开发者

C++ Dll Injection

问答 作者:

I would really appreciate your help in this.

I have been trying to get a Dll injected into a remote process and do a few changes inside it, the problem I'm encountering right n开发者_如何学编程ow is i don't know how to get this going.

So first, here is my piece of code that I have developed so far:

dllmain.cpp

#include <windows.h>
#include <stdio.h>

BOOL APIENTRY DllMain (HINSTANCE hInst     /* Library instance handle. */ ,
                       DWORD reason        /* Reason this function is being called. */ ,
                       LPVOID reserved     /* Not used. */ )
{
switch (reason)
    {
      case DLL_PROCESS_ATTACH:
           MessageBox (0, "From DLL\n", "Process Attach", MB_ICONINFORMATION);
        break;

      case DLL_PROCESS_DETACH:
           MessageBox (0, "From DLL\n", "Process Detach", MB_ICONINFORMATION);
        break;

      case DLL_THREAD_ATTACH:
           MessageBox (0, "From DLL\n", "Thread Attach", MB_ICONINFORMATION);
        break;

      case DLL_THREAD_DETACH:
           MessageBox (0, "From DLL\n", "Thread Detach", MB_ICONINFORMATION);
        break;
    }  

    return TRUE;
}

It simply displays a message box depending on the conditions it meets. Now what I would like my Dll to do is, after being injected into the remote process, I would like it to write a memory location and change it's value.

Data type: Unsigned Short Int

Memory location: 0041D090

I hope everything is clear, Thank you for your patience, help is appreciated.

You don't have to write a DLL to change another process's memory at a fixed address. You can use WriteProcessMemory().

However... The way to inject a DLL into another process is the following...

  1. Use VirtualAllocEx() to allocate the length of the file path to the DLL inside the target process's memory... This is like remotely doing a malloc.

  2. Use WriteProcessMemory() to copy the file path to the DLL into what was returned from the previous step. This is like remotely doing a strcpy.

  3. Use CreateRemoteThread(). You can point it at LoadLibrary() as the entry point and the file path from steps 1 and 2 as the argument. That's a bit hacky, to be honest, but if you are injecting a DLL you're already being quite hacky. Another technique would be to use steps 1 & 2 to load some machine code into the remote proceess and point it at that.

Keep in mind that this technique is a great way to destabilize the target process. In particular, this isn't something I'd do in a product that ends up getting shipped to others.

继续阅读:code-injectionprocess

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9