Question

我最近编写了一个注入器，只要 dll 与 exe 注入器位于同一目录中，它就会注入，但即使 dLL 位于同一路径中，它仍会返回并找不到错误文件。

对 C++ 非常陌生，所以不完全确定如何修复它，只有这一点我知道问题必须出在 dll_name 中

此处列出了 C++ 代码

#include <Windows.h>
#include <string>
#include <thread>
#include <libloaderapi.h>

using namespace std;

void get_proc_id(const char* window_title, DWORD &process_id)
{
    GetWindowThreadProcessId(FindWindow(NULL, window_title), &process_id); // Find Process ID by using title of window
}

void error(const char* error_title, const char* error_message) 
{
    MessageBox(NULL, error_message, error_title, NULL);
    exit(-1);
    //if error occurs output false
}

bool file_exists(string file_name) // Makes sure file exists
{
    struct stat buffer;
    return (stat(file_name.c_str(), &buffer) == 0);
    //Information goes through buffer if = 0 , it worked
    //Creates random buffer of stat sturc doesnt matter what goes in - making sure function is successful, gets info about file and checks if it workeed
}

int main()
{
    DWORD proc_id = NULL;
     char dll_path[MAX_PATH];
     const char* dll_name = "TestDll2.dll"; //Name of Dll
     const char* window_title = "Untitled - Paint"; //Must Match Title Name

     if (!file_exists(dll_name));
     {
         error("file_exists", "File does not exist");
     }

     if (!GetFullPathName(dll_name, MAX_PATH, dll_path, nullptr))
     {
         error("GetFullPathName", "Failed to get full file path");
     }

     get_proc_id(window_title, proc_id);
     if (proc_id == NULL)
     {
         error("get_proc_id", "Failed to get process ID");
     }

     HANDLE h_process = OpenProcess(PROCESS_ALL_ACCESS, NULL, proc_id);
     if (!h_process)
     {
         error("OpenProcess", "Failed to open handle to process");
     }

     void* allocated_memory = VirtualAllocEx(h_process, nullptr, MAX_PATH, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); //Calling Virutal Allocation, passing handle to process - reserving memory by going thru reserve and need to commit to it so we can write
     if (!allocated_memory)
     {
         error("VirtualAllocEx", "Failed to allocate memory");
     }

     if (!WriteProcessMemory(h_process, allocated_memory, dll_path, MAX_PATH, nullptr)) // Write DLL path into the target program
     {
         error("WriteProcessMemory", "Failed to write process memory");
     }
     //If above works we call loadlibarya which is where the dll is stored
     HANDLE h_thread = CreateRemoteThread(h_process, nullptr, NULL, LPTHREAD_START_ROUTINE(LoadLibraryA), allocated_memory, NULL, nullptr);
     if (!h_thread)
     {
         error("CreateRemoteThread", "Failed to create remote thread");
     }

     CloseHandle(h_process);
     VirtualFreeEx(h_process, allocated_memory, NULL, MEM_RELEASE);
     MessageBox(0, "Successfully Injected!", "Sucess", 0);
} ```

Answer 1

尝试使用 C++ STL 函数或 Windows 原生 API：

#include <string>
#include <filesystem>

#include <Shlwapi.h>

#pragma comment(lib, "Shlwapi.lib")


bool IsExists(const std::string &FilePathName)
{
    return std::filesystem::exists(FilePathName);
}

bool IsExists(const std::string &FilePathName)
{
    return PathFileExistsA(FilePathName.c_str());
}

Answer 2

正在当前目录中搜索该文件，而不是在 exe 文件所在的目录中。这些可能不一样。您必须找到 exe 文件的路径才能在其目录中搜索文件。在 Windows 上，您可以执行以下操作：

#include <psapi.h>

// ....

HANDLE Handle = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 
                FALSE, GetCurrentProcessId() );
if ( Handle ) {
   TCHAR buffer[MAX_PATH];
   if ( GetModuleFileNameEx( Handle, 0, buffer, MAX_PATH ) ) {
      std::filesystem::path exePath( buffer ); // TODO this might need encoding conversion
      auto exeDir = exePath.parent_path();
      auto dllPath = exeDir / "TestDll2.dll";
      if ( std::filesystem::exists( dllPath ) ) {
         // ...
      }
   }
}

如果 GetProcessImageFileName 不起作用，您也可以尝试 GetModuleFileNameEx。显然它不适用于 64 位系统上的 32 位应用程序（请参阅 this answer 中的注释）。

Dll 注入器未检测到 Dll

2 个答案: