DLL 注入不断失败并出现不一致的错误
DLL Injection Keeps Failing with Inconsistent Errors
我正在尝试在 C# WPF 应用程序中编写 DLL 注入器。我以前在 Windows Forms 中写过一个 DLL Injector,但是我想从头开始写一个新程序。我以前用许多其他语言编写过很多次 DLL 注入器(使用传统的 VirtualAllocEx / WriteProcessMemory / CreateRemoteThread 方法),但是我 运行 遇到了一些奇怪的问题。我的 DLL 注入器说它成功了,但我的测试程序没有显示任何变化。我用 Marshal.GetLastWin32Error() 做了一些测试,结果 ERROR_FILE_NOT_FOUND VirtualAllocEx、WriteProcessMemory 和 CreateRemoteThread。然后我用 C++ 创建了一个 Injector 来测试 C# 是否是问题所在。当我测试 C++ DLL 注入器时,每个方法都会抛出 ERROR_NO_MORE_FILES 错误。最后,我下载了我的旧 DLL Injector,发现它不再有效了。
我完全不知道问题出在哪里。
C# 注入器代码:
IntPtr handle = OpenProcess(ProcessAccessFlags.All, false, SelectedProcess.Id);
Console.WriteLine("OpenProcess: " + new Win32Exception(Marshal.GetLastWin32Error()).Message); // This does not fail.
foreach (string files in DLLFiles.Items) // Get the files from the ListView control
{
// Allocate memory
IntPtr address = VirtualAllocEx(handle, IntPtr.Zero, (uint)(files.Length + 1), AllocationType.Commit, MemoryProtection.ExecuteReadWrite);
Console.WriteLine("VirtualAllocEx: " + new Win32Exception(Marshal.GetLastWin32Error()).Message);
// Write in memory
if (address != IntPtr.Zero)
{
bool success = WriteProcessMemory(handle, address, Encoding.ASCII.GetBytes(files), files.Length + 1, out IntPtr lpNumberOfBytesWritten);
Console.WriteLine("WriteProcessMemory: " + new Win32Exception(Marshal.GetLastWin32Error()).Message);
if (success)
{
IntPtr module = LoadLibrary("kernel32.dll"); // Get the module
Console.WriteLine("LoadLibrary: " + new Win32Exception(Marshal.GetLastWin32Error()).Message);
IntPtr LoadLib = GetProcAddress(module, "LoadLibraryA"); // Get the address of the function
Console.WriteLine("GetProcAddress: " + new Win32Exception(Marshal.GetLastWin32Error()).Message);
// Create a remote thread in the target process
IntPtr thread_handle = CreateRemoteThread(handle, IntPtr.Zero, 0, LoadLib, address, 0, out IntPtr lpThreadId);
Console.WriteLine("CreateRemoteThread: " + new Win32Exception(Marshal.GetLastWin32Error()).Message);
if (thread_handle == IntPtr.Zero)
{
Console.Write("[");
Console.ForegroundColor = ConsoleColor.Red;
Console.Write(files);
Console.ResetColor();
Console.WriteLine("] Injection Failed: " + new Win32Exception(Marshal.GetLastWin32Error()).Message);
}
else
{
Console.Write("[");
Console.ForegroundColor = ConsoleColor.Cyan;
Console.Write(files);
Console.ResetColor();
Console.WriteLine("] Injected Successfully.");
}
}
}
}
在运行之后,Console说注入成功,但错误输出仍然显示:
The system cannot find the file specified.
C++ 注入器代码:
#include <windows.h>
#include <iostream>
#include <string>
int main() {
DWORD pid = 25860; // Hardcoded for testing purposes.
std::string str;
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); // Get the process handle
std::cout << handle << std::endl;
std::cout << "Error: " << GetLastError() << std::endl;
LPVOID addr = VirtualAllocEx(handle, NULL, sizeof("C:\Users\BenHerebefore\source\repos\InjectionTest\InjectionTest\InjectionTest.dll") + 1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
std::cout << addr << std::endl;
std::cout << "Error: " << GetLastError() << std::endl;
BOOL success = WriteProcessMemory(handle, addr, "C:\Users\BenHerebefore\source\repos\InjectionTest\InjectionTest\InjectionTest.dll", sizeof("C:\Users\BenHerebefore\source\repos\InjectionTest\InjectionTest\InjectionTest.dll") + 1, NULL);
std::cout << success << std::endl;
std::cout << "Error: " << GetLastError() << std::endl;
HMODULE module = LoadLibrary("kernel32");
std::cout << module << std::endl;
std::cout << "Error: " << GetLastError() << std::endl;
FARPROC proc = GetProcAddress(module, "LoadLibraryA");
std::cout << proc << std::endl;
std::cout << "Error: " << GetLastError() << std::endl;
HANDLE test = CreateRemoteThread(handle, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(LoadLibrary("kernel32"), "LoadLibrary"), addr, 0, NULL);
std::cout << test << std::endl;
std::cout << "Error: " << GetLastError() << std::endl;
std::getline(std::cin, str);
}
C++ 注入器在每一行后显示 Error: 18。 CreateRemoteThread returns 0 的结果和消息是 Error: 5。我以管理员身份尝试 运行 该程序,但仍然无法正常工作。
我完全不知道问题出在哪里。
根据Nina的回答,我编译有误。谢谢,妮娜!
Is your injector/dll the same architecture as the process you are injecting into? For example, if you are injecting into a 64bit process, your dll and your injector should be compiled as x64. Likewsie if it's x86 or WOW64 it should be compiled accordingly.
