关于DLL注入的一个问题
最近在学DLL的注入,自己试着按书上说的用个系统的钩子来注入DLL到指定的程序,但是注入之后会令到被注入的程序产生错误无法运行,请各位帮忙看看代码有没有什么错误。
#include "stdafx.h"
HHOOK hhk = NULL;
HMODULE hMod = NULL;
HINSTANCE hinstDll = NULL;
bool bHook = false;
bool bInject = false;
BYTE oldCode[5];
BYTE newCode[5];
DWORD dwPid;
DWORD dwTid;
HWND hwnd;
HANDLE hProcess = NULL;
typedef int (WINAPI *AddProc)(int a,int b);
AddProc add;
FARPROC pfadd;
LRESULT CALLBACK GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam)
{
return CallNextHookEx(hhk,nCode,wParam,lParam);
}
void HookOn()
{
DWORD dwTemp = 0;
DWORD dwOldProtect;
if (hProcess != NULL)
{
VirtualProtectEx(hProcess,pfadd,5,PAGE_READWRITE,&dwOldProtect);
WriteProcessMemory(hProcess,pfadd,newCode,5,0);
VirtualProtectEx(hProcess,pfadd,5,dwOldProtect,&dwTemp);
bHook = true;
}
}
void HookOff()
{
DWORD dwTemp = 0;
DWORD dwOldProtect;
if (hProcess != NULL)
{
VirtualProtectEx(hProcess,pfadd,5,PAGE_READWRITE,&dwOldProtect);
WriteProcessMemory(hProcess,pfadd,oldCode,5,0);
VirtualProtectEx(hProcess,pfadd,5,dwOldProtect,&dwTemp);
bHook = false;
}
}
int WINAPI Myadd(int a,int b)
{
a = a+1;
b = b+1;
HookOff();
int c;
c = add(a,b);
HookOn();
return c;
}
bool inject()
{
if(!bInject)
{
hMod = LoadLibrary(_T("add.dll"));
add = (AddProc)GetProcAddress(hMod,"add");
pfadd = (FARPROC)add;
if (pfadd == NULL)
{
MessageBox(NULL,_T("cannot locate add()"),_T("ERROR"),MB_ICONERROR);
}
bInject = true;
_asm
{
lea edi,oldCode
mov esi,pfadd
cld
movsd
movsb
}
newCode[0] = 0xe9;//实际上0xe9就相当于jmp指令
//获取Myadd()的相对地址
_asm
{
lea eax,Myadd
mov ebx,pfadd
sub eax,ebx
sub eax,5
mov dword ptr [newCode+1],eax
}
HookOn();
}
return true;
}
BOOL InstallHook()
{
hwnd = FindWindow(NULL,_T("Addhook"));
if (hwnd != NULL)
{
dwTid = GetWindowThreadProcessId(hwnd,&dwPid);
hProcess = OpenProcess(PROCESS_ALL_ACCESS,0,dwPid);
}
else
{
MessageBox(NULL,_T("找不到指定的窗口"),_T("提示"),MB_OK);
return FALSE;
}
hinstDll = LoadLibrary(_T("MyHook.dll"));
hhk = SetWindowsHookEx(WH_GETMESSAGE,GetMsgProc,hinstDll,dwTid);
if(!hhk)
{
MessageBox(NULL,_T("SETERROR"),_T("ERROR"),MB_OK);
return FALSE;
}
inject();
return TRUE;
}
BOOL UninstallHook()
{
if (bHook)
{
HookOff();
}
return UnhookWindowsHookEx(hhk);
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
[解决办法]
MessageBox跳出来没?另外lz麻烦用Code把代码包起来啊.... 直接看好累的.... 另外你先检查下汇编指令写对了没,还有就是可以每隔几句就加个MessageBox定位一下出错点啊
[解决办法]
看起来应该没有问题啊
