我想我的代码现在终于可以工作了。唯一的问题是,由于某种原因,即使我使用 PROCESS_ALL_ACCESS 打开了进程,CreateRemoteThread 也会抛出错误:ERROR_ACCESS_DENIED。
使用 GetLastError 检索错误并输出“5”,这会转换为 ERROR_ACCESS_DENIED。
#include <iostream>
#include <windows.h>
#include <TlHelp32.h>
char* dllPath = "C:\\Users\\Kalist\\Desktop\\Projects\\DLL\\bin\\Debug\\DLL.dll";
char* ProcToInject = "calc.exe";
int main(){
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
HANDLE procSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(procSnap == INVALID_HANDLE_VALUE){
std::cout << "Snapshot function failed" << std::endl;
}
DWORD procID = 0;
if(Process32First(procSnap, &pe32)){
do{
if(!strcmp(pe32.szExeFile, ProcToInject)){
procID = pe32.th32ProcessID;
break;
}
}while(Process32Next(procSnap, &pe32));
}
CloseHandle(procSnap);
if(procID != 0){
HANDLE procAccess = OpenProcess(PROCESS_ALL_ACCESS, false, procID);
if(procAccess == NULL){
std::cout << "OpenProcess error: " << GetLastError() << std::endl;
}
LPVOID remoteString = (LPVOID)VirtualAllocEx(procAccess, NULL, strlen(dllPath)+1, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if(remoteString == NULL){
std::cout << "VirtualAllocEx error: " << GetLastError() << std::endl;
}
bool memoryWritten = WriteProcessMemory(procAccess, (LPVOID)remoteString, dllPath, strlen(dllPath)+1, NULL);
if(memoryWritten == 0){
std::cout << "WriteProcessMemory error: " << GetLastError() << std::endl;
}
LPVOID getLibAdd = (LPVOID)GetProcAddress(GetModuleHandle("Kernel32.dll"), "LoadLibraryA");
if(getLibAdd == NULL){
std::cout << "GetProcAddress error: " << GetLastError() << std::endl;
}
HANDLE remoteThread = CreateRemoteThread(procAccess, NULL, 0, (LPTHREAD_START_ROUTINE)getLibAdd, (LPVOID)remoteString, 0, NULL);
if(remoteThread == NULL){
std::cout << "CreateRemoteThread error: " << GetLastError() << std::endl;
}
CloseHandle(procAccess);
}else{
std::cout << "Failed to retrieve procID" << std::endl;
}
}
最佳答案
当您尝试从 32 位进程调用 CreateRemoteThread,但目标进程是 64 位进程时,您会收到此错误。我敢打赌这就是你正在做的事情。
为了注入(inject) 64 位进程,您需要注入(inject)器进程也是 64 位。显然,我相信您已经知道,您注入(inject)的 DLL 也必须是 64 位的。
就其值(value)而言,当您调用OpenProcess时,您不需要要求太多。我相信您需要的是:
PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION
| PROCESS_VM_WRITE | PROCESS_VM_READ
关于c++ - CreateRemoteThread - ERROR_ACCES_DENIED,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31165487/