求助：各位高手，这边注入DLL提示创建线程失败，拒绝访问，错误代码5

Galaxyou · 发表于 2023-8-18 17:48

本帖最后由 Galaxyou 于 2023-8-18 17:57 编辑

写了一个C++程序来注入DLL提示没有权限，CMD和程序都是管理员运行，代码如下：

int main()
{

const CHAR* DLLPath = "C:\\Users\\Administrator\\Downloads\\Compressed\\WeChatX64.dll";
DWORD pid = 0;
scanf_s("%d", &pid);
HANDLE hprocess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!hprocess) {
    DWORD errorCode = GetLastError();
    LPSTR errorMessage = nullptr;
    DWORD result = FormatMessageA(
        FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
        nullptr,
        errorCode,
        0,
        reinterpret_cast<LPSTR>(&errorMessage),
        0,
        nullptr
    );

    if (result != 0) {
        std::cout << "无法打开进程句柄，错误代码：" << errorCode << std::endl;
        std::cout << "错误消息：" << errorMessage << std::endl;
        LocalFree(errorMessage);
    }
    else {
        std::cout << "无法打开进程句柄，错误代码：" << errorCode << std::endl;
    }
    return 1;
}

SIZE_T PathSize = (strlen(DLLPath) + 1) * sizeof(TCHAR);
LPVOID StartAddress = VirtualAllocEx(hprocess, NULL, PathSize, MEM_COMMIT, PAGE_READWRITE);
if (!StartAddress) {
    std::cout << "开辟内存失败" << std::endl;
    return 1;
}
if (!WriteProcessMemory(hprocess, StartAddress, DLLPath, PathSize, NULL)) {
    std::cout << "无法写入DLL路径" << std::endl;
    return 1;
}
PTHREAD_START_ROUTINE pfnStartAddress = (PTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "LoadLibraryA");
if (!pfnStartAddress) {
    std::cout << "无法获取函数地址" << std::endl;
    return 1;
}
HANDLE hThread = CreateRemoteThreadEx(hprocess, NULL, NULL, pfnStartAddress, StartAddress, NULL, NULL, NULL);
if (!hThread) {
    DWORD errorCode = GetLastError();
    LPSTR errorMessage = nullptr;
    DWORD result = FormatMessageA(
        FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
        nullptr,
        errorCode,
        0,
        reinterpret_cast<LPSTR>(&errorMessage),
        0,
        nullptr
    );
    if (result != 0) {
        std::cout << "创建线程失败，错误代码：" << errorCode << std::endl;
        std::cout << "错误消息：" << errorMessage << std::endl;
        LocalFree(errorMessage);
    }
    return 1;
}
//WaitForSingleObject(hThread, INFINITE);//等待DLL结束
std::cout << "注入成功！\n";
CloseHandle(hThread);
CloseHandle(hprocess);
system("pause");
return 0;

}

报错如下：

renpeng009 · 发表于 2023-8-19 09:55

楼主 result 的生命周期仅限于if (!hprocess) {}内吧，你判断result的时候已经失去了意义

yes2 · 发表于 2023-8-20 21:36

是不是有杀毒软件？

帐号		自动登录	找回密码
密码			注册[Register]

[求助] 求助：各位高手，这边注入DLL提示创建线程失败，拒绝访问，错误代码5