求甲鱼老师帮忙解决(如果注入远程线程对话框,我贴上我的原码就是不能显示对话框)
甲鱼老师
你好
悲局了三天,还是没有弄出来。只好肯请你出手了。希望能占用你一点时间。问题是这样的:我想把对话框创建注入到别的进程里面。为什么不注入时能正常显示,注入后不能显示。望指点。有人说是link的问题。。我也试了,有人说是入口点的问题我也试了。各种方法都试了,但是还是不能成功。但我又能成功注入窗口。无语了。
希望老师能抽点宝贵时间为盼,贴上我的代码
注入win32汇编模态对话框时,总是无法成功,现把代码贴于下面和传于附件。请大牛不吝赐教。之前在看雪我网上看了好多人提问,但都没有一个确切点的答案,也试过他们的方法但还是无法显示对话框。具体情况是这样的:对话框能正常编译和生成Dll 和exe(包括被注入和注入对话框)被注入对话框改写exe能正常显示。注入对话框也能正常注入其它窗口类程序。目前只发现不能注入上传(或者这类)对话框。编译器是2.2的Radasm跪求踢教。望高手指点。调试了两天都没有一个结果。
;主调用程序
;>>>>>>>>>>>>
;以下为调用窗口(主程序)
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat, stdcall
option casemap :none
include windows.inc
include user32.inc
includelibuser32.lib
include kernel32.inc
includelibkernel32.lib
IDD_DLG1equ8000H
ICO_MAINequ8001H
.data?
hInstancdd?
dwProcessIDdd?
dwThreadIDdd?
hProcessdd?
lpLoadLibrarydd?
lpDllNamedd?
szMyDllFulldbMAX_PATH dup (?)
.const
szErrOpendb'无法打开远程线程!',0
szDllKerneldb'Kernel32.dll',0
szLoadLibrarydb'LoadLibraryA',0
szMyDll db'\ZtDll.dll',0 ;此为对话框dll
szPlayCNdb'explorer.exe',0 ;这个为系统快照里的任意进程
szPromptdb'温馨提示',0
ErroTextdb'进程未启动!请先启动进程。',0
;>>>>>>>>>>>>格式控制符
ForMOne db'%s',0
ForMTwo db'%d/%d',0
ForMThreedb'%d',0
ForMFourdb'%d:%d',0
ForMFivedb'内容:%d',0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 代码段
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
;>>>>>>>>>>>>>提示便利函数
_MessageBoxproc_szDate
LOCAL@szbuffer:byte
invokewsprintf,addr@szbuffer,offset ForMFive,_szDate
invokeMessageBox,0,addr @szbuffer,addr szPrompt,MB_OK or MB_ICONQUESTION
ret
_MessageBox endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>;_GetProcessID procszProName
LOCAL@stProcess:PROCESSENTRY32
LOCAL@hSnapShot
pushad
invokeRtlZeroMemory,addr @stProcess,Sizeof @stProcess
mov@stProcess.dwSize,Sizeof @stProcess
invokeCreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,NULL
mov@hSnapShot,eax
invokeProcess32First,@hSnapShot,addr @stProcess
.whileeax
invoke lstrcmp,szProName,addr @stProcess.szExeFile
.ifeax == 0
jmp Ver
.endif
invokeProcess32Next,@hSnapShot,addr @stProcess
.endw
invokeCloseHandle,@hSnapShot
popad
moveax,0 ;失败:返回0 到eax
ret
Ver:
invokeCloseHandle,@hSnapShot
popad
moveax,@stProcess.th32ProcessID ;成功:保存ID 到eax
ret
_GetProcessID endp
_InjectFuncprocuses ebx esi edi Wnd
LOCALGameID:dword,hThread:dword,dwExitCode:dword
invokeGetCurrentDirectory,MAX_PATH,offset szMyDllFull
invokelstrcat,offset szMyDllFull,offset szMyDll
invokeGetModuleHandle,offset szDllKernel
invokeGetProcAddress,eax,offset szLoadLibrary
movlpLoadLibrary,eax
invoke_GetProcessID,addr szPlayCN
;invoke_MessageBox,eax
.ifeax == 0
invokeMessageBox,Wnd,offset ErroText,offsetszPrompt,MB_OK or MB_ICONQUESTION
ret
.endif
invokeOpenProcess,PROCESS_ALL_ACCESS,FALSE,eax
;invoke_MessageBox,offset szMyDllFull
movGameID,eax
.ifeax
movhProcess,eax
invokeVirtualAllocEx,hProcess,NULL,MAX_PATH,MEM_COMMIT,PAGE_READWRITE
.ifeax
movlpDllName,eax
invokeWriteProcessMemory,hProcess,\
eax,offset szMyDllFull,MAX_PATH,NULL
invokeCreateRemoteThread,hProcess,NULL,0,lpLoadLibrary,\
