我有一个代码可以将32位库(C ++)注入到外部32位进程中:
[DllImport("kernel32")]
public static extern IntPtr CreateRemoteThread(
IntPtr hProcess,
IntPtr lpThreadAttributes,
uint dwStackSize,
UIntPtr lpStartAddress, // raw Pointer into remote process
IntPtr lpParameter,
uint dwCreationFlags,
out IntPtr lpThreadId
);
...
public static bool InjectDLL(Process p, string dll)
{
IntPtr bytesout;
Int32 LenWrite = dll.Length + 1;
IntPtr AllocMem = (IntPtr)VirtualAllocEx(p.Handle, (IntPtr)null, (uint)LenWrite, 0x1000, 0x40);
WriteProcessMemory(p.Handle, AllocMem, dll, (UIntPtr)LenWrite, out bytesout);
UIntPtr Injector = (UIntPtr)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
IntPtr hThread = (IntPtr)CreateRemoteThread(p.Handle, (IntPtr)null, 0, Injector, AllocMem, 0, out bytesout);
return true;
}
但是如何修复该代码以将64位库注入64位进程?上面的代码不适用于64位进程和dll。
谢谢!
您的injector,您的目标进程和DLL必须全部为x64。
原因是由于此行:
GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
将返回x86 LoadLibrary()的地址,而不是x64地址。