如何将DLL加载到用户定义的存储器地址中,或者使用loadlibrary()
函数加载DLL之后是否可以更改DLL地址。
我曾尝试使用VirtualAllocEx()
分配内存地址并将DLL加载到远程进程。 DLL正在加载到远程进程中,但地址不相同。
//virtually allocating the memory address
DWORD *arg = (PDWORD)VirtualAllocEx(process, /*(LPVOID)0x81200000*/0, strlen(buffer), MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE);
if(arg == NULL) {
return 1;
}
//Write the argument to LoadLibraryA to the process's newly allocated memory region.
int n = WriteProcessMemory(process, arg, buffer, strlen(buffer), NULL);
if(n == 0) {
return 1;
}
//Inject our DLL into the process's address space.
HANDLE threadID = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)address, arg, NULL, NULL);
我也尝试过使用rebaseimage()
函数,但在加载DLL之后更改了内存地址。
//rebaseimage function to change the base address of the DLL
ret = ReBaseImage("WinMemoryDLL.dll","",TRUE,TRUE,FALSE,0,&OldImage,&OldImageBase,&NewImageSize,&NewImageBase,0);
hinstLib = LoadLibrary(TEXT("WinMemoryDLL.dll"));
您可能需要为您的dll禁用/ DYNAMICBASE,以防止Windows为它选择另一个地址。