系统64位 Win 10,待注入进程32位,DLL32位,用注入器软件测试已经成功。
自己写的控制台程序调用CreateRemoteThread, 总是返回错误码5,我的控制台程序用Visual Studio编译成x86。
现在全是32位,就操作系统是64位,DLL就是注入不进去。
BOOL InjectDll(void)
{
DWORD pid = 0;
DWORD byWriteSize = NULL;
HANDLE hProcess = NULL;
LPDWORD AddressDW = NULL;
HANDLE threadHandle;
DWORD dwSize = 0;
FARPROC pFuncProcAddr = NULL;
//获取游戏窗口句柄
//HWND Gameh = FindWindow(GameClassName, NULL);
//if (NULL == Gameh) {
// printf("Error FindWindow,%d", GetLastError());
// return FALSE;
//}
根据游戏窗口句柄获取进程PID值
//GetWindowThreadProcessId(Gameh, &pid);
//if (NULL == pid) {
// printf("Error GetWindowThreadProcessId,%d", GetLastError());
// return FALSE;
//}
// 打开注入的进程
hProcess = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_WRITE|PROCESS_VM_OPERATION| PROCESS_QUERY_INFORMATION, FALSE, 13020);
if (NULL == hProcess) {
printf("Error OpenProcess,%d", GetLastError());
return FALSE;
}
//在游戏进程分配一片内存空间
dwSize = 1 + lstrlen(dllFullpath);
AddressDW = (LPDWORD)VirtualAllocEx(hProcess, NULL, dwSize, MEM_COMMIT, PAGE_READWRITE);
if (AddressDW == NULL) {
printf("Error VirtualAllocEx,%d", GetLastError());
return FALSE;
}
// 向申请的内存中写入数据
if (FALSE == WriteProcessMemory(hProcess, AddressDW, "E:\\myproject\\MFC_DLL\\Debug\\MFC_DLL.DLL", dwSize, NULL)) {
printf("Error WriteProcessMemory,%d", GetLastError());
return FALSE;
}
// CreateRemoteThreadc创建远程线程,实现dll注入
//获取LoadLibraryA函数地址
PTHREAD_START_ROUTINE load_start_addr = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryA");
HANDLE hRemoteThread = CreateRemoteThread(hProcess, NULL, 0, load_start_addr, AddressDW, NULL, NULL);
//hRemoteThread 这个总是返回0,GetLastError()总是5
if (NULL == hRemoteThread ) {
printf("Error CreateRemoteThread,%d", GetLastError());
return FALSE;
}
WaitForSingleObject(hRemoteThread , INFINITE);
//GetExitCodeThread(hThread, &hLibModule);
CloseHandle(hProcess);
return TRUE;
}