Quellcode-Bibliothek crashinject.cpp Sprache: C

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*
* Given a PID, this program attempts to inject a DLL into the process
* with that PID. The DLL it attempts to inject, "crashinjectdll.dll",
* must exist alongside this exe. The DLL will then crash the process.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <windows.h>

int main(int argc, char** argv) {
  if (argc != 2) {
    fprintf(stderr, "Usage: crashinject \n");
    return 1;
  }

  int pid = atoi(argv[1]);
  if (pid <= 0) {
    fprintf(stderr, "Usage: crashinject \n");
    return 1;
  }

  // find our DLL to inject
  wchar_t filename[_MAX_PATH];
  if (GetModuleFileNameW(nullptr, filename,
                         sizeof(filename) / sizeof(wchar_t)) == 0)
    return 1;

  wchar_t* slash = wcsrchr(filename, L'\\');
  if (slash == nullptr) return 1;

  slash++;
  wcscpy(slash, L"crashinjectdll.dll");

  // now find our target process
  HANDLE targetProc =
      OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE |
                      PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION,
                  FALSE, pid);
  if (targetProc == nullptr) {
    fprintf(stderr, "Error %lu opening target process\n", GetLastError());
    return 1;
  }

  /*
   * This is sort of insane, but we're implementing a technique described here:
   * http://www.codeproject.com/KB/threads/winspy.aspx#section_2
   *
   * The gist is to use CreateRemoteThread to create a thread in the other
   * process, but cheat and make the thread function kernel32!LoadLibrary,
   * so that the only remote data we have to pass to the other process
   * is the path to the library we want to load. The library we're loading
   * will then do its dirty work inside the other process.
   */
  HMODULE hKernel32 = GetModuleHandleW(L"Kernel32");
  // allocate some memory to hold the path in the remote process
  void* pLibRemote = VirtualAllocEx(targetProc, nullptr, sizeof(filename),
                                    MEM_COMMIT, PAGE_READWRITE);
  if (pLibRemote == nullptr) {
    fprintf(stderr, "Error %lu in VirtualAllocEx\n", GetLastError());
    CloseHandle(targetProc);
    return 1;
  }

  if (!WriteProcessMemory(targetProc, pLibRemote, (void*)filename,
                          sizeof(filename), nullptr)) {
    fprintf(stderr, "Error %lu in WriteProcessMemory\n", GetLastError());
    VirtualFreeEx(targetProc, pLibRemote, sizeof(filename), MEM_RELEASE);
    CloseHandle(targetProc);
    return 1;
  }
  // Now create a thread in the target process that will load our DLL
  HANDLE hThread = CreateRemoteThread(
      targetProc, nullptr, 0,
      (LPTHREAD_START_ROUTINE)GetProcAddress(hKernel32, "LoadLibraryW"),
      pLibRemote, 0, nullptr);
  if (hThread == nullptr) {
    fprintf(stderr, "Error %lu in CreateRemoteThread\n", GetLastError());
    VirtualFreeEx(targetProc, pLibRemote, sizeof(filename), MEM_RELEASE);
    CloseHandle(targetProc);
    return 1;
  }
  WaitForSingleObject(hThread, INFINITE);
  // Cleanup, not that it's going to matter at this point
  CloseHandle(hThread);
  VirtualFreeEx(targetProc, pLibRemote, sizeof(filename), MEM_RELEASE);
  CloseHandle(targetProc);

  return 0;
}

quality100%

¤ Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.0.19Bemerkung: (vorverarbeitet) ¤

Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.

Bemerkung:

Die farbliche Syntaxdarstellung ist noch experimentell.