-
-
[求助]已注入dll,也得到模块句柄,就是无法读取,和修改。请帮忙看看。
-
发表于:
2008-7-28 14:42
9320
-
[求助]已注入dll,也得到模块句柄,就是无法读取,和修改。请帮忙看看。
主进程是个服务,我枚举的到的进程ID
//提升权限
HANDLE hToken;
if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken))
{
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount=1;
LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&tp.Privileges[0].Luid);
tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL);
CloseHandle(hToken);
}
// 打开目标进程,最大权限
HANDLE hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, dwProcessID );
DLL里我使用void *Handle = GetModuleHandle("date.dll") ,得到dll模块句柄,read,write都失败,但是用 FreeLibrary(GetModuleHandleA("date.dll"));却可以成功释放dll.
DLL代码
int WINAPI DllEntryPoint(HINSTANCE hinst, unsigned long reason, void* lpReserved)
{
switch ( reason )
{
case DLL_PROCESS_ATTACH:
{
MessageBox( NULL, "DLL已进入目标进程。", "信息", MB_ICONINFORMATION );
//FreeLibrary(GetModuleHandleA("date.dll")); //这个成功
void *Handle = GetModuleHandle("date.dll");
char *OBJ_patch = new char[10];
DWORD size;
unsigned int OBJ_IP = (int)Handle + 0xD78b;
if (ReadProcessMemory(Handle,(void*)OBJ_IP,OBJ_patch,0x0A,&size))
{
MessageBox( NULL, (char*)OBJ_patch, "信息", MB_ICONINFORMATION );
}
else
{
MessageBox( NULL, "读取失败。", "信息", MB_ICONINFORMATION );
}
}
break;
case DLL_PROCESS_DETACH:
{
MessageBox( NULL, "DLL已从目标进程卸载。", "信息", MB_ICONINFORMATION );
}
break;
}
return 1;
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
