![[HaBo]](/styles/default/logoklein.png)
Hi.
Als erster Post gleich mal eine kleine Frage:
Der oben gelistete Code läuft zwar ohne probleme durch, aber der Prozess in den injeziert wird, stürzt einfach ab. Ich weis aber nicht ob (und wenn ja wie?) ich den thread der in einem anederen Prozess debuggen kann.
Ich probiere das ganze in einer VirtualBox mit Windows 10 + cygwin + gdb + gcc.
mfg conky
Als erster Post gleich mal eine kleine Frage:
Code:
#include <windows.h>
#include <psapi.h>
#define PROCESS_ID_FOR_INJECTION 2832
struct inj_data
{
HMODULE WINAPI (*load_library) (LPCSTR lpFileName);
FARPROC WINAPI (*get_proc_address) (HMODULE hModule, LPVOID lpProcName);
HMODULE kernelDll;
char message_box_name[10];
char message_box_string1[10];
};
static DWORD WINAPI thread_main(struct inj_data *injData)
{
int WINAPI (*message_box) (HWND, LPCTSTR, LPCTSTR, UINT);
message_box = injData->get_proc_address(injData->kernelDll,
injData->message_box_name);
(*message_box)(NULL,
injData->message_box_string1,
injData->message_box_string1,
MB_OKCANCEL);
}
int main(void)
{
HANDLE proc, newThread;
struct inj_data *injData;
HMODULE kernelDll;
LPVOID injDataBase, injFuncBase;
if (!(proc = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION
| PROCESS_VM_OPERATION | PROCESS_VM_WRITE
| PROCESS_VM_READ,
FALSE,
PROCESS_ID_FOR_INJECTION)))
{
return 1;
}
injData = malloc(sizeof (struct inj_data));
#define MESSAGEBOX "MessageBox"
memcpy(injData->message_box_name, MESSAGEBOX, strlen(MESSAGEBOX));
#define STRING1 "Hello"
memcpy(injData->message_box_string1, STRING1, strlen(STRING1));
kernelDll = LoadLibrary("kernel32.dll");
injData->kernelDll = kernelDll;
injData->load_library = GetProcAddress(kernelDll, "LoadLibraryA");
injData->get_proc_address = GetProcAddress(kernelDll, "GetProcAddressA");
if (NULL == (injDataBase = VirtualAllocEx(proc,
NULL,
sizeof (struct inj_data),
MEM_COMMIT,
PAGE_READWRITE)))
{
return 2;
}
if (!WriteProcessMemory(proc,
injDataBase,
injData,
sizeof (injData),
NULL))
{
return 3;
}
if (NULL == (injFuncBase = VirtualAllocEx(proc,
NULL,
((SIZE_T)(&main) - (SIZE_T)(&thread_main)),
MEM_COMMIT,
PAGE_READWRITE)))
{
return 4;
}
if (!WriteProcessMemory(proc,
injFuncBase,
&thread_main,
((SIZE_T)&main - (SIZE_T)&thread_main),
NULL))
{
return 5;
}
if (NULL == (newThread = CreateRemoteThread(proc,
NULL,
0,
(LPTHREAD_START_ROUTINE)injFuncBase,
injDataBase,
NULL,
NULL)))
{
return 6;
}
return 0;
}Ich probiere das ganze in einer VirtualBox mit Windows 10 + cygwin + gdb + gcc.
mfg conky