-
-
[求助]我用LoadLibrary加载自己的DLL,每次句柄返回的都是NULL!!!
-
发表于:
2008-3-27 20:25
10619
-
[求助]我用LoadLibrary加载自己的DLL,每次句柄返回的都是NULL!!!
我的启动程序如下:
//#pragma comment(lib, "MsgDll.lib")
typedef void (*FunPtr)(void);
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
HMODULE hMod = ::LoadLibrary("MsgDll.dll");
if (hMod == NULL)
{
::MessageBox(NULL, "Load MsgDll.dll Wrong!", "Wrong", MB_OK);
::ExitProcess(0);
}
FunPtr myfunction = (FunPtr)::GetProcAddress(hMod,"InstallHook");
if (myfunction != NULL)
{
myfunction();
}
return 0;
}
hMod总是NULL
我调试了一下我的DLL
我的DLL的DllMain的代码如下:
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
hInstance = ::GetModuleHandle(NULL);
hProcess = ::GetCurrentProcess();
//取得目标进程的名字,保存到exeName数组中
DWORD processID = ::GetCurrentProcessId();
GetProcessName(processID, exeName);
if (strncmp(wscriptName, exeName, strlen(wscriptName)) != 0)
{
::CloseHandle(hInstance);
return FALSE; //若不是目标进程,则DLL挂载失败,直接退出
}
//若是目标进程,则准备Hook
InlineHookApi("kernel32.dll", "LoadLibraryA", "MyLoadLibAddress");
break;
}
return TRUE;
}
GetProcessName的代码如下:
void GetProcessName(DWORD pID, TCHAR *fileName)
{
BOOL bMore;
HANDLE hProcessSnap;
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
//枚举所有的进程,查看PID是否与传进来的参数相等
hProcessSnap = ::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
bMore = ::Process32First(hProcessSnap, &pe32);
while (bMore)
{
if (pe32.th32ProcessID == pID)
{
//将进程名全部转为小写
for (unsigned int i = 0; i < strlen(pe32.szExeFile); i++)
{
pe32.szExeFile[i] = tolower((int)pe32.szExeFile[i]);
}
strncpy(fileName, pe32.szExeFile, strlen(pe32.szExeFile)+1);
}
bMore = ::Process32Next(hProcessSnap, &pe32);
}
}
调试的时候,在:
hProcessSnap = ::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
这一行上有问题
当程序走到这儿之后,就有VC++的提示
Unhandle exception in StartMsgDll.exe (MsgDll.dll):0xC0000005 access violation
的错误
这一句话会有问题吗???
谢谢了!
[课程]Linux pwn 探索篇!