lpDllName,0,NULL
mov hThread,EAX
.If hThread == 0
.Endif
Invoke WaitForSingleObject,hThread, INFINITE
Invoke GetExitCodeThread, hThread, addr dwExitCode
.If dwExitCode != 0
invoke VirtualFreeEx, hProcess, lpDllName, 0, MEM_RELEASE
Invoke CloseHandle,hProcess
mov EAX,1
.else
mov EAX,0
.endif
ret
.endif
.else
invokeMessageBox,Wnd,offset szErrOpen,offset szPrompt,MB_OK or MB_ICONQUESTION
moveax,1
ret
.endif
ret
_InjectFunc endp
_ProcDlgMainprocuses edi esi ebx hWnd,uMsg,wParam,lParam
moveax,uMsg
.ifeax == WM_COMMAND
mov eax,wParam
.ifax == IDOK
invoke_InjectFunc,hWnd
.ifeax == 0
invoke ExitProcess,NULL;启动后关闭对话框
.endif
.endif
.elseifeax == WM_CLOSE
invokeEndDialog,hWnd,0
.elseifeax == WM_INITDIALOG
invokeLoadIcon,hInstanc,ICO_MAIN
invokeSendMessage,hWnd,WM_SETICON,ICON_BIG,eax
invokeSetWindowPos,hWnd,HWND_TOPMOST,0,0,0,0,SWP_NOMOVE Or SWP_NOSIZE
.else
moveax,FALSE
ret
.endif
moveax,TRUE
ret
_ProcDlgMain endp
start:
invoke GetModuleHandle,NULL
movhInstanc,eax
invoke DialogBoxParam,hInstanc,IDD_DLG1,NULL,offset _ProcDlgMain,NULL
invoke ExitProcess,NULL
endstart
;>>>>>>>>>
;资源文件(主对话框的)
;>>>>>>
#include<resource.h>
#define IDD_DLG1 0x8000
#define ICO_MAIN0x8001
ICO_MAIN ICON "Main.ico"
IDD_DLG1 DIALOG 200,100,90,40
STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_TABSTOP | WS_SYSMENU + WS_MAXIMIZEBOX + WS_MINIMIZEBOX
CAPTION "注入>>>残剑"//
FONT 9,"宋体"
BEGIN
DEFPUSHBUTTON "挂接程序(&Z)", IDOK, 15, 10, 60, 20
//CONTROL "",IDC_LST1,"SysListView32",0x5081000D,2,100,232,90
END
;>>>>>>>>>>>>>>>>>>>>>>>>
;注入对话框文件主文件
;>>>>>>>>>>>>
.386
.model flat, stdcall
option casemap :none
include windows.inc
include user32.inc
includelibuser32.lib
include kernel32.inc
includelibkernel32.lib
ICO_MAINequ 1000h;图标
DLG_MAINequ 1
.data?
hInstancedd ?
.code
_ProcDlgMainprocuses ebx edi esi hWnd,wMsg,wParam,lParam
moveax,wMsg
.ifeax == WM_CLOSE
invokeEndDialog,hWnd,NULL
.elseifeax == WM_INITDIALOG
invokeLoadIcon,hInstance,ICO_MAIN
invokeSendMessage,hWnd,WM_SETICON,ICON_BIG,eax
.elseifeax == WM_COMMAND
moveax,wParam
.ifax == IDOK
invokeEndDialog,hWnd,NULL
.endif
.else
moveax,FALSE
ret
.endif
moveax,TRUE
ret
_ProcDlgMainendp
_WinMainproc
invokeDialogBoxParam,hInstance,DLG_MAIN,NULL,offset _ProcDlgMain,NULL
ret
_WinMainendp
DllEntryproc_hInstance,_dwReason,_dwReserved
local@dwThreadID
.if_dwReason == DLL_PROCESS_ATTACH
push_hInstance
pophInstance
invokeCreateThread,NULL,0,offset _WinMain,NULL,\
NULL,addr @dwThreadID
invokeCloseHandle,eax
.endif
moveax,TRUE
ret
DllEntryEndp
end DllEntry
;>>>>>>>>>>
;注入对话框资源文件
;>>>>>>>>>>
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
#include <resource.h>
#defineICO_MAIN 0x1000//图标
#defineDLG_MAIN 1
ICO_MAINICON"Main.ico"
DLG_MAIN DIALOG 50,50,113,64
STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU
CAPTION "对话框模板"
FONT 9,"宋体"
{
ICON ICO_MAIN,-1,10,11,18,21
CTEXT "简单的对话框例子",-1,36,14,70,19
DEFPUSHBUTTON "退出",IDOK,58,46,50,14
CONTROL "",-1,"Static",SS_ETCHEDHORZ | WS_CHILD | WS_VISIBLE,6,39,103,1
}
页:
[1]