16,552
社区成员
发帖
与我相关
我的任务
分享求助,关于VB.net 的注入,Call,汇编类的问题
这几天一直想弄个.net 的汇编类,让Vb.net进行汇编操作
Imports System
Imports System.IO
Imports System.Threading
Imports System.Runtime.InteropServices
Imports System.Security.Permissions
Public Class Class1
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Integer) As Integer
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByVal lpBuffer As Integer, ByVal nSize As Integer, ByVal lpNumberOfBytesWritten As Integer) As Integer
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Integer, ByVal lpThreadAttributes As Integer, ByVal dwStackSize As Integer, ByVal lpStartAddress As Integer, ByVal lpParameter As Integer, ByVal dwCreationFlags As Integer, ByVal lpThreadId As Integer) As Integer
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Integer, ByVal lpAddress As Integer, ByVal dwSize As Integer, ByVal dwFreeType As Integer) As Integer
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Integer, ByVal lpAddress As Integer, ByVal dwSize As Integer, ByVal flAllocationType As Integer, ByVal flProtect As Integer) As Integer
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Integer, ByVal hWnd As Integer, ByVal Msg As Integer, ByVal wParam As Integer, ByVal lParam As Integer) As Integer
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As Integer
Const PAGE_EXECUTE_READWRITE = &H40
Const MEM_COMMIT = &H1000
Const MEM_RELEASE = &H8000
Const MEM_DECOMMIT = &H4000
Const PROCESS_ALL_ACCESS = &H1F0FFF
Dim OPcode As String
Dim id As Integer
Dim ptAddr(10) As Integer
Function Get_Result() As String
Dim i As Integer
Dim AsmCode(Len(OPcode) / 2 - 1) As Byte
For i = 0 To UBound(AsmCode)
AsmCode(i) = CByte("&H" & Mid(OPcode, i * 2 + 1, 2))
Next
Get_Result = CStr(CallWindowProc(VarPtr(AsmCode(0)), 0, 0, 0, 0))
End Function
Function Get_Code() As String
Get_Code = OPcode
End Function
Function inject(ByRef pid As Integer) As Integer '返回值为调用runasm和free的参数
Dim RThwnd, i, tmp_Addr, h As Integer
Dim AsmCode(Len(OPcode) / 2 - 1) As Byte
For i = 0 To UBound(AsmCode)
AsmCode(i) = CByte("&H" & Mid(OPcode, i * 2 + 1, 2))
Next
h = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
ptAddr(id) = VirtualAllocEx(h, 0, UBound(AsmCode) + 1, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
WriteProcessMemory(h, ptAddr(id), VarPtr(AsmCode(0)), UBound(AsmCode) + 1, 0)
CloseHandle(h)
inject = id
id = id + 1
OPcode = ""
End Function
Public Function VarPtr(ByRef MyObject As Object) As System.IntPtr
Dim MyGCHandle As GCHandle = GCHandle.Alloc(MyObject, GCHandleType.Pinned)
VarPtr = MyGCHandle.AddrOfPinnedObject()
MyGCHandle.Free()
End Function
Function free(ByRef pid As Integer, ByRef aid As Integer) As Object
Dim RThwnd, h As Integer
h = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
VirtualFreeEx(h, ptAddr(aid), 0, MEM_RELEASE)
CloseHandle(h)
End Function
Function Run_ASM(ByRef pid As Integer, ByRef aid As Integer) As Integer
Dim RThwnd, h As Integer
h = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
RThwnd = CreateRemoteThread(h, 0, 0, ptAddr(aid), 0, 0, 0)
CloseHandle(RThwnd)
CloseHandle(h)
End Function
Function Int2Hex(ByRef Value As Integer, ByRef n As Integer) As String '高地位互换
Dim tmp1, tmp2 As String
Dim i As Integer
tmp1 = Right("0000000" & Hex(Value), n)
For i = 0 To Len(tmp1) / 2 - 1
