1. 首頁
  2. 問答
  3. 從非託管dll文件(這是注入正在運行的進程)調用託管的dll

從非託管dll文件(這是注入正在運行的進程)調用託管的dll

2017-09-01 148 views
0

無法弄清楚如何使用非託管dll調用託管dll文件中的函數。從非託管dll文件(這是注入正在運行的進程)調用託管的dll

目前,我能夠注入一個非託管的dll到一個正在運行的進程中,並調用一個託管的dll(並且主要提到我是C++的新手),如下所示。

#include "stdafx.h" 
#include <Windows.h> 
#include "dllmain.h" 

BOOL APIENTRY DllMain(HMODULE hModule, 
        DWORD ul_reason_for_call, 
        LPVOID lpReserved ) 
{ 
switch (ul_reason_for_call) 
    { 
    case DLL_PROCESS_ATTACH: 
    { 
    LoadManagedProject(L"C:\\Users\\nagaganesh.kurcheti\\Desktop\\ExampleProject.dll"); 
    DisplayPid(); 
    break; 
    } 
    case DLL_THREAD_ATTACH: 
    case DLL_THREAD_DETACH: 
    case DLL_PROCESS_DETACH: 
    break; 
} 
return TRUE; 
} 

void DisplayPid() 
{ 
DWORD pid = GetCurrentProcessId(); 
wchar_t buf[64]; 
wsprintf(buf, L"Hey, it worked! Pid is %d", pid); 
MessageBox(NULL, buf, L"Injected NEW MessageBox", NULL); 
}

,並從DLL主要我打電話,處理注射過程看起來像一個函數: -

DllExport void LoadManagedProject(const wchar_t * managedDllLocation) 
{ 
HRESULT hr; 
ICLRMetaHost* pClrMetaHost = NULL; 
ICLRRuntimeInfo* pClrRuntimeInfo = NULL; 
ICLRRuntimeHost* pClrRuntimeHost = NULL; 
hr = CLRCreateInstance(CLSID_CLRMetaHost, IID_ICLRMetaHost, (LPVOID*)&pClrMetaHost); 
if (hr == S_OK) 
{ 


    hr = pClrMetaHost->GetRuntime(L"v4.0.30319", IID_PPV_ARGS(&pClrRuntimeInfo)); 
    if (hr == S_OK) 
    {   
     BOOL fLoadable; 
     hr = pClrRuntimeInfo->IsLoadable(&fLoadable); 
     if ((hr == S_OK) && fLoadable) 
     {     
      hr = pClrRuntimeInfo->GetInterface(CLSID_CLRRuntimeHost, 
       IID_PPV_ARGS(&pClrRuntimeHost)); 
      if (hr == S_OK) 
      { 
       hr = pClrRuntimeHost->Start(); 
       if (hr == S_OK) 
       { 
        MessageBox(NULL, L"HR=SOK45STTIME", L"Injected MessageBox", NULL); 

        DWORD result; 
        hr = pClrRuntimeHost->ExecuteInDefaultAppDomain(
         managedDllLocation, 
         L"ExampleProject.Example", 
         L"EntryPoint", 
         L"Argument", 
         &result); 
        if (hr == S_OK) 
        { 
         MessageBox(NULL, L"HR=SOK6STTIME", L"Injected MessageBox", NULL); 
        } 

       } 
      } 
     } 
    } 
} 
}

我是不是能夠在幾次嘗試後,注入了這個過程。 我可以得到我所犯的錯誤,或者建議使用注入到正在運行的進程的非託管dll調用託管dll(c#)的更好方法。先謝謝你。

UPDATE:

如果它是不可能通過這種方式,你可以建議注射託管DLL到正在運行的進程的任何最好的辦法。謝謝

來源

2017-09-01 GANESH GANI

+0

谷歌「的DllMain加載程序鎖」來了解詳情找出爲什麼這是不可能的。 –

+0

請您詳細說明。我是這種情況的新手。Thankyou –

回答

1

您可以通過使用EasyHook 這裏注入託管DLL非託管過程中實現這一點的示例代碼:

#include <easyhook.h> 
#include <string> 
#include <iostream> 
#include <Windows.h> 

DWORD gFreqOffset = 0; 
BOOL WINAPI myBeepHook(DWORD dwFreq, DWORD dwDuration) 
{ 
    std::cout << "\n BeepHook: ****All your beeps belong to us!\n\n"; 
    return Beep(dwFreq + gFreqOffset, dwDuration); 
} 

// EasyHook will be looking for this export to support DLL injection. If not found then 
// DLL injection will fail. 
extern "C" void __declspec(dllexport) __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* inRemoteInfo); 

void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* inRemoteInfo) 
{ 
    std::cout << "\n\nNativeInjectionEntryPointt(REMOTE_ENTRY_INFO* inRemoteInfo)\n\n" << 
     "IIIII   jjj    tt    dd !!! \n" 
     " III nn nnn   eee cccc tt  eee  dd !!! \n" 
     " III nnn nn jjj ee e cc  tttt ee e dddddd !!! \n" 
     " III nn nn jjj eeeee cc  tt eeeee dd dd  \n" 
     "IIIII nn nn jjj eeeee ccccc tttt eeeee dddddd !!! \n" 
     "    jjjj           \n\n"; 

    std::cout << "Injected by process Id: " << inRemoteInfo->HostPID << "\n"; 
    std::cout << "Passed in data size: " << inRemoteInfo->UserDataSize << "\n"; 
    if (inRemoteInfo->UserDataSize == sizeof(DWORD)) 
    { 
     gFreqOffset = *reinterpret_cast<DWORD *>(inRemoteInfo->UserData); 
     std::cout << "Adjusting Beep frequency by: " << gFreqOffset << "\n"; 
    } 

    // Perform hooking 
    HOOK_TRACE_INFO hHook = { NULL }; // keep track of our hook 

    std::cout << "\n"; 
    std::cout << "Win32 Beep found at address: " << GetProcAddress(GetModuleHandle(TEXT("kernel32")), "Beep") << "\n"; 

    // Install the hook 
    NTSTATUS result = LhInstallHook(
     GetProcAddress(GetModuleHandle(TEXT("kernel32")), "Beep"), 
     myBeepHook, 
     NULL, 
     &hHook); 
    if (FAILED(result)) 
    { 
     std::wstring s(RtlGetLastErrorString()); 
     std::wcout << "Failed to install hook: "; 
     std::wcout << s; 
    } 
    else 
    { 
     std::cout << "Hook 'myBeepHook installed successfully."; 
    } 

    // If the threadId in the ACL is set to 0, 
    // then internally EasyHook uses GetCurrentThreadId() 
    ULONG ACLEntries[1] = { 0 }; 

    // Disable the hook for the provided threadIds, enable for all others 
    LhSetExclusiveACL(ACLEntries, 1, &hHook); 

    return; 
}

或者你可以在original source

來源

2017-09-02 10:24:49

相關問題

 相關問題