我是新的DLL注入,我正在努力学习如何做。我从http://www.mpgh.net/forum/showthread.php?t=209479找到了一个DLL注入器源代码。我试着把代码从C翻译成python:
from ctypes import *
def dllinjector(processID, DLL_NAME):
PROCESS_CREATE_THREAD = 0x0002
PROCESS_QUERY_INFORMATION = 0x0400
PROCESS_VM_OPERATION = 0x0008
PROCESS_VM_WRITE = 0x0020
PROCESS_VM_READ = 0x0010
openHandle = windll.kernel32.OpenProcess(PROCESS_CREATE_THREAD|
PROCESS_QUERY_INFORMATION|
PROCESS_VM_OPERATION|
PROCESS_VM_WRITE|
PROCESS_VM_READ, False, processID)
MEM_RESERVE = 0x00002000
MEM_COMMIT = 0x00001000
PAGE_READWRITE = 0x04
if not openHandle:
print("OpenProcess failed.")
return False
print("Successfully opened process.")
LoadLibAddy = windll.kernel32.GetProcAddress(windll.kernel32.GetModuleHandleW("kernel32.dll"), "LoadLibraryA");
# Allocate space in the process for the dll
RemoteString = windll.kernel32.VirtualAllocEx(openHandle, None, len(DLL_NAME), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE)
if not RemoteString:
print("VirtualAllocEx failed.")
return False
# Write the string name of the dll in the memory allocated
if not windll.kernel32.WriteProcessMemory(openHandle, RemoteString, DLL_NAME, len(DLL_NAME), None):
print("WriteProcessMemory failed.")
print(windll.kernel32.GetLastError())
return False
#Load the dll
#print(windll.kernel32.CreateRemoteThread(openHandle, None, None, LoadLibAddy, RemoteString, None, None))
windll.kernel32.CloseHandle(openHandle)
return True
def main():
processID = 18364
DLL_NAME = "mydll.dll"
#mydll = cdll.LoadLibrary('mydll.dll')
dllinjector(processID, DLL_NAME)
print("program completed.")
main()
我遇到的问题是,当我调用WriteProcessMemory时,它返回0。我已经阅读了这些文档,根据它们,如果出现错误,函数将返回0,并且它说要使用GetLastError函数来获取更多信息。但是,当我调用GetLastError时,显示的是0。还有,当我打电话的时候windll.kernel32号.CreateRemoteThread(openHandle,None,None,LoadLibAddy,RemoteString,None,None)我正试图将dll插入的程序(小算盘)崩溃(我假设是因为WriteProcessMemory不工作,但我不确定)。如果有人能向我解释为什么WriteProcessMemory不起作用,我将不胜感激。在
目前没有回答
相关问题 更多 >
编程相关推荐