C将EXE注入另一个进程的问题

编程问答 2022-08-12

问题描述

您好,我试图将一个显示.Message框的小.exe注入另一个进程,但是每次我调用CreateRemoteThread时,该进程都会崩溃。 我已经看到其他人使用Get / Set Context执行他们的exe并尝试做同样的事情,除了我尝试使用CreateRemoteThread: https://www.youtube.com/watch?v=bQWRW0VUXR4 CreateRemoteThread不会返回错误,所以知道我做错了什么吗?

#include <stdio.h>
#include <stdlib.h>
#include <windows.h>

char * load(char* File)
{
    FILE * f = fopen(File,"rb");
    fseek(f,SEEK_END);
    int x = ftell(f);
    fseek(f,SEEK_SET);
    
    char * Buff = malloc(x);
    x = fread(Buff,1,x,f);
    printf("%d Bytes gelesen!",x);
    return Buff;
}
    
int main(int argc,char **argv)
{
    void* Base = load("Injection.exe");
    IMAGE_DOS_HEADER * hDOS = Base;
    IMAGE_NT_HEADERS * hNT = Base + hDOS->e_lfanew;

    STARTUPINFOA SI;
    PROCESS_INFORMATION PI;
    ZeroMemory(&SI,sizeof(SI));
    ZeroMemory(&PI,sizeof(PI));
    
    if (!CreateProcessA("Test.exe",NULL,CREATE_NEW_CONSOLE,&SI,&PI))
        printf("\n\nERROR CREATING PROCESS: %d",GetLastError());
        HANDLE hProc = PI.hProcess;

    BYTE * ImageBase = VirtualAllocEx(hProc,hNT->OptionalHeader.SizeOfImage,MEM_RESERVE|MEM_COMMIT,PAGE_EXECUTE_READWRITE);
    printf("\nAllocated Base: %p",ImageBase);

    int NoS = hNT->FileHeader.NumberOfSections;
    int OHSize = hNT->FileHeader.SizeOfOptionalHeader;
    printf("\nNumber of Sections: %d",NoS);
    printf("\nSize of Optional Headers %d",OHSize);
  
  
    IMAGE_SECTION_HEADER * SEC = (hDOS->e_lfanew + Base + sizeof(IMAGE_FILE_HEADER) + 4 + hNT->FileHeader.SizeOfOptionalHeader);
    for (int i = 0; i <= NoS; i++)
    {
        printf("\nSECTION NUMBER: %d NAME: %s",i,SEC[i].Name);
        SIZE_T BW;
        if (0 == WriteProcessMemory(hProc,(ImageBase+SEC[i].VirtualAddress),(Base+ SEC[i].PointerToRawData),SEC[i].SizeOfRawData,&BW))
            printf("\nERROR WRITING SECTION: %d",GetLastError());
        else 
            printf("  SIZE: %d  WRITTEN: %d",BW);
            
    }
    


    LPTHREAD_START_ROUTINE TA = (hNT->OptionalHeader.AddressOfEntryPoint + ImageBase);
    DWORD TID = 0;

    if (NULL == CreateRemoteThread(hProc,TA,&TID)) 
        printf("\n\nERROR CREATING THREAD : %d",GetLastError());
    else 
        printf("\n\nSUCESS CREATING THREAD");
    
    getchar();
    
    return 0;
}

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

cportable-executable

相关问答

matplotlib报错:AttributeError: module 'backend_interagg' has no attribute 'FigureCanvas'. Did you mean: 'FigureCanvasAgg'?
使用本地python环境可以成功执行 import pandas as pd impor...
gitlab登录失败,报错:This challenge page was accidentally cached by an intermediary and is no longer available.
设置时间 控制面板
后端开发常见错误
错误1:Request method ‘DELETE‘ not supported 错误还原:...
docker常见错误
错误1:启动docker镜像时报错:Error response from daemon:...
idea常见错误
错误1:private field ‘xxx‘ is never assigned 按Alt...
pip安装依赖失败
报错如下,通过源不能下载,最后警告pip需升级版本 Requirem...