我正在使用这段代码将我的64位dll注入到Windows 7 64位的64位进程中,CreateRemoteThread返回200但仍然没有注入dll,我已经测试过我的dll并且它可以正常工作,Process Explorer显示我的代码无法工作。这段代码可能存在什么问题?我正在使用Delphi XE3,并且已经在64位目标平台上编译了代码。
function InjectDLL(dwPID: DWORD; DLLPath: pwidechar): integer;
var
dwThreadID: Cardinal;
hProc, hThread, hKernel: NativeUInt;
BytesWritten: NativeUInt;
pRemoteBuffer, pLoadLibrary: Pointer;
begin
try
hProc := OpenProcess(PROCESS_ALL_ACCESS, False, dwPID);
if hProc = 0 then
begin
Result := 0;
Exit;
end;
pRemoteBuffer := VirtualAllocEx(hProc, nil, Length(DLLPath) + 1, MEM_COMMIT,
PAGE_READWRITE);
if pRemoteBuffer = nil then
begin
Result := 0;
Exit;
end;
if WriteProcessMemory(hProc, Pointer(pRemoteBuffer), lpvoid(DLLPath),
Length(DLLPath) + 1, BytesWritten) = False then
begin
Result := 0;
Exit;
end;
hKernel := GetModuleHandle(pwidechar('kernel32.dll'));
pLoadLibrary := (GetProcAddress(hKernel, pansichar('LoadLibraryA')));
hThread := CreateRemoteThread(hProc, Pointer(nil), 0, Pointer(pLoadLibrary),
Pointer(pRemoteBuffer), 0, dwThreadID);
WaitForSingleObject(hThread, INFINITE);
VirtualFreeEx(hProc, Pointer(pRemoteBuffer), Length(DLLPath) + 1,
MEM_RELEASE);
CloseHandle(hThread);
CloseHandle(hProc);
// ShowMessage(IntToStr(hThread)+' '+ inttostr(dwThreadID));
Result := 1;
except
on d: exception do
begin
end;
end;
end;
pLoadLibrary
被设置为nil
,这样CreateRemoteThread
就会得到一个不应该得到的nil
参数。但是仔细想想,这只有在另一个进程中引发异常时才可能(如果它引发异常)导致异常,因此不会被此代码中的 except 处理程序所覆盖。(尽管忽略任何异常仍然是错误的。) - user743382