tmp2 = tmp2 & Mid(tmp1, Len(tmp1) - 1 - 2 * i, 2)
Next i
Int2Hex = tmp2
End Function
------------------------以下省略----------------------
可是,我做一个最简单的Call都会导致被注入的进程(游戏)崩溃
Sub dazuo()
Dim asm As New Class1
Const Address = &H5BE0F0
With asm
.Pushad()
.Mov_EAX(Address)
.Call_EAX()
.Popad()
.ret()
End With
asm.inject(pid)
asm.Run_ASM(pid, 0)
asm.free(pid, 0)
End Sub
请问各大高手,我的问题出在哪里呢
附上: VC# 调用成功的汇编类
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace Game_Plug_Core
{
class AsmClass
{
[DllImport("kernel32.dll", EntryPoint = "CloseHandle")]
public static extern int CloseHandle(int hObject);
[DllImport("kernel32.dll")]
public static extern Int32 WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[In, Out] byte[] buffer,
int size,
out IntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
public static extern Int32 WriteProcessMemory(
int hProcess,
int lpBaseAddress,
byte[] buffer,
int size,
int lpNumberOfBytesWritten);
[DllImport("kernel32", EntryPoint = "CreateRemoteThread")]
public static extern int CreateRemoteThread(
int hProcess,
int lpThreadAttributes,
int dwStackSize,
int lpStartAddress,
int lpParameter,
int dwCreationFlags,
ref int lpThreadId
);
[DllImport("Kernel32.dll")]
public static extern System.Int32 VirtualAllocEx(
System.IntPtr hProcess,
System.Int32 lpAddress,
System.Int32 dwSize,
System.Int16 flAllocationType,
System.Int16 flProtect
);
[DllImport("Kernel32.dll")]
public static extern System.Int32 VirtualAllocEx(
int hProcess,
int lpAddress,
int dwSize,
int flAllocationType,
int flProtect
);
[DllImport("Kernel32.dll")]
public static extern System.Int32 VirtualFreeEx(
int hProcess,
int lpAddress,
int dwSize,
int flAllocationType
);
[DllImport("kernel32.dll", EntryPoint = "OpenProcess")]
public static extern int OpenProcess(
int dwDesiredAccess,
int bInheritHandle,
int dwProcessId
);
private const int PAGE_EXECUTE_READWRITE = 0x4;
private const int MEM_COMMIT = 4096;
private const int MEM_RELEASE = 0x8000;
private const int MEM_DECOMMIT = 0x4000;
private const int PROCESS_ALL_ACCESS = 0x1F0FFF;
private const int PROCESS_CREATE_THREAD = 0x2;
private const int PROCESS_VM_OPERATION = 0x8;
private const int PROCESS_VM_WRITE = 0x20;
public string Asmcode = "";
private string hex(int address)
{
string str = address.ToString("X");
return str;
}
public string intTohex(int value, int num)
{
string str1;
string str2 = "";
str1 = "0000000" + this.hex(value);
str1 = str1.Substring(str1.Length - num, num);
for (int i = 0; i < str1.Length / 2; i++)
{
str2 = str2 + str1.Substring(str1.Length - 2 - 2 * i, 2);
}
return str2;
}
Imports System
Imports System.IO
Imports System.Threading
Imports System.Runtime.InteropServices
Imports System.Security.Permissions
Public Class Class1
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Integer) As Integer
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Integer, ByVal lpBaseAddress As Integer, ByVal lpBuffer As Integer, ByVal nSize As Integer, ByVal lpNumberOfBytesWritten As Integer) As Integer
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Integer, ByVal lpThreadAttributes As Integer, ByVal dwStackSize As Integer, ByVal lpStartAddress As Integer, ByVal lpParameter As Integer, ByVal dwCreationFlags As Integer, ByVal lpThreadId As Integer) As Integer
