C++ 转换C++;dll注入到unicode中
好的,我运行并测试了上给出的解决方案,得到了积极的结果 现在,我已经将它转换成了一个win32 unicode项目,没有任何编译错误或运行时错误(它甚至说它被注入了dll)。没有任何明显的错误,除了dll在注入后没有执行这一事实之外,一切看起来都很好 请记住,如果未设置字符集,则Dll不会工作,但如果转换为unicode,则Dll不会工作。我甚至将dll转换成unicode只是为了测试,这在非unicode注入器上也能工作。考虑到这一点,我得出结论,问题在于改装后的喷油器 如果需要更多信息,请随时询问。您可能还会问,为什么要转换为unicode?这是我个人的喜好。因为我自己没有写代码,转换确实帮助我学习代码 我确实删除了第二个函数,但该函数从未被调用,实际上是无用的。它是相同的函数,只是变量类型不同。在擦除之前,转换不起作用 这个代码有什么问题吗? 我认为问题出在Injector.cpp中 **现在我想是DLL。将C++ 转换C++;dll注入到unicode中,c++,dll,unicode,C++,Dll,Unicode,好的,我运行并测试了上给出的解决方案,得到了积极的结果 现在,我已经将它转换成了一个win32 unicode项目,没有任何编译错误或运行时错误(它甚至说它被注入了dll)。没有任何明显的错误,除了dll在注入后没有执行这一事实之外,一切看起来都很好 请记住,如果未设置字符集,则Dll不会工作,但如果转换为unicode,则Dll不会工作。我甚至将dll转换成unicode只是为了测试,这在非unicode注入器上也能工作。考虑到这一点,我得出结论,问题在于改装后的喷油器 如果需要更多信息,请随
kernel32.dll
更改为随机后,我确实通过GetLastError()
error 127收到了预期的错误。但随后该程序被注入到崩溃中。这意味着dll已被注入。**所以在仔细考虑之后,我在没有向等式中添加dll的情况下进行了测试,在崩溃时抛出了相同的错误。似乎是注入,但不是注入dll。**<代码>DLL\U名称正在加载到函数中wcslen(DLL\u NAME)
正在返回一个值,以及RemoteString
(是0,没有加载DLL)。也就是说,我已经包括了Dllmain.cpp
// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
#include <Windows.h>
#include <string.h>
#include <stdio.h>
BOOL APIENTRY DllMain(HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
wchar_t* helloStr;
wchar_t buf[250];
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
helloStr = L"Hello";
wsprintf(buf, helloStr);
MessageBoxW(NULL, buf, NULL, NULL);
break;
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
helloStr = L"Goodbye";
wsprintf(buf, helloStr);
MessageBoxW(NULL, buf, NULL, NULL);
break;
}
return TRUE;
}
//dllmain.cpp:定义DLL应用程序的入口点。
#包括“stdafx.h”
#包括
#包括
#包括
BOOL APICENT DllMain(模块HMODULE,
德沃德·乌尔打电话的理由,
LPVOID lpReserved
)
{
wchar_t*helloStr;
wchar_t buf[250];
开关(ul\u呼叫原因\u)
{
案例DLL\u进程\u附加:
案例DLL\u线程\u连接:
helloStr=L“你好”;
wsprintf(buf,helloStr);
MessageBoxW(NULL,buf,NULL,NULL);
打破
案例DLL\u线程\u分离:
案例DLL\u进程\u分离:
helloStr=L“再见”;
wsprintf(buf,helloStr);
MessageBoxW(NULL,buf,NULL,NULL);
打破
}
返回TRUE;
}
注入器
#include "stdafx.h"
#include <windows.h>
#include <tlhelp32.h>
#include <shlwapi.h>
#include <conio.h>
#include <stdio.h>
#include <iostream>
#include "Resource.h"
Injector::Injector(void)
{
}
Injector::~Injector(void)
{
}
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
bool Injector::Inject(wchar_t* procName, wchar_t* DLL_NAME)
{
DWORD pID = GetTargetThreadIDFromProcName(procName);
HANDLE Proc = 0;
HMODULE hLib = 0;
wchar_t buf[50] = { 0 };
LPVOID RemoteString, LoadLibAddy;
if (!pID)
return false;
Proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
if (!Proc)
{
swprintf_s(buf, L"OpenProcess() failed: %d", GetLastError());
MessageBoxW(NULL, buf, L"Loader", MB_OK);
wprintf(buf);
return false;
}
LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "LoadLibraryW");
// Allocate space in the process for our DLL
RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, wcslen(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
// Write the string name of our DLL in the memory allocated
WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME, wcslen(DLL_NAME), NULL);
// Load our DLL
CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL);
CloseHandle(Proc);
return true;
}
DWORD Injector::GetTargetThreadIDFromProcName(wchar_t* ProcName)
{
PROCESSENTRY32 pe;
HANDLE thSnapShot;
BOOL retval = false;
thSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (thSnapShot == INVALID_HANDLE_VALUE)
{
MessageBoxW(NULL, L"Error: Unable to create toolhelp snapshot!", L"2MLoader", MB_OK);
return false;
}
pe.dwSize = sizeof(PROCESSENTRY32);
retval = Process32First(thSnapShot, &pe);
while (retval)
{
if (!wcscmp(pe.szExeFile, ProcName))
{
return pe.th32ProcessID;
}
retval = Process32Next(thSnapShot, &pe);
}
return 0;
}
#包括“stdafx.h”
#包括
#包括
#包括
#包括
#包括
#包括
#包括“Resource.h”
喷射器::喷射器(空隙)
{
}
喷油器::~喷油器(无效)
{
}
#定义创建线程访问(进程创建线程、进程查询信息、进程虚拟机操作、进程虚拟机写入、进程虚拟机读取)
bool Injector::Inject(wchar\u t*procName,wchar\u t*DLL\u NAME)
{
DWORD pID=GetTargetThreadIDFromProcName(procName);
handleproc=0;
HMODULE hLib=0;
wchar_t buf[50]={0};
LPVOID RemoteString,LoadLibAddy;
如果(!pID)
返回false;
Proc=OpenProcess(PROCESS\u ALL\u ACCESS,FALSE,pID);
如果(!Proc)
{
swprintf_s(buf,L“OpenProcess()失败:%d”,GetLastError());
MessageBoxW(NULL,buf,L“Loader”,MB_OK);
wprintf(buf);
返回false;
}
LoadLibAddy=(LPVOID)GetProcAddress(GetModuleHandleW(L“kernel32.dll”),“LoadLibraryW”);
//在进程中为DLL分配空间
RemoteString=(LPVOID)VirtualAllocEx(Proc,NULL,wcslen(DLL_名称),MEM_RESERVE | MEM_COMMIT,PAGE_READWRITE);
//在分配的内存中写入DLL的字符串名称
WriteProcessMemory(Proc,(LPVOID)RemoteString,DLL\u名称,wcslen(DLL\u名称),NULL;
//加载我们的DLL
CreateRemoteThread(Proc,NULL,NULL,(LPTHREAD\u START\u例程)LoadLibAddy,(LPVOID)RemoteString,NULL,NULL);
关闭手柄(Proc);
返回true;
}
DWORD注入器::GetTargetThreadIDFromProcName(wchar\u t*ProcName)
{
ProcessEntry32PE;
处理快照;
BOOL-retval=false;
thSnapShot=CreateToolhelp32Snapshot(TH32CS\u SNAPPROCESS,0);
if(thSnapShot==无效的句柄值)
{
MessageBoxW(NULL,L“错误:无法创建toolhelp快照!”,L“2MLoader”,MB_OK);
返回false;
}
pe.dwSize=sizeof(PROCESSENTRY32);
retval=Process32First(thSnapShot,&pe);
while(retval)
{
如果(!wcscmp(pe.szExeFile,ProcName))
{
返回pe.th32ProcessID;
}
retval=Process32Next(thSnapShot,&pe);
}
返回0;
}
资源.h
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NO_MFC 130
#define _APS_NEXT_RESOURCE_VALUE 129
#define _APS_NEXT_COMMAND_VALUE 32771
#define _APS_NEXT_CONTROL_VALUE 1000
#define _APS_NEXT_SYMED_VALUE 110
#endif
#endif
#pragma once
#include <Windows.h>
class Injector
{
public:
Injector(void);
~Injector(void);
bool Inject(wchar_t* procName, wchar_t* DLL_NAME);
private:
DWORD GetTargetThreadIDFromProcName(wchar_t * ProcName);
};
#已调用ifdef APSTUDIO#
#ifndef亚太只读符号
#定义_APS_NO_MFC 130
#定义_APS_NEXT_RESOURCE_值129
#定义\u APS\u NEXT\u命令\u值32771
#定义\u APS\u NEXT\u控制\u值1000
#定义下一个符号值110
#恩迪夫
#恩迪夫
#布拉格语一次
#包括
类注入器
{
公众:
注射器(空隙);
~喷油器(空隙);
bool注入(wchar\u t*procName,wchar\u t*DLL\u NAME);
私人:
DWORD GetTargetThreadIDFromProcName(wchar_t*ProcName);
};
Main.cpp
// DLL_Injector_WIN32.cpp : Defines the entry point for the application.
