我有一个将 dll 注入进程的代码。执行注入函数的进程始终与注入进程处于相同的架构(x86 或 x64)中。但是由于某种原因,在 Win7 64 位操作系统上,当注入和注入的进程是 x86 架构时,CreateRemoteThread 函数调用失败。令人惊讶的是,当操作系统是 Win10 64bit 时。32 位进程工作正常。该代码也适用于具有 64 位进程的 Win7 64 位,以及具有 32 位进程的 Win7 32 位。
我在互联网上查看了可能的原因,我所能找到的只是在 Win7 中有时会出现进程会话问题。我认为情况并非如此,因为注入和注入进程都是“用户”会话。
运行 GetLastError() 我得到 5 (ERROR_ACCESS_DENIED)
这是我的注入功能:
DWORD Inject(DWORD PID, const char *dllname)
{
HANDLE hThread = NULL;
BOOL writeSucceed = false;
int cch = 0;
cout << "Injector.dll : Injecting " << dllname << " to " << PID << endl;
DWORD hLibModule;
HMODULE hKernel32 = GetModuleHandle (TEXT ("Kernel32"));
void *hProcess = OpenProcess (PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION |
PROCESS_VM_WRITE, false, PID);
cch = strlen (dllname) + 1;
void *pLibRemote = VirtualAllocEx (hProcess, NULL, cch, MEM_COMMIT,
PAGE_READWRITE);
writeSucceed = WriteProcessMemory (hProcess, pLibRemote, (void *) dllname, cch, NULL);
hThread = CreateRemoteThread (hProcess, NULL, 0,
(PTHREAD_START_ROUTINE)
GetProcAddress (hKernel32,
"LoadLibraryA"),
pLibRemote, 0, NULL);
WaitForSingleObject (hThread, INFINITE);
GetExitCodeThread( hThread, &hLibModule );
CloseHandle (hThread);
VirtualFreeEx (hProcess, pLibRemote, sizeof (dllname), MEM_RELEASE);
hThread = CreateRemoteThread (hProcess, NULL, 0,
(PTHREAD_START_ROUTINE) GetProcAddress (hKernel32,
"FreeLibrary"),
(void *) hLibModule, 0, NULL);
WaitForSingleObject (hThread, INFINITE);
CloseHandle (hThread);
return 0;
}
Is there some special treatment I should do in code for Windows 7?