15,471
社区成员
发帖
与我相关
我的任务
分享紧急求助:win9x中的远线程插入问题
有一问题,在windows下远程线程
程序是想在进程EXPLORER中插入一个DLL.DLL,插入成功后想让其显示一个对话框,结果都不成功,都在最后一句失败:
...........
typedef PVOID (__stdcall *PAlloc) (DWORD);
...............
hRemoteProcess=OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE,FALSE,processid);//processid在程序中已获得,没错
if(!hRemoteProcess)
{
::MessageBox(NULL,"OpenProcess Error!","Error",MB_OK|MB_ICONERROR);
CDialog::OnCancel();
return FALSE;
}
hDll=LoadLibrary("COMCTL32.DLL");
if(!hDll)
{
::MessageBox(NULL,"Load COMCTL32.DLL Error!","Error",MB_OK|MB_ICONERROR);
CDialog::OnCancel();
return 0;
}
pfAlloc=(PAlloc) GetProcAddress(hDll, MAKEINTRESOURCE(71));
if(!pfAlloc)
{
::MessageBox(NULL,"GetProcAddress 71# Error!","Error",MB_OK|MB_ICONERROR);
CDialog::OnCancel();
FreeLibrary(hDll);
return 0;
}
cb = (1 + lstrlen(pszLibFileName)) * sizeof(char);
pszLibFileRemote=pfAlloc(cb);
hRemoteProcess=OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE,FALSE,processid);
iReturnCode = WriteProcessMemory(hRemoteProcess,pszLibFileRemote, (PVOID) pszLibFileName, cb, NULL);
if(!iReturnCode)
{
::MessageBox(NULL,"WriteProcessMemory Error!","Error",MB_OK|MB_ICONERROR);
CDialog::OnCancel();
return 0;
}
hKernel32=LoadLibrary("KERNEL32.DLL");
pfnStartAddr = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryA");
fCreateKernelThread=(PCreateKernelThread) GetProcAddress(hKernel32, "CreateKernelThread");
hThread=fCreateKernelThread(NULL, 0, (PTHREAD_START_ROUTINE)pfnStartAddr,pszLibFileRemote , 0, NULL);//此函数不大会用
if(hThread==0)
::MessageBox(NULL,"线程插入失败!","Error",MB_OK|MB_ICONERROR);
//////////////////////////////////////////
结果每次hThread总是返回0,
//////////////////////////////////////////
我的DLL.DLL非常简单
BOOL APIENTRY DllMain( HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
::MessageBox(NULL,"TEST","TEST",MB_OK);
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
程序是想在进程EXPLORER中插入一个DLL.DLL,插入成功后想让其显示一个对话框,结果都不成功,都在最后一句失败:
...........
typedef PVOID (__stdcall *PAlloc) (DWORD);
...............
hRemoteProcess=OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE,FALSE,processid);//processid在程序中已获得,没错
if(!hRemoteProcess)
{
::MessageBox(NULL,"OpenProcess Error!","Error",MB_OK|MB_ICONERROR);
CDialog::OnCancel();
return FALSE;
}
hDll=LoadLibrary("COMCTL32.DLL");
if(!hDll)
{
::MessageBox(NULL,"Load COMCTL32.DLL Error!","Error",MB_OK|MB_ICONERROR);
CDialog::OnCancel();
return 0;
}
pfAlloc=(PAlloc) GetProcAddress(hDll, MAKEINTRESOURCE(71));
if(!pfAlloc)
{
::MessageBox(NULL,"GetProcAddress 71# Error!","Error",MB_OK|MB_ICONERROR);
CDialog::OnCancel();
FreeLibrary(hDll);
return 0;
}
cb = (1 + lstrlen(pszLibFileName)) * sizeof(char);
pszLibFileRemote=pfAlloc(cb);
hRemoteProcess=OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE,FALSE,processid);
iReturnCode = WriteProcessMemory(hRemoteProcess,pszLibFileRemote, (PVOID) pszLibFileName, cb, NULL);
if(!iReturnCode)
{
::MessageBox(NULL,"WriteProcessMemory Error!","Error",MB_OK|MB_ICONERROR);
CDialog::OnCancel();
return 0;
}
hKernel32=LoadLibrary("KERNEL32.DLL");
pfnStartAddr = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryA");
fCreateKernelThread=(PCreateKernelThread) GetProcAddress(hKernel32, "CreateKernelThread");
hThread=fCreateKernelThread(NULL, 0, (PTHREAD_START_ROUTINE)pfnStartAddr,pszLibFileRemote , 0, NULL);//此函数不大会用
if(hThread==0)
::MessageBox(NULL,"线程插入失败!","Error",MB_OK|MB_ICONERROR);
//////////////////////////////////////////
结果每次hThread总是返回0,
//////////////////////////////////////////
我的DLL.DLL非常简单
BOOL APIENTRY DllMain( HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
::MessageBox(NULL,"TEST","TEST",MB_OK);
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
...全文
请发表友善的回复…
发表回复
wzswgbx 2003-10-05
- 打赏
- 举报
up