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Integer, ByVal lpAddress As Integer, ByVal dwSize As Integer, ByVal dwFreeType As Integer) As Integer
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Integer, ByVal lpAddress As Integer, ByVal dwSize As Integer, ByVal flAllocationType As Integer, ByVal flProtect As Integer) As Integer
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Integer, ByVal hWnd As Integer, ByVal Msg As Integer, ByVal wParam As Integer, ByVal lParam As Integer) As Integer
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Integer, ByVal bInheritHandle As Integer, ByVal dwProcessId As Integer) As Integer
Const PAGE_EXECUTE_READWRITE = &H40
Const MEM_COMMIT = &H1000
Const MEM_RELEASE = &H8000
Const MEM_DECOMMIT = &H4000
Const PROCESS_ALL_ACCESS = &H1F0FFF
Dim OPcode As String
Dim id As Integer
Dim ptAddr(10) As Integer
Function Get_Result() As String
Dim i As Integer
Dim AsmCode(Len(OPcode) / 2 - 1) As Byte
For i = 0 To UBound(AsmCode)
AsmCode(i) = CByte("&H" & Mid(OPcode, i * 2 + 1, 2))
Next
Get_Result = CStr(CallWindowProc(VarPtr(AsmCode(0)), 0, 0, 0, 0))
End Function
Function Get_Code() As String
Get_Code = OPcode
End Function
Function inject(ByRef pid As Integer) As Integer '返回值为调用runasm和free的参数
Dim RThwnd, i, tmp_Addr, h As Integer
Dim AsmCode(Len(OPcode) / 2 - 1) As Byte
For i = 0 To UBound(AsmCode)
AsmCode(i) = CByte("&H" & Mid(OPcode, i * 2 + 1, 2))
Next
h = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
ptAddr(id) = VirtualAllocEx(h, 0, UBound(AsmCode) + 1, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
WriteProcessMemory(h, ptAddr(id), VarPtr(AsmCode(0)), UBound(AsmCode) + 1, 0)
CloseHandle(h)
inject = id
id = id + 1
OPcode = ""
End Function
Public Function VarPtr(ByRef MyObject As Object) As System.IntPtr
Dim MyGCHandle As GCHandle = GCHandle.Alloc(MyObject, GCHandleType.Pinned)
VarPtr = MyGCHandle.AddrOfPinnedObject()
MyGCHandle.Free()
End Function
Function free(ByRef pid As Integer, ByRef aid As Integer) As Object
Dim RThwnd, h As Integer
h = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
VirtualFreeEx(h, ptAddr(aid), 0, MEM_RELEASE)
CloseHandle(h)
End Function
Function Run_ASM(ByRef pid As Integer, ByRef aid As Integer) As Integer
Dim RThwnd, h As Integer
h = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
RThwnd = CreateRemoteThread(h, 0, 0, ptAddr(aid), 0, 0, 0)
CloseHandle(RThwnd)
CloseHandle(h)
End Function
Function Int2Hex(ByRef Value As Integer, ByRef n As Integer) As String '高地位互换
Dim tmp1, tmp2 As String
Dim i As Integer
tmp1 = Right("0000000" & Hex(Value), n)
For i = 0 To Len(tmp1) / 2 - 1
tmp2 = tmp2 & Mid(tmp1, Len(tmp1) - 1 - 2 * i, 2)
Next i
Int2Hex = tmp2
End Function
------------------------以下省略----------------------
可是,我做一个最简单的Call都会导致被注入的进程(游戏)崩溃
Sub dazuo()
Dim asm As New Class1
Const Address = &H5BE0F0
With asm
.Pushad()
.Mov_EAX(Address)
.Call_EAX()
.Popad()
.ret()
End With
asm.inject(pid)
asm.Run_ASM(pid, 0)
asm.free(pid, 0)
End Sub
请问各大高手,我的问题出在哪里呢
附上: VC# 调用成功的汇编类
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace Game_Plug_Core
{
class AsmClass
{
[DllImport("kernel32.dll", EntryPoint = "CloseHandle")]
public static extern int CloseHandle(int hObject);
[DllImport("kernel32.dll")]
public static extern Int32 WriteProcessMemory(
IntPtr hProcess,
IntPtr lpBaseAddress,
