写了个dll远程注入chrome。调用原函数的时候各种崩溃。
我在论坛上找到以前关于NtDeviceIoControlFile,调用原函数都是用汇编代码的。
__asm
{
push OutputBufferLength
push OutputBuffer
push InputBufferLength
push InputBuffer
push IoControlCode
push IoStatusBlock
push ApcContext
push ApcRoutine
push Event
push FileHandle
call s_pfnNtDeviceIoControlFile
mov stat ,eax
}
但是x64编译的话不能直接这么用。又加上对汇编不是很熟悉。所以
就采用如下的方法调用原函数
HookOff;
pppNtDeviceIoControl pppppNtDeviceIoControl = (pppNtDeviceIoControl)::GetProcAddress(::LoadLibrary(L"ntdll.dll"), "NtDeviceIoControlFile");
stat = pppppNtDeviceIoControl(FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, IoControlCode, InputBuffer, InputBufferLength, OutputBuffer, OutputBufferLength);
HookOn;
期间也参考了这位朋友的帖子(https://bbs.pediy.com/thread-213279.htm)。换了Event,还是崩溃。
也曾考虑替换
ApcRoutine。
PIO_APC_ROUTINE myApcRoutine = (PIO_APC_ROUTINE)ApcRoutine;
ApcRoutine = NULL;
ULONG ulReserved = 0;
HookOff;
pppNtDeviceIoControl pppppNtDeviceIoControl = (pppNtDeviceIoControl)::GetProcAddress(::LoadLibrary(L"ntdll.dll"), "NtDeviceIoControlFile");
stat = pppppNtDeviceIoControl(FileHandle, Event, ApcRoutine, ApcContext, IoStatusBlock, IoControlCode, InputBuffer, InputBufferLength, OutputBuffer, OutputBufferLength);
HookOn;
if (myApcRoutine) {
myApcRoutine(ApcContext, IoStatusBlock, ulReserved);
ApcRoutine = (PVOID)myApcRoutine;
}
但,还是崩溃,都没有执行到
myApcRoutine,就崩溃了。
百度了好久,没辙。请大神来帮帮忙。
我们公司用electron做客户端,想把HTTP的报文加密再发送,需要hook chromium,但是老崩溃,不知道怎么处理了。
老大不同意用代理。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
hzqst
