16,472
社区成员
发帖
与我相关
我的任务
分享我的远程线程注入怎么只能成功一次?
目标进程.exe
注入进程.exe
被注入的库(MyLib.dll)
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
MessageBox( NULL,"DLL已进入目标进程。", "信息", MB_ICONINFORMATION );
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
-------------------------------------------------------------------------------------------------
注入进程
m_hProcess = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, ProcessID);
返回句柄是成功的
DWORD dwWritten;
m_dwSize = lstrlenA("MyLib.dll") + 1;
m_lpBuf = VirtualAllocEx( m_hProcess, NULL, m_dwSize, MEM_COMMIT, PAGE_READWRITE );
WriteProcessMemory( m_hProcess, m_lpBuf, (LPVOID)LibName, m_dwSize, &dwWritten );
这也是成功的
DWORD dwID;
m_hRemoteThread = CreateRemoteThread( m_hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibrary, m_lpBuf, 0, &dwID );
也是成功的
奇怪呀: 启动计算机第一次执行有"DLL已进入目标进程。"提示,说明dll已经注入目标进程.以后再执行跟踪每一部都返回正常,但就是没"DLL已进入目标进程。"提示,dll未被载入,怎么回事,谁知道呀?
注入进程.exe
被注入的库(MyLib.dll)
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
MessageBox( NULL,"DLL已进入目标进程。", "信息", MB_ICONINFORMATION );
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
-------------------------------------------------------------------------------------------------
注入进程
m_hProcess = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, FALSE, ProcessID);
返回句柄是成功的
DWORD dwWritten;
m_dwSize = lstrlenA("MyLib.dll") + 1;
m_lpBuf = VirtualAllocEx( m_hProcess, NULL, m_dwSize, MEM_COMMIT, PAGE_READWRITE );
WriteProcessMemory( m_hProcess, m_lpBuf, (LPVOID)LibName, m_dwSize, &dwWritten );
这也是成功的
DWORD dwID;
m_hRemoteThread = CreateRemoteThread( m_hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibrary, m_lpBuf, 0, &dwID );
也是成功的
奇怪呀: 启动计算机第一次执行有"DLL已进入目标进程。"提示,说明dll已经注入目标进程.以后再执行跟踪每一部都返回正常,但就是没"DLL已进入目标进程。"提示,dll未被载入,怎么回事,谁知道呀?
...全文
请发表友善的回复…
发表回复
dirdirdir3 2010-08-09
- 打赏
- 举报
dll没有退出吧.........
iocpserver2 2010-08-09
- 打赏
- 举报
测试的时候是反复关闭,重复启动,应该会再次调用LoadLibrary.
Yofoo 2010-08-09
- 打赏
- 举报
普通的Dll, 一个进程只会LoadLibrary一次, 再次Load就直接返回了
