学习注入时报错，指令引用的0x0000000内存该内存不能为"written"

qq_34671602 2017-06-19 02:50:49

学习注入时报错，指令引用的0x0000000内存该内存不能为"written",调试是没有错的，就是注入指定PID后，出错下面是代码，小的不才，望指教，主要在 injectcode函数那，

typedef struct _DATA

{

	DWORD dwloadlibrary;

	DWORD dwgetprocaddress;

	DWORD dwgetmodulehandle;

	DWORD dwgetmodulefilename;



	char user32dll[20];

	char MessageBox[20];

	char str[20];

}DATA, *PDATA;

DWORD WINAPI RemoteThreadProc(LPVOID lpParam)

{

    PDATA pData = (PDATA)lpParam;



    // 定义API函数原型

    HMODULE (__stdcall *MyLoadLibrary)(LPCTSTR);

    FARPROC (__stdcall *MyGetProcAddress)(HMODULE, LPCSTR);

    HMODULE (__stdcall *MyGetModuleHandle)(LPCTSTR);

    int (__stdcall *MyMessageBox)(HWND, LPCTSTR, LPCTSTR, UINT);

    DWORD (__stdcall *MyGetModuleFileName)(HMODULE, LPTSTR, DWORD);



    MyLoadLibrary = (HMODULE (__stdcall *)(LPCTSTR))pData->dwloadlibrary;

    MyGetProcAddress = (FARPROC (__stdcall *)(HMODULE,LPCSTR))pData->dwgetprocaddress;

    MyGetModuleHandle = (HMODULE (__stdcall *)(LPCSTR))pData->dwgetmodulehandle;

    MyGetModuleFileName = (DWORD (__stdcall *)(HMODULE,LPTSTR,DWORD nSize))pData->dwgetmodulefilename;

    

    HMODULE hModule = MyLoadLibrary(pData->user32dll);

    MyMessageBox = (int (__stdcall *)(HWND,LPCTSTR,LPCTSTR,UINT))MyGetProcAddress(hModule, pData->MessageBox);

    char szModuleName[MAX_PATH] = { 0 };

    MyGetModuleFileName(NULL, szModuleName, MAX_PATH);



    MyMessageBox(NULL, pData->str, szModuleName, MB_OK);



    return 0;

}





HCURSOR CInjectDlg::OnQueryDragIcon()

{

	return (HCURSOR) m_hIcon;

}



void CInjectDlg::Oninject() 

{

	DWORD dwpid=GetDlgItemInt(IDC_PID,FALSE,FALSE);

   	Injectcode(dwpid);



}



void CInjectDlg::Injectcode(DWORD dwpid)

{

    HANDLE hand = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwpid);

    DATA data={ 0 };

	data.dwloadlibrary=(DWORD)GetProcAddress(GetModuleHandle("Kernel32.dll"),"loadLibraryA");

	data.dwgetprocaddress=(DWORD)GetProcAddress(GetModuleHandle("Kernel32.dll"),"GetProcAddress");

	data.dwgetmodulehandle=(DWORD)GetProcAddress(GetModuleHandle("Kernel32.dll"),"GetMoudleHandleA");

	data.dwgetmodulefilename=(DWORD)GetProcAddress(GetModuleHandle("Kernel32.dll"),"GetModuleFileNameA");



	lstrcpy(data.user32dll,"user32.dll");

	lstrcpy(data.MessageBox,"MessageBoxA");

	lstrcpy(data.str,"inject code!!!!!!");



   LPVOID lpdata=VirtualAllocEx(hand,NULL,sizeof(DATA),MEM_COMMIT | MEM_RESERVE,PAGE_READWRITE);

    DWORD dwwrite = 0;

   WriteProcessMemory(hand,lpdata,&data,sizeof(DATA),&dwwrite);

   DWORD dwrite = 0;

    DWORD dwfunsize=0x2000;

	LPVOID lpcode = VirtualAllocEx(hand,NULL,dwfunsize,MEM_COMMIT,PAGE_EXECUTE_READWRITE);



	WriteProcessMemory(hand,lpcode,RemoteThreadProc,dwfunsize,&dwrite);



	HANDLE hremotethread = CreateRemoteThread(hand,NULL,0,(LPTHREAD_START_ROUTINE)lpcode,lpdata,0,NULL);

	WaitForSingleObject(hremotethread,INFINITE);



    CloseHandle(hand);

	CloseHandle(hremotethread);







}