zdalne watki

0

witam
Wykorzystuje CreateRemoteThread do uruchomienia swojego kodu znajdujacego sie w dll'ce w obcym procesie...Niestety dll'ka po zaladowaniu nie uruchamia MessageBox'a.
Biblioteka laduje sie do procesu na 100% poniewaz sprawdzam to Process Explorerem,takze widac ja na liscie modulow.

#include <stdio.h>
#include <windows.h>
#include "injector.h"


int main(int argc, char** argv)
{
	char dll[]={"C:\\Dev-Cpp\\dllka.dll"};
	DWORD pass=0;
	HWND wnd=0;
                   

		wnd = FindWindow(NULL,"Form1");
		if(!wnd)
		{
			wnd = GetForegroundWindow();
		}
		InjectLibrary(wnd,pass,dll);

	return 1;
}

injector.h

BOOL InjectLibrary(HWND wnd, DWORD dwProcessId, char * szInjectDll )
{
	LPVOID 	lpRemoteAddress 	= 0;
	HANDLE 	hProcess 			= 0;
	HANDLE 	hRemoteThread		= 0;
	HMODULE hKernel32 			= 0;
	DWORD	dwSize				= strlen(szInjectDll);
	DWORD	dwSizeWritten		= 0; 
	BOOL	bInjected			= 0;
	HINSTANCE remotemodule;
        DWORD  hLibModule = 0;
	if(IsWindow(wnd))
	{
		GetWindowThreadProcessId(wnd, &dwProcessId);//we need the processid
	}
	hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);//so we can open it
	lpRemoteAddress = VirtualAllocEx(hProcess, NULL, dwSize, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);//allocate a buffer in the remote process
	bInjected = WriteProcessMemory(hProcess, lpRemoteAddress, (LPVOID)szInjectDll, dwSize, &dwSizeWritten);//write the dll name in it
	if(bInjected)
	{
	       	hKernel32 = GetModuleHandle("KERNEL32.DLL");//get handle to this module
		if(!hKernel32)
		{
			hKernel32 = GetModuleHandle("kernel32.dll");
		}											//cause we want the function "LoadLibrary"..now create remote thread, that loads our dll, and starts its thread
		hRemoteThread = CreateRemoteThread(hProcess,NULL,0,
                  (LPTHREAD_START_ROUTINE)GetProcAddress(hKernel32, "LoadLibraryA"),
                  lpRemoteAddress,
                   0,
                   NULL);
              WaitForSingleObject(hRemoteThread,INFINITE);


	}
        	return bInjected;//exit and return true if we could load it
}

dllka.dll

BOOL WINAPI DllMain(HINSTANCE hInst     /* Library instance handle. */ ,
                       DWORD reason        /* Reason this function is being called. */ ,
                       LPVOID reserved     /* Not used. */ )
{
    
    switch (reason)
    {
      case DLL_PROCESS_ATTACH:
        MessageBox(NULL,"aa","aa",0);
        break;

      case DLL_PROCESS_DETACH:
       
        break;

      case DLL_THREAD_ATTACH:
      
        break;

      case DLL_THREAD_DETACH:
      
        break;
    }

    /* Returns TRUE on success, FALSE on failure */
    return 1;
}

:|

0

Sprawdziłem ten kod u siebie i wszystko działa, włącznie z Messagebox'em. Może wina kompilatora? (Ja używam Visual C++)

1 użytkowników online, w tym zalogowanych: 0, gości: 1