问题描述
您好,我试图将一个显示.Message框的小.exe注入另一个进程,但是每次我调用CreateRemoteThread时,该进程都会崩溃。 我已经看到其他人使用Get / Set Context执行他们的exe并尝试做同样的事情,除了我尝试使用CreateRemoteThread: https://www.youtube.com/watch?v=bQWRW0VUXR4 CreateRemoteThread不会返回错误,所以知道我做错了什么吗?
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
char * load(char* File)
{
FILE * f = fopen(File,"rb");
fseek(f,SEEK_END);
int x = ftell(f);
fseek(f,SEEK_SET);
char * Buff = malloc(x);
x = fread(Buff,1,x,f);
printf("%d Bytes gelesen!",x);
return Buff;
}
int main(int argc,char **argv)
{
void* Base = load("Injection.exe");
IMAGE_DOS_HEADER * hDOS = Base;
IMAGE_NT_HEADERS * hNT = Base + hDOS->e_lfanew;
STARTUPINFOA SI;
PROCESS_INFORMATION PI;
ZeroMemory(&SI,sizeof(SI));
ZeroMemory(&PI,sizeof(PI));
if (!CreateProcessA("Test.exe",NULL,CREATE_NEW_CONSOLE,&SI,&PI))
printf("\n\nERROR CREATING PROCESS: %d",GetLastError());
HANDLE hProc = PI.hProcess;
BYTE * ImageBase = VirtualAllocEx(hProc,hNT->OptionalHeader.SizeOfImage,MEM_RESERVE|MEM_COMMIT,PAGE_EXECUTE_READWRITE);
printf("\nAllocated Base: %p",ImageBase);
int NoS = hNT->FileHeader.NumberOfSections;
int OHSize = hNT->FileHeader.SizeOfOptionalHeader;
printf("\nNumber of Sections: %d",NoS);
printf("\nSize of Optional Headers %d",OHSize);
IMAGE_SECTION_HEADER * SEC = (hDOS->e_lfanew + Base + sizeof(IMAGE_FILE_HEADER) + 4 + hNT->FileHeader.SizeOfOptionalHeader);
for (int i = 0; i <= NoS; i++)
{
printf("\nSECTION NUMBER: %d NAME: %s",i,SEC[i].Name);
SIZE_T BW;
if (0 == WriteProcessMemory(hProc,(ImageBase+SEC[i].VirtualAddress),(Base+ SEC[i].PointerToRawData),SEC[i].SizeOfRawData,&BW))
printf("\nERROR WRITING SECTION: %d",GetLastError());
else
printf(" SIZE: %d WRITTEN: %d",BW);
}
LPTHREAD_START_ROUTINE TA = (hNT->OptionalHeader.AddressOfEntryPoint + ImageBase);
DWORD TID = 0;
if (NULL == CreateRemoteThread(hProc,TA,&TID))
printf("\n\nERROR CREATING THREAD : %d",GetLastError());
else
printf("\n\nSUCESS CREATING THREAD");
getchar();
return 0;
}
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)