Dll注入无法加载函数地址
Dll injection cant load a function address
我正在尝试使用 C 中的 dll 注入来挂接键盘。
当我在 KeyboardProc 函数上尝试 GetProcAddress 时,GetProcAddress return NULL 和 GetLastError returns 错误 131。
之后我得到一个 DLL_PROCESS_DETACH。
windows 网站上写着:
ERROR_NEGATIVE_SEEK
131 (0x83)
An attempt was made to move the file pointer before the beginning of the file.
我不明白我的代码有什么问题。
我使用的喷油器:
#include <Windows.h>
#include <stdio.h>
int main(int argc, char *argv[])
{
HMODULE dll = LoadLibrary((LPCSTR) "dll.dll");
if (dll == NULL)
{
printf("The DLL could not be found.\n");
FreeLibrary(dll);
return -1;
}
printf("The DLL was found.\n");
HOOKPROC addr = (HOOKPROC)GetProcAddress(dll, "KeyboardProc");
if (addr == NULL)
{
printf("The function was not found.\n");
FreeLibrary(dll);
return -1;
}
printf("The function was found.\n");
HHOOK handle = SetWindowsHookEx(WH_KEYBOARD, addr, dll, 0);
if (handle == NULL)
{
printf("The KEYBOARD could not be hooked.\n");
FreeLibrary(dll);
}
printf("Program successfully hooked.\nPress enter to unhook the function and stop the program.\n");
getchar();
UnhookWindowsHookEx(handle);
FreeLibrary(dll);
return 0;
}
我正在使用的 dll:
#include <windows.h>
#include <stdio.h>
INT APIENTRY DllMain(HMODULE hDLL, DWORD Reason, LPVOID Reserved)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
MessageBox(0, (LPCSTR) "DLL attach function called.", (LPCSTR) "Dll injection", MB_OK);
break;
case DLL_PROCESS_DETACH:
MessageBox(0, (LPCSTR) "DLL detach function called.", (LPCSTR) "Dll injection", MB_OK);
break;
case DLL_THREAD_ATTACH:
MessageBox(0, (LPCSTR) "DLL thread attach function called.", (LPCSTR) "Dll injection", MB_OK);
break;
case DLL_THREAD_DETACH:
MessageBox(0, (LPCSTR) "DLL thread detach function called..", (LPCSTR) "Dll injection", MB_OK);
break;
}
return TRUE;
}
extern __declspec(dllexport) LRESULT CALLBACK KeyboardProc(int code, WPARAM wParam, LPARAM lParam)
{
if (code < 0)
{
return CallNextHookEx(NULL, code, wParam, lParam);
}
FILE *LOG;
LOG = fopen("LOG.txt", "a+");
if (wParam == WM_KEYDOWN)
{
fputs((char *)lParam, LOG);
fclose(LOG);
}
return CallNextHookEx(NULL, code, wParam, lParam);
}
我正在使用 win10 和 mingw。
注入器和dll都被编译成C.
问题很简单:
extern __declspec(dllexport) LRESULT CALLBACK KeyboardProc(int code, WPARAM wParam, LPARAM lParam)
很可能是在 cpp
文件中定义的,因此它是 C++ 函数。允许函数重载的 C++ 正在使用 name mangling,因此您的函数在一个名称下可见,该名称是重整的结果。
您必须强制它成为一个 C
函数,以便禁用名称修改。
因此添加 extern "C"
或使源代码具有 C
特定扩展名(将其编译为 C 代码)。您的代码是纯粹的 C
.
我正在尝试使用 C 中的 dll 注入来挂接键盘。 当我在 KeyboardProc 函数上尝试 GetProcAddress 时,GetProcAddress return NULL 和 GetLastError returns 错误 131。 之后我得到一个 DLL_PROCESS_DETACH。 windows 网站上写着:
ERROR_NEGATIVE_SEEK
131 (0x83)
An attempt was made to move the file pointer before the beginning of the file.
我不明白我的代码有什么问题。
我使用的喷油器:
#include <Windows.h>
#include <stdio.h>
int main(int argc, char *argv[])
{
HMODULE dll = LoadLibrary((LPCSTR) "dll.dll");
if (dll == NULL)
{
printf("The DLL could not be found.\n");
FreeLibrary(dll);
return -1;
}
printf("The DLL was found.\n");
HOOKPROC addr = (HOOKPROC)GetProcAddress(dll, "KeyboardProc");
if (addr == NULL)
{
printf("The function was not found.\n");
FreeLibrary(dll);
return -1;
}
printf("The function was found.\n");
HHOOK handle = SetWindowsHookEx(WH_KEYBOARD, addr, dll, 0);
if (handle == NULL)
{
printf("The KEYBOARD could not be hooked.\n");
FreeLibrary(dll);
}
printf("Program successfully hooked.\nPress enter to unhook the function and stop the program.\n");
getchar();
UnhookWindowsHookEx(handle);
FreeLibrary(dll);
return 0;
}
我正在使用的 dll:
#include <windows.h>
#include <stdio.h>
INT APIENTRY DllMain(HMODULE hDLL, DWORD Reason, LPVOID Reserved)
{
switch (Reason)
{
case DLL_PROCESS_ATTACH:
MessageBox(0, (LPCSTR) "DLL attach function called.", (LPCSTR) "Dll injection", MB_OK);
break;
case DLL_PROCESS_DETACH:
MessageBox(0, (LPCSTR) "DLL detach function called.", (LPCSTR) "Dll injection", MB_OK);
break;
case DLL_THREAD_ATTACH:
MessageBox(0, (LPCSTR) "DLL thread attach function called.", (LPCSTR) "Dll injection", MB_OK);
break;
case DLL_THREAD_DETACH:
MessageBox(0, (LPCSTR) "DLL thread detach function called..", (LPCSTR) "Dll injection", MB_OK);
break;
}
return TRUE;
}
extern __declspec(dllexport) LRESULT CALLBACK KeyboardProc(int code, WPARAM wParam, LPARAM lParam)
{
if (code < 0)
{
return CallNextHookEx(NULL, code, wParam, lParam);
}
FILE *LOG;
LOG = fopen("LOG.txt", "a+");
if (wParam == WM_KEYDOWN)
{
fputs((char *)lParam, LOG);
fclose(LOG);
}
return CallNextHookEx(NULL, code, wParam, lParam);
}
我正在使用 win10 和 mingw。 注入器和dll都被编译成C.
问题很简单:
extern __declspec(dllexport) LRESULT CALLBACK KeyboardProc(int code, WPARAM wParam, LPARAM lParam)
很可能是在 cpp
文件中定义的,因此它是 C++ 函数。允许函数重载的 C++ 正在使用 name mangling,因此您的函数在一个名称下可见,该名称是重整的结果。
您必须强制它成为一个 C
函数,以便禁用名称修改。
因此添加 extern "C"
或使源代码具有 C
特定扩展名(将其编译为 C 代码)。您的代码是纯粹的 C
.