1
我有一個簡單的DLL,我注入內部記事本僅用於測試目的。 我對噴油器的代碼是這樣的:DLL注入和訪問衝突
uses
Windows;
var
BytesWritten: cardinal;
PID, Process, Thread, ThreadId, hKernel: dword;
pLoadLibrary, Paramaters: pointer;
DLL: AnsiString;
begin
DLL := 'C:\test.dll'; // Must be full path name.
PID := 3160;
Process := OpenProcess(PROCESS_ALL_ACCESS,
False,
PID);
Paramaters := VirtualAllocEx(Process,
nil,
Length(DLL),
MEM_COMMIT,
PAGE_EXECUTE_READWRITE);
WriteProcessMemory(Process,
Paramaters,
PAnsiChar(DLL),
Length(DLL),
BytesWritten);
hKernel := GetModuleHandle('KERNEL32.DLL');
pLoadLibrary := GetProcAddress(hKernel,
'LoadLibraryA');
Thread := CreateRemoteThread(Process,
nil,
0,
pLoadLibrary,
Paramaters,
0,
ThreadId);
WaitForSingleObject(Thread, INFINITE);
VirtualFreeEx(Process,
Paramaters,
0,
MEM_RELEASE);
CloseHandle(Thread);
CloseHandle(Process);
end.
我的DLL的代碼是簡單的像這樣的:
uses
SysUtils,
Classes,
Windows;
{$R *.res}
procedure EntryPoint(Reason: dword); stdcall;
begin
if Reason = DLL_PROCESS_ATTACH then
begin
MessageBox(0, 'DLL Injected', 'DLL Injected', 0);
end;
end;
begin
DLLProc:= @EntryPoint;
EntryPoint(DLL_PROCESS_ATTACH);
end.
當我在記事本進程注入DLL,我得到的消息框在說DLL注入,但幾秒鐘後它崩潰說: 例外模塊test.dll在00FFE102 EAccessViolation。 地址爲00FFF102的訪問衝突。寫入地址00FFF102。 我使用Delphi 2010,Windows 7 x64,管理員權限,沒有UAC,記事本和dll都是x32 ...
您沒有爲LoadLibrary調用的'lpFileName'參數的空終止符分配空間。它不會幫助到這個問題,只是說.. –
@Sertac原來是調用約定不匹配,而另一個@運算符的程序變量隱藏問題的案例 –