//
#include "stdafx.h"
#include "DLL_Injector_WIN32.h"
#include <Commdlg.h>
#include <iostream>
#include <Windows.h>
#include "Resource.h"
#define MAX_LOADSTRING 100
Injector* injector = new Injector();
// Global Variables:
HINSTANCE hInst; // current instance
TCHAR szTitle[MAX_LOADSTRING]; // The title bar text
TCHAR szWindowClass[MAX_LOADSTRING]; // the main window class name
wchar_t szFile[MAX_PATH];
LPTSTR PROC_NAME = new TCHAR[1024];
// Forward declarations of functions included in this code module:
ATOM MyRegisterClass(HINSTANCE hInstance);
BOOL InitInstance(HINSTANCE, int);
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
INT_PTR CALLBACK About(HWND, UINT, WPARAM, LPARAM);
BOOL FileOpen(HWND hwnd);
int start(wchar_t* DLL_PATH, wchar_t* PROC_NAME);
int APIENTRY _tWinMain(_In_ HINSTANCE hInstance,
_In_opt_ HINSTANCE hPrevInstance,
_In_ LPTSTR lpCmdLine,
_In_ int nCmdShow)
{
UNREFERENCED_PARAMETER(hPrevInstance);
UNREFERENCED_PARAMETER(lpCmdLine);
// TODO: Place code here.
MSG msg;
HACCEL hAccelTable;
// Initialize global strings
LoadString(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING);
LoadString(hInstance, IDC_DLL_INJECTOR_WIN32, szWindowClass, MAX_LOADSTRING);
MyRegisterClass(hInstance);
// Perform application initialization:
if (!InitInstance (hInstance, nCmdShow))
{
return FALSE;
}
hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_DLL_INJECTOR_WIN32));
// Main message loop:
while (GetMessage(&msg, NULL, 0, 0))
{
if (!TranslateAccelerator(msg.hwnd, hAccelTable, &msg))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
return (int) msg.wParam;
}
//
// FUNCTION: MyRegisterClass()
//
// PURPOSE: Registers the window class.
//
ATOM MyRegisterClass(HINSTANCE hInstance)
{
WNDCLASSEX wcex;
wcex.cbSize = sizeof(WNDCLASSEX);
wcex.style = CS_HREDRAW | CS_VREDRAW;
wcex.lpfnWndProc = WndProc;
wcex.cbClsExtra = 0;
wcex.cbWndExtra = 0;
wcex.hInstance = hInstance;
wcex.hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(IDI_DLL_INJECTOR_WIN32));
wcex.hCursor = LoadCursor(NULL, IDC_ARROW);
wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
wcex.lpszMenuName = MAKEINTRESOURCE(IDC_DLL_INJECTOR_WIN32);
wcex.lpszClassName = szWindowClass;
wcex.hIconSm = LoadIcon(wcex.hInstance, MAKEINTRESOURCE(IDI_SMALL));
return RegisterClassEx(&wcex);
}
//
// FUNCTION: InitInstance(HINSTANCE, int)
//
// PURPOSE: Saves instance handle and creates main window
//
// COMMENTS:
//
// In this function, we save the instance handle in a global variable and
// create and display the main program window.
//
BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
{
HWND hWnd;
hInst = hInstance; // Store instance handle in our global variable
hWnd = CreateWindowEx(
WS_EX_CLIENTEDGE,
szWindowClass,
szTitle,
WS_OVERLAPPEDWINDOW,
CW_USEDEFAULT, CW_USEDEFAULT, 350, 100,
NULL, NULL, hInstance, NULL);
if (!hWnd)
{
return FALSE;
}
ShowWindow(hWnd, nCmdShow);
UpdateWindow(hWnd);
return TRUE;
}
//
// FUNCTION: WndProc(HWND, UINT, WPARAM, LPARAM)
//
// PURPOSE: Processes messages for the main window.
//
// WM_COMMAND - process the application menu
// WM_PAINT - Paint the main window
// WM_DESTROY - post a quit message and return
//
//
LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
int wmId, wmEvent;
PAINTSTRUCT ps;
HDC hdc;
switch (message)
{
case WM_CREATE:
CreateWindowEx(
WS_EX_CLIENTEDGE,
L"BUTTON",
L"Inject",
WS_CHILD | WS_VISIBLE | WS_EX_CLIENTEDGE,
280, 10, 45, 25,
hWnd, (HMENU)IDC_INJECT, ((LPCREATESTRUCT)lParam)->hInstance, NULL);
CreateWindowEx(
WS_EX_CLIENTEDGE,
L"BUTTON",
L"DLL",
WS_CHILD | WS_VISIBLE | WS_EX_CLIENTEDGE,
240, 10, 35, 25,
hWnd, (HMENU)IDC_DLL, ((LPCREATESTRUCT)lParam)->hInstance, NULL);
CreateWindowEx(
WS_EX_CLIENTEDGE,
L"EDIT",
L"",
WS_CHILD | WS_VISIBLE | WS_EX_CLIENTEDGE | ES_AUTOHSCROLL,
65, 10, 170, 25,
hWnd, (HMENU)IDC_PROCESS, ((LPCREATESTRUCT)lParam)->hInstance, NULL);
CreateWindowEx(
0,
L"STATIC",
L"Process",
WS_CHILD | WS_VISIBLE,
5, 10, 55, 25,
hWnd, (HMENU)NULL, ((LPCREATESTRUCT)lParam)->hInstance, NULL);
break;
case WM_COMMAND:
wmId = LOWORD(wParam);
wmEvent = HIWORD(wParam);
// Parse the menu selections:
switch (wmId)
{
case IDC_DLL:
{
FileOpen(hWnd);
// MessageBox(NULL, szFile, L"TEST", NULL);
}
break;
case IDC_INJECT:
{
GetDlgItemText(hWnd, IDC_PROCESS, PROC_NAME, 1024);
start(szFile, PROC_NAME);
}
break;
case IDM_ABOUT:
DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About);
break;
case IDM_EXIT:
DestroyWindow(hWnd);
break;
default:
return DefWindowProc(hWnd, message, wParam, lParam);
}
break;
case WM_PAINT:
hdc = BeginPaint(hWnd, &ps);
// TODO: Add any drawing code here...
