首页
社区
课程
招聘
[求助]一个线程注入程序的问题
发表于: 2007-7-27 21:31 5087

[求助]一个线程注入程序的问题

2007-7-27 21:31
5087
.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc

includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib

.data
szCalss db   'Notepad',0
.data?
hModule dd ?
hWnd dd ?
hProcess dd ?
ShellSize dd ?
Pid dd ?
Written dd ?
dwTid dd ?
.code

Shellcode proc
push NULL
push NULL
push NULL
push NULL
call MessageBox
ret
Shellcode endp
start:
invoke FindWindow,addr szCalss,0
invoke GetWindowThreadProcessId, eax, addr Pid
invoke OpenProcess,PROCESS_CREATE_THREAD or PROCESS_VM_WRITE+\
        PROCESS_VM_OPERATION,FALSE,Pid      
mov hProcess, eax
invoke VirtualFreeEx, hProcess, hModule, 0, MEM_RELEASE
invoke VirtualAllocEx, hProcess, hModule, ShellSize, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE
mov hWnd, eax
invoke WriteProcessMemory, hProcess, hWnd, hModule, ShellSize, addr Written
invoke CreateRemoteThread, hProcess, 0, 0, addr Shellcode, hModule, 0, addr dwTid
invoke ExitProcess, 0
end start

注入记事本,编译能够通过,但是一运行,记事本就会出错,然后关闭了......................
请大家指教.........................

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (4)
雪    币: 494
活跃值: (629)
能力值: ( LV9,RANK:1210 )
在线值:
发帖
回帖
粉丝
2
看看call MessageBox被编译成什么了
2007-7-27 22:37
0
雪    币: 1505
能力值: (RANK:210 )
在线值:
发帖
回帖
粉丝
3
程序错误不是一般的多 呵呵 感觉Liebek兄就压根没理解注入的原理
帮你改改
.386
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc

includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib

.data
szCalss db   'Notepad',0
.data?
hWnd dd ?
hProcess dd ?
Pid dd ?
Written dd ?
dwTid dd ?
lpMessageBox dd ?
.const
szMessageBox db 'MessageBoxA',0
szUser32dll db 'User32.dll',0
.code
REMOTE_CODE_START:
_lpMessageBox dd ?
Shellcode proc
call @F
@@:
pop ebx
sub ebx,offset @B
push NULL
push NULL
push NULL
push NULL
call dword ptr [ebx+_lpMessageBox]
ret
Shellcode endp
REMOTE_CODE_END:
start:
invoke GetModuleHandle,addr szUser32dll
mov ebx,eax
invoke GetProcAddress,ebx,addr szMessageBox
mov lpMessageBox,eax
invoke FindWindow,addr szCalss,0
invoke GetWindowThreadProcessId, eax, addr Pid
invoke OpenProcess,PROCESS_CREATE_THREAD or PROCESS_VM_WRITE+\
        PROCESS_VM_OPERATION,FALSE,Pid      
mov hProcess, eax
invoke VirtualAllocEx,hProcess,NULL, REMOTE_CODE_END-REMOTE_CODE_START, MEM_COMMIT, PAGE_EXECUTE_READWRITE
mov hWnd, eax
invoke WriteProcessMemory, hProcess, hWnd, offset REMOTE_CODE_START, REMOTE_CODE_END-REMOTE_CODE_START, addr Written
invoke WriteProcessMemory,hProcess,hWnd,offset lpMessageBox,sizeof dword,addr Written
mov eax,hWnd
add eax,Shellcode-REMOTE_CODE_START
invoke CreateRemoteThread, hProcess, 0, 0, eax, 0, 0, 0
invoke ExitProcess, 0
end start
2007-7-28 17:14
0
雪    币: 200
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
4
回bithaha兄的话,我确实没有理解,就是想通过这个程序来理解的(在网上找的原型),结果有问题......
非常感谢你的帮助!
2007-7-28 19:11
0
雪    币: 101
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
实现 了一个完整的注入DLL的代码 以以前的帖子也回过 把地址给你

不知对有没有用...

effK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0D9L8$3N6Q4x3X3g2U0M7$3c8F1i4K6u0W2L8X3g2@1i4K6u0r3j5$3S2A6L8X3q4X3k6g2)9J5c8X3q4J5j5$3S2A6N6X3g2Q4x3V1j5J5x3o6l9%4i4K6u0r3x3o6N6Q4x3V1j5I4x3g2)9J5c8U0p5$3z5o6f1J5y4K6q4Q4x3X3g2S2M7%4m8^5
2007-8-1 15:17
0
游客
登录 | 注册 方可回帖
返回