NULL,0,TA,NULL,0,&TID))
printf("\n\nERROR CREATING THREAD : %d",GetLastError());
else
printf("\n\nSUCESS CREATING THREAD");
getchar();
return 0;
}
#包括
#包括
#包括
char*加载(char*文件)
{
文件*f=fopen(文件“rb”);
fseek(f,0,SEEK_END);
int x=ftell(f);
fseek(f,0,SEEK_集);
char*Buff=malloc(x);
x=fread(Buff,1,x,f);
printf(“%d字节gelesen!”,x);
返回Buff;
}
int main(int argc,字符**argv)
{
void*Base=load(“Injection.exe”);
图像_DOS_头*hDOS=Base;
IMAGE\u NT\u HEADERS*hNT=Base+hDOS->e\u lfanew;
新创资讯科技有限公司;
处理信息;
零内存(&SI,sizeof(SI));
零内存(&PI,sizeof(PI));
if(!CreateProcessA(“Test.exe”,NULL,NULL,NULL,0,CREATE_NEW_CONSOLE,NULL,NULL,&SI,&PI))
printf(“\n\n创建进程时出错:%d”,GetLastError());
HANDLE hProc=PI.hpprocess;
BYTE*ImageBase=VirtualAllocEx(hProc,NULL,hNT->OptionalHeader.SizeOfImage,MEM|u RESERVE | MEM|u COMMIT,PAGE_EXECUTE_READWRITE);
printf(“\n定位基:%p”,ImageBase);
int NoS=hNT->FileHeader.NumberOfSections;
int OHSize=hNT->FileHeader.SizeOfOptionalHeader;
printf(“\n节数:%d”,个);
printf(“\n可选标题大小%d”,OHSize);
IMAGE\u SECTION\u HEADER*SEC=(hDOS->e\u lfanew+Base+sizeof(IMAGE\u FILE\u HEADER)+4+hNT->FileHeader.SizeOfOptionalHeader);
for(int i=0;i OptionalHeader.AddressOfEntryPoint+ImageBase);
DWORD TID=0;
if(NULL==CreateRemoteThread(hProc、NULL、0、TA、NULL、0和TID))
printf(“\n\n创建线程时出错:%d”,GetLastError());
其他的
printf(“\n\n访问创建线程”);
getchar();
返回0;
}