我正在尝试在 C# WPF 应用程序中编写 DLL 注入器。我以前在 Windows Forms 中写过一个 DLL Injector,但是我想从头开始写一个新程序。我以前用许多其他语言编写过很多次 DLL 注入器(使用传统的 VirtualAllocEx / WriteProcessMemory / CreateRemoteThread 方法),但是我 运行 遇到了一些奇怪的问题。我的 DLL 注入器说它成功了,但我的测试程序没有显示任何变化。我用 Marshal.GetLastWin32Error() 做了一些测试,结果 ERROR_FILE_NOT_FOUND VirtualAllocEx、WriteProcessMemory 和 CreateRemoteThread。然后我用 C++ 创建了一个 Injector 来测试 C# 是否是问题所在。当我测试 C++ DLL 注入器时,每个方法都会抛出 ERROR_NO_MORE_FILES 错误。最后,我下载了我的旧 DLL Injector,发现它不再有效了。
我完全不知道问题出在哪里。
C# 注入器代码:
IntPtr handle = OpenProcess(ProcessAccessFlags.All, false, SelectedProcess.Id);
Console.WriteLine("OpenProcess: " + new Win32Exception(Marshal.GetLastWin32Error()).Message); // This does not fail.
foreach (string files in DLLFiles.Items) // Get the files from the ListView control
{
// Allocate memory
IntPtr address = VirtualAllocEx(handle, IntPtr.Zero, (uint)(files.Length + 1), AllocationType.Commit, MemoryProtection.ExecuteReadWrite);
Console.WriteLine("VirtualAllocEx: " + new Win32Exception(Marshal.GetLastWin32Error()).Message);
// Write in memory
if (address != IntPtr.Zero)
{
bool success = WriteProcessMemory(handle, address, Encoding.ASCII.GetBytes(files), files.Length + 1, out IntPtr lpNumberOfBytesWritten);
Console.WriteLine("WriteProcessMemory: " + new Win32Exception(Marshal.GetLastWin32Error()).Message);
if (success)
{
IntPtr module = LoadLibrary("kernel32.dll"); // Get the module
Console.WriteLine("LoadLibrary: " + new Win32Exception(Marshal.GetLastWin32Error()).Message);
IntPtr LoadLib = GetProcAddress(module, "LoadLibraryA"); // Get the address of the function
Console.WriteLine("GetProcAddress: " + new Win32Exception(Marshal.GetLastWin32Error()).Message);
// Create a remote thread in the target process
IntPtr thread_handle = CreateRemoteThread(handle, IntPtr.Zero, 0, LoadLib, address, 0, out IntPtr lpThreadId);
Console.WriteLine("CreateRemoteThread: " + new Win32Exception(Marshal.GetLastWin32Error()).Message);
if (thread_handle == IntPtr.Zero)
{
Console.Write("[");
Console.ForegroundColor = ConsoleColor.Red;
Console.Write(files);
Console.ResetColor();
Console.WriteLine("] Injection Failed: " + new Win32Exception(Marshal.GetLastWin32Error()).Message);
}
else
{
Console.Write("[");
Console.ForegroundColor = ConsoleColor.Cyan;
Console.Write(files);
Console.ResetColor();
Console.WriteLine("] Injected Successfully.");
}
}
}
}
在运行之后,Console说注入成功,但错误输出仍然显示:
The system cannot find the file specified.
C++ 注入器代码:
#include <windows.h>
#include <iostream>
#include <string>
int main() {
DWORD pid = 25860; // Hardcoded for testing purposes.
std::string str;
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); // Get the process handle
std::cout << handle << std::endl;
std::cout << "Error: " << GetLastError() << std::endl;
LPVOID addr = VirtualAllocEx(handle, NULL, sizeof("C:\Users\BenHerebefore\source\repos\InjectionTest\InjectionTest\InjectionTest.dll") + 1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
std::cout << addr << std::endl;
std::cout << "Error: " << GetLastError() << std::endl;
BOOL success = WriteProcessMemory(handle, addr, "C:\Users\BenHerebefore\source\repos\InjectionTest\InjectionTest\InjectionTest.dll", sizeof("C:\Users\BenHerebefore\source\repos\InjectionTest\InjectionTest\InjectionTest.dll") + 1, NULL);
std::cout << success << std::endl;
std::cout << "Error: " << GetLastError() << std::endl;
HMODULE module = LoadLibrary("kernel32");
std::cout << module << std::endl;
std::cout << "Error: " << GetLastError() << std::endl;
FARPROC proc = GetProcAddress(module, "LoadLibraryA");
std::cout << proc << std::endl;
std::cout << "Error: " << GetLastError() << std::endl;
HANDLE test = CreateRemoteThread(handle, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(LoadLibrary("kernel32"), "LoadLibrary"), addr, 0, NULL);
std::cout << test << std::endl;
std::cout << "Error: " << GetLastError() << std::endl;
std::getline(std::cin, str);
}
C++ 注入器在每一行后显示 Error: 18。 CreateRemoteThread returns 0 的结果和消息是 Error: 5。我以管理员身份尝试 运行 该程序,但仍然无法正常工作。
我完全不知道问题出在哪里。
根据Nina的回答,我编译有误。谢谢,妮娜!
Is your injector/dll the same architecture as the process you are injecting into? For example, if you are injecting into a 64bit process, your dll and your injector should be compiled as x64. Likewsie if it's x86 or WOW64 it should be compiled accordingly.