[In, Out] byte[] buffer,
int size,
out IntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
public static extern Int32 WriteProcessMemory(
int hProcess,
int lpBaseAddress,
byte[] buffer,
int size,
int lpNumberOfBytesWritten);
[DllImport("kernel32", EntryPoint = "CreateRemoteThread")]
public static extern int CreateRemoteThread(
int hProcess,
int lpThreadAttributes,
int dwStackSize,
int lpStartAddress,
int lpParameter,
int dwCreationFlags,
ref int lpThreadId
);
[DllImport("Kernel32.dll")]
public static extern System.Int32 VirtualAllocEx(
System.IntPtr hProcess,
System.Int32 lpAddress,
System.Int32 dwSize,
System.Int16 flAllocationType,
System.Int16 flProtect
);
[DllImport("Kernel32.dll")]
public static extern System.Int32 VirtualAllocEx(
int hProcess,
int lpAddress,
int dwSize,
int flAllocationType,
int flProtect
);
[DllImport("Kernel32.dll")]
public static extern System.Int32 VirtualFreeEx(
int hProcess,
int lpAddress,
int dwSize,
int flAllocationType
);
[DllImport("kernel32.dll", EntryPoint = "OpenProcess")]
public static extern int OpenProcess(
int dwDesiredAccess,
int bInheritHandle,
int dwProcessId
);
private const int PAGE_EXECUTE_READWRITE = 0x4;
private const int MEM_COMMIT = 4096;
private const int MEM_RELEASE = 0x8000;
private const int MEM_DECOMMIT = 0x4000;
private const int PROCESS_ALL_ACCESS = 0x1F0FFF;
private const int PROCESS_CREATE_THREAD = 0x2;
private const int PROCESS_VM_OPERATION = 0x8;
private const int PROCESS_VM_WRITE = 0x20;
public string Asmcode = "";
private string hex(int address)
{
string str = address.ToString("X");
return str;
}
public string intTohex(int value, int num)
{
string str1;
string str2 = "";
str1 = "0000000" + this.hex(value);
str1 = str1.Substring(str1.Length - num, num);
for (int i = 0; i < str1.Length / 2; i++)
{
str2 = str2 + str1.Substring(str1.Length - 2 - 2 * i, 2);
}
return str2;
}
...全文
请发表友善的回复…
发表回复
dongfangbai 2011-08-10
- 打赏
- 举报
mark!
zjljk2000 2010-09-21
- 打赏
- 举报
mark
sfp_801 2010-03-03
- 打赏
- 举报
有点深,不太明白,来拿分的
lihaidomain 2009-11-05
- 打赏
- 举报
有点深,不太明白,来拿分的
abcadefgab 2009-10-29
- 打赏
- 举报
看不懂
Bill Gu 2009-10-29
- 打赏
- 举报
这是什么啊,怎么VB和财C#混着的
heian_ly2007 2009-10-28
- 打赏
- 举报
虾米。。分那么有用。。?
yy251766117 2009-10-28
- 打赏
- 举报
End Function
Function inject(ByRef pid As Integer) As Integer '返回值为调用runasm和free的参数
Dim RThwnd, i, tmp_Addr, h As Integer
Dim AsmCode(Len(OPcode) / 2 - 1) ````````````
Function inject(ByRef pid As Integer) As Integer '返回值为调用runasm和free的参数
Dim RThwnd, i, tmp_Addr, h As Integer
Dim AsmCode(Len(OPcode) / 2 - 1) ````````````
yy251766117 2009-10-28
- 打赏
- 举报
End Function
Function inject(ByRef pid As Integer) As Integer '返回值为调用runasm和free的参数
Dim RThwnd, i, tmp_Addr, h As Integer
Dim AsmCode(Len(OPcode) / 2 - 1)
Function inject(ByRef pid As Integer) As Integer '返回值为调用runasm和free的参数
Dim RThwnd, i, tmp_Addr, h As Integer
Dim AsmCode(Len(OPcode) / 2 - 1)
liyoubaidu 2009-10-28
- 打赏
- 举报
这个得顶的。
hankstang 2009-10-27
- 打赏
- 举报
帮re
claire_nxl 2009-10-27
- 打赏
- 举报
有点复杂
crane1991 2009-10-27
- 打赏
- 举报
好难哦
wei_june 2009-10-27
- 打赏
- 举报
sdf
shclhs 2009-10-27
- 打赏
- 举报
藏
robake 2009-10-27
- 打赏
- 举报
收藏了,兴许哪天用得着。
huminghua 2009-10-27
- 打赏
- 举报
顶
A642803063 2009-10-27
- 打赏
- 举报
那份走分
yidichaxiang 2009-10-27
- 打赏
- 举报
mark
heian_ly2007 2009-10-26
- 打赏
- 举报
asm的好人真多。。
加载更多回复(44)