EndPaint(hWnd, &ps);
break;
case WM_DESTROY:
PostQuitMessage(0);
break;
default:
return DefWindowProc(hWnd, message, wParam, lParam);
}
return 0;
}
// Message handler for about box.
INT_PTR CALLBACK About(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
{
UNREFERENCED_PARAMETER(lParam);
switch (message)
{
case WM_INITDIALOG:
return (INT_PTR)TRUE;
case WM_COMMAND:
if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL)
{
EndDialog(hDlg, LOWORD(wParam));
return (INT_PTR)TRUE;
}
break;
}
return (INT_PTR)FALSE;
}
BOOL FileOpen(HWND hwnd)
{
OPENFILENAME ofn;
HANDLE hf;
ZeroMemory(&ofn, sizeof(ofn));
ofn.lStructSize = sizeof(ofn);
ofn.hwndOwner = hwnd;
ofn.lpstrFile = szFile;
ofn.lpstrFile[0] = '\0';
ofn.nMaxFile = sizeof(szFile);
ofn.lpstrFilter = L"DLL\0*.dll\0";
ofn.nFilterIndex = 1;
ofn.lpstrFileTitle = NULL;
ofn.nMaxFileTitle = 0;
ofn.lpstrInitialDir = NULL;
ofn.Flags = OFN_PATHMUSTEXIST | OFN_FILEMUSTEXIST;
if (GetOpenFileNameW(&ofn) == TRUE)
{
//CheckDlgButton(hwnd, IDC_PASS_LIST, BST_UNCHECKED);
hf = CreateFile(ofn.lpstrFile,
GENERIC_READ,
FILE_SHARE_READ,
(LPSECURITY_ATTRIBUTES)NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
(HANDLE)NULL);
return TRUE;
if (hf == (HANDLE)-1)
{
MessageBox(NULL, L"Could not open this file", L"File I/O Error", MB_ICONSTOP);
return FALSE;
}
}
else
{
return FALSE;
}
}
int start(wchar_t* DLL_PATH, wchar_t* PROC_NAME)
{
WCHAR dllDir[MAX_PATH];
wcscpy_s(dllDir, MAX_PATH, DLL_PATH);
//MessageBox(NULL, dllDir, L"DLL path: ", MB_ICONSTOP);
//MessageBox(NULL, PROC_NAME, L"Process: ", MB_ICONSTOP);
if (injector->Inject(PROC_NAME, dllDir)){
MessageBox(NULL, L"DLL injected!", L"DLL injected!", MB_ICONSTOP);
}
else {
MessageBox(NULL, L"Failed to inject the dll...", L"File I/O Error", MB_ICONSTOP);
}
return 0;
}
//DLL\u Injector\u WIN32.cpp:定义应用程序的入口点。
//
#包括“stdafx.h”
#包括“DLL\u Injector\u WIN32.h”
#包括
#包括
#包括
#包括“Resource.h”
#定义最大加载字符串100
喷油器*喷油器=新喷油器();
//全局变量:
HINSTANCE hInst;//当前实例
TCHAR szTitle[MAX_LOADSTRING];//标题栏文本
TCHAR szWindowClass[最大加载字符串];//主窗口类名称
wchar_t szFile[MAX_PATH];
LPTSTR PROC_NAME=new TCHAR[1024];
//转发此代码模块中包含的函数声明:
ATOM MyRegisterClass(HINSTANCE HINSTANCE);
BOOL InitInstance(HINSTANCE,int);
LRESULT回调WndProc(HWND、UINT、WPARAM、LPARAM);
INT_PTR回调关于(HWND、UINT、WPARAM、LPARAM);
喝倒采