积极答复者
大家来看看我这代码哪错了

问题
-
private void Immit(string url, int Id) { IntPtr NewAdd = new IntPtr(); int leng = url.Length + 1; IntPtr proceHandle = new IntPtr(); try { proceHandle = ApiFunction.OpenProcess(0x1F0FFF, false, Id);//进程句柄 //从目标分配空间 NewAdd = ApiFunction.VirtualAllocEx(proceHandle, (IntPtr)null, leng, MEMMessage.MEM_COMMIT, PAGEinfo.PAGE_READWRITE); if (NewAdd == (IntPtr)0) { throw new Exception("分配空间失败"); } //复制DLL到指定空间 bool isok = ApiFunction.WriteProcessMemory(proceHandle, NewAdd, url, leng, 0); if (!isok) { throw new Exception("复制DLL到指定空间失败"); } //得到LoadLibraryA函数地址 IntPtr add = ApiFunction.GetProcAddress(ApiFunction.GetModuleHandle("kernel32.dll"), "LoadLibraryA"); if (add == (IntPtr)0) { throw new Exception("取LoadLibraryA函数地址失败"); } //创建远程线程 IntPtr result = ApiFunction.CreateRemoteThread(proceHandle, 0, 0, add,NewAdd, 0, null); if (result == (IntPtr)0) { throw new Exception("创建远程线程失败"); } ApiFunction.WaitForSingleObject(result, 0xFFFFFFFF); //关键在这,上面已经把DLL注入到目标进程了。 Assembly assembly = Assembly.LoadFile(url); IntPtr MethodAdd = new IntPtr(); Type[] tp = assembly.GetTypes(); for (int i = 0; i < tp.Length; i++) { MethodInfo[] mf = tp[i].GetMethods(); for (int j = 0; j < mf.Length; j++) { string n = mf[j].Name; if (n == "tt")//这里我DLL里面有个tt方法 { RuntimeMethodHandle rmh = mf[i].MethodHandle; MethodAdd = rmh.Value;//得到方法句柄 //在目标进程运行方法 result = ApiFunction.CreateRemoteThread(proceHandle, 0, 0, MethodAdd ,(IntPtr)0, 0, null); break; } } } } catch (Exception ex) { MessageBox.Show(ex.Message, "提示"); } finally { ApiFunction.VirtualFreeEx(proceHandle, NewAdd, leng, MEMMessage.MEM_DECOMMIT); ApiFunction.CloseHandle(proceHandle); } } 运行之后,目标进程提示错误,程序崩溃。
答案
-
就我所知,这是不支持的在.NET的程序中,
这种行为必须具有原生DLL导出到另一个进程中注入需要一个有效的,一致的函数本身调入。这种现象需要一个DLL导出的。NET Framework不支持DLL导出。托管代码没有一个一致的价值函数指针的概念,因为这些函数指针是动态建置的Proxy。
Best regards,
Riquel
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.- 已标记为答案 Riquel_DongModerator 2009年11月9日 1:38
全部回复
-
WriteProcessMemory copies the data from the specified buffer in the current process to the address range of the specified process. Any process that has a handle with PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process to be written to can call the function. Typically but not always, the process with address space that is being written to is being debugged.
The entire area to be written to must be accessible, and if it is not accessible, the function fails.
如果有需求,请调用AdjustTokenPrivileges 或者CreateRestrictedToken去修改目标进程的权限。
估计你对目标进程没有相应的权限。
希望这个文章能帮助你。http://blog.csdn.net/cigogo/archive/2009/04/29/4136590.aspx
月下听禅风疾,篁中论道水湍 -
WriteProcessMemory copies the data from the specified buffer in the current process to the address range of the specified process. Any process that has a handle with PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process to be written to can call the function. Typically but not always, the process with address space that is being written to is being debugged.
Any process that has a handle with PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process to be written to can call the function
月下听禅风疾,篁中论道水湍 -
你好,
看你的代码,你是做DLL注入,你好像是在要执行托管的代码在另外一个进程中,这个一般都是使用Native C++来做的,因为托管的代码都要一个运行时环境,不建议这样做。你最好看一下 chapter21 DLL Injection and API Hooking of Windows Via C/C++在这种情况使用C++来实现这个功能。
Best regards,
Riquel
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
Welcome to the All-In-One Code Framework! If you have any feedback, please tell us. -
就我所知,这是不支持的在.NET的程序中,
这种行为必须具有原生DLL导出到另一个进程中注入需要一个有效的,一致的函数本身调入。这种现象需要一个DLL导出的。NET Framework不支持DLL导出。托管代码没有一个一致的价值函数指针的概念,因为这些函数指针是动态建置的Proxy。
Best regards,
Riquel
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.- 已标记为答案 Riquel_DongModerator 2009年11月9日 1:38