-
-
[求助]x64下FreeLibrary失败
-
发表于: 2014-3-10 09:18
-
x64 下注入dll成功,但是无法卸载dll
注入自己的程序后也是无法卸载
但是自己的程序直接调用 FreeLibrary 是可以成功卸载的
是远程卸载的参数有问题吗?
注入自己的程序后也是无法卸载
但是自己的程序直接调用 FreeLibrary 是可以成功卸载的
是远程卸载的参数有问题吗?
HMODULE baseModule = GetModuleHandle(_T("HK_CF.dll"));
LPVOID pRemoteModule = VirtualAllocEx(hRemoteProcess, NULL, sizeof(HMODULE), MEM_COMMIT, PAGE_READWRITE);
if (pRemoteModule == NULL)
{
printf("VirtualAllocEx error\n");
return -3;
}
DWORD Size;
SIZE_T sSize;
if (WriteProcessMemory(hRemoteProcess, pRemoteModule, &baseModule, sizeof(HMODULE), &sSize) == NULL)
{
printf("WriteProcessMemory error\n");
return -4;
}
//取得目标进程的的FreeLibrary API内存地址
LPTHREAD_START_ROUTINE pFreeLibrary = (LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "FreeLibrary");
if (pFreeLibrary == NULL)
{
printf("GetProcAddress error\n");
return -5;
}
else
{
printf("LoadLibrary's Address is 0x%x\n\n", pFreeLibrary);
}
HANDLE hThread = NULL;
hThread = CreateRemoteThread(hRemoteProcess, NULL, NULL, pFreeLibrary, pRemoteModule, 0, NULL);
if(hThread == NULL)
{
printf("Uninstall error\n");
return -6;
}
GetExitCodeThread(hThread, &dwThreadRet);
CloseHandle(hThread);
//释放分配内存
if (VirtualFreeEx(hRemoteProcess, pRemoteModule, 0, MEM_RELEASE) == 0)//释放内存
{
printf("VitualFreeEx error\n");
return -8;
}
//释放句柄
if (hRemoteProcess != NULL) CloseHandle(hRemoteProcess);
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
感谢,一直误以为要把句柄也写入目标程序才能调用
原来可以直接传入,小弟学艺不经,感谢指点!  
|
