-
-
[求助]一个线程注入程序的问题
-
发表于: 2007-7-27 21:31
-
.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
.data
szCalss db 'Notepad',0
.data?
hModule dd ?
hWnd dd ?
hProcess dd ?
ShellSize dd ?
Pid dd ?
Written dd ?
dwTid dd ?
.code
Shellcode proc
push NULL
push NULL
push NULL
push NULL
call MessageBox
ret
Shellcode endp
start:
invoke FindWindow,addr szCalss,0
invoke GetWindowThreadProcessId, eax, addr Pid
invoke OpenProcess,PROCESS_CREATE_THREAD or PROCESS_VM_WRITE+\
PROCESS_VM_OPERATION,FALSE,Pid
mov hProcess, eax
invoke VirtualFreeEx, hProcess, hModule, 0, MEM_RELEASE
invoke VirtualAllocEx, hProcess, hModule, ShellSize, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE
mov hWnd, eax
invoke WriteProcessMemory, hProcess, hWnd, hModule, ShellSize, addr Written
invoke CreateRemoteThread, hProcess, 0, 0, addr Shellcode, hModule, 0, addr dwTid
invoke ExitProcess, 0
end start
注入记事本,编译能够通过,但是一运行,记事本就会出错,然后关闭了......................
请大家指教.........................
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
.data
szCalss db 'Notepad',0
.data?
hModule dd ?
hWnd dd ?
hProcess dd ?
ShellSize dd ?
Pid dd ?
Written dd ?
dwTid dd ?
.code
Shellcode proc
push NULL
push NULL
push NULL
push NULL
call MessageBox
ret
Shellcode endp
start:
invoke FindWindow,addr szCalss,0
invoke GetWindowThreadProcessId, eax, addr Pid
invoke OpenProcess,PROCESS_CREATE_THREAD or PROCESS_VM_WRITE+\
PROCESS_VM_OPERATION,FALSE,Pid
mov hProcess, eax
invoke VirtualFreeEx, hProcess, hModule, 0, MEM_RELEASE
invoke VirtualAllocEx, hProcess, hModule, ShellSize, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE
mov hWnd, eax
invoke WriteProcessMemory, hProcess, hWnd, hModule, ShellSize, addr Written
invoke CreateRemoteThread, hProcess, 0, 0, addr Shellcode, hModule, 0, addr dwTid
invoke ExitProcess, 0
end start
注入记事本,编译能够通过,但是一运行,记事本就会出错,然后关闭了......................
请大家指教.........................
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
程序错误不是一般的多 呵呵 感觉Liebek兄就压根没理解注入的原理
 帮你改改 .386 .model flat, stdcall option casemap:none include \masm32\include\windows.inc include \masm32\include\kernel32.inc include \masm32\include\user32.inc includelib \masm32\lib\kernel32.lib includelib \masm32\lib\user32.lib .data szCalss db 'Notepad',0 .data? hWnd dd ? hProcess dd ? Pid dd ? Written dd ? dwTid dd ? lpMessageBox dd ? .const szMessageBox db 'MessageBoxA',0 szUser32dll db 'User32.dll',0 .code REMOTE_CODE_START: _lpMessageBox dd ? Shellcode proc call @F @@: pop ebx sub ebx,offset @B push NULL push NULL push NULL push NULL call dword ptr [ebx+_lpMessageBox] ret Shellcode endp REMOTE_CODE_END: start: invoke GetModuleHandle,addr szUser32dll mov ebx,eax invoke GetProcAddress,ebx,addr szMessageBox mov lpMessageBox,eax invoke FindWindow,addr szCalss,0 invoke GetWindowThreadProcessId, eax, addr Pid invoke OpenProcess,PROCESS_CREATE_THREAD or PROCESS_VM_WRITE+\ PROCESS_VM_OPERATION,FALSE,Pid mov hProcess, eax invoke VirtualAllocEx,hProcess,NULL, REMOTE_CODE_END-REMOTE_CODE_START, MEM_COMMIT, PAGE_EXECUTE_READWRITE mov hWnd, eax invoke WriteProcessMemory, hProcess, hWnd, offset REMOTE_CODE_START, REMOTE_CODE_END-REMOTE_CODE_START, addr Written invoke WriteProcessMemory,hProcess,hWnd,offset lpMessageBox,sizeof dword,addr Written mov eax,hWnd add eax,Shellcode-REMOTE_CODE_START invoke CreateRemoteThread, hProcess, 0, 0, eax, 0, 0, 0 invoke ExitProcess, 0 end start |
|
|
回bithaha兄的话,我确实没有理解,就是想通过这个程序来理解的(在网上找的原型),结果有问题......
非常感谢你的帮助! 
|
|
|
|
