|
#2
lchl6506102011-04-02 19:50
更正
求教: dll远程注入到宿主程序,通过热键呼出内置窗体调用dll的函数一切正常,但如果通过外部应用程序调用嵌入汇编的函数就有问题了,主要是访问地址违规,请好心人指点. 一、以下是CALL单元的函数 1.如果是这样就没问题 Function addHp():boolean;stdcall;// var begin showMessage('开始外部调用dll'); asm mov edx,$00d947e4 mov eax,$00d91f74 end; showMessage('调用结束'); end; 2.如果是这样就有问题了 Function addHp():boolean;stdcall;// var begin showMessage('开始外部调用dll'); asm mov edx,[$00d947e4] mov eax,[$00d91f74] end; showMessage('调用结束'); end; 3.这样也有问题 Function addHp():boolean;stdcall;// var begin showMessage('开始外部调用dll'); asm mov edx,$00d947e4 mov eax,$00d91f74 mov ecx,$00453014 call ecx end; end; showMessage('调用结束'); end; 总结了下,就是使用寄存器没问题,但访问内存地址就不行,使用CALL指令也不行,求老师指点了! 二、以下是DLL代码 library Gamedll; { 省略 } uses SysUtils, Windows, Classes, Messages, dllForm in 'dllForm.pas' {Form1}, CALL in 'CALL.pas'; {$R *.res} var keyhhk:HHOOK; phWnd:HWND; Function keyproc(icode,wp,lp:integer):DWORD;stdcall; //键盘钩子HOOK回调函数 begin if (icode=HC_ACTION) then begin if (wp=VK_Insert) and ((1 shl 31) and lp=0) then begin if Form1=nil then Form1:=TForm1.Create(nil); end; end; keyProc:=CallNextHookEx(keyhhk,icode,wp,lp); end; Function installKeyProc(Gameh:hWnd):boolean;stdcall; //安装函数 installkeyProc var GameTid:Thandle; begin Result:=false; phWnd:=Gameh; if Gameh=0 then begin messageBox(0,'未找到目标','Eorro',0); exit; end; GameTid:=GetWindowThreadProcessId(Gameh); keyhhk:=SetWindowsHookEx(WH_KEYBOARD,@Keyproc,GetModuleHandle('Gamedll.dll'),GameTid); if keyhhk>0 then begin //messageBox(0,'安装钩子成功,可以正常使用!','调用提示',0); Result:=true; end; end; Procedure DllEnterProc(reason:integer); //卸载函数窗体 begin case reason of windows.DLL_PROCESS_ATTACH : begin end; windows.DLL_PROCESS_DETACH :begin Form1.Free ;Form1:=nil; end; end; end; exports addHp, installKeyProc; begin dllProc:=@DllEnterProc; end. 另一单元: unit CALL; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls, ExtCtrls; Function addHp():boolean;stdcall;// implementation Function addHp():boolean;stdcall;// begin showMessage('开始外部调用dll'); asm mov edx,$00d947e4 mov eax,$00d91f74 mov ecx,$00453014 call ecx end; end; showMessage('调用结束'); end; 三、以下是调用单元代码 unit exeForm; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls, ExtCtrls; type TForm1 = class(TForm) Edit1: TEdit; Button1: TButton; Edit2: TEdit; Button2: TButton; Timer1: TTimer; Button3: TButton; procedure Button1Click(Sender: TObject); procedure Button2Click(Sender: TObject); procedure Timer1Timer(Sender: TObject); procedure Button3Click(Sender: TObject); private { Private declarations } public { Public declarations } end; var Form1: TForm1; Gameh: hWnd=0; addHpA:Function():boolean;stdcall; installkeyProc:Function(Gameh:hWnd):boolean;stdcall; // implementation {$R *.dfm} procedure TForm1.Button3Click(Sender: TObject); var hModule:Thandle; GamePid:Thandle; //进程ID begin try hModule:=LoadLibrary('Gamedll.dll'); addHpA:=GetProcAddress(hModule,'addHp'); addHpA(); except MessageBox(0,'读取数据错误','出错警告',0); exit; end; end; end. 注入的代码我就不发了,注入是没问题的,因为通过HOME热键呼出窗体调用函数是没有问题的,经过多次验证。 现在的问题是,凡是访问地址就出现问题,凡是使用汇编CALL指令就出问题,是我的调用代码有问题?还是函数写的有问题?敬请教导!先谢了。 |
求教: dll远程注入到宿主程序,通过热键呼出内置窗体调用dll的函数一切正常,但如果通过外部应用程序调用嵌入汇编的函数就有问题了,主要是访问地址违规,请好心人指点.
一、以下是CALL单元的函数
1.如果是这样就没问题
Function addHp():boolean;stdcall;//
var
begin
showMessage('开始外部调用dll');
asm
mov edx,$00d947e4
mov eax,$00d91f74
end;
showMessage('调用结束');
end;
2.如果是这样就有问题了
Function addHp():boolean;stdcall;//
var
begin
showMessage('开始外部调用dll');
asm
mov edx,[$00d947e4]
mov eax,[$00d91f74]
end;
showMessage('调用结束');
end;
3.这样也有问题
Function addHp():boolean;stdcall;//
var
begin
showMessage('开始外部调用dll');
asm
mov edx,$00d947e4
mov eax,$00d91f74
mov ecx,$00453014
call ecx end;
showMessage('调用结束');
end;
总结了下,就是使用寄存器没问题,但访问内存地址就不行,使用CALL指令也不行,求老师指点了!
二、以下是DLL代码
library Gamedll;
{ 省略 }
uses
SysUtils,
Windows,
Classes,
Messages,
dllForm in 'dllForm.pas' {Form1},
CALL in 'CALL.pas';
{$R *.res}
var
keyhhk:HHOOK;
phWnd:HWND;
Function keyproc(icode,wp,lp:integer):DWORD;stdcall; //键盘钩子HOOK回调函数
begin
if (icode=HC_ACTION) then
begin
if (wp=VK_Insert) and ((1 shl 31) and lp=0) then
begin
if Form1=nil then
Form1:=TForm1.Create(nil);
end;
end;
keyProc:=CallNextHookEx(keyhhk,icode,wp,lp);
end;
Function installKeyProc(Gameh:hWnd):boolean;stdcall; //安装函数 installkeyProc
var
GameTid:Thandle;
begin
Result:=false;
phWnd:=Gameh;
if Gameh=0 then
begin
messageBox(0,'未找到目标','Eorro',0);
exit;
end;
GameTid:=GetWindowThreadProcessId(Gameh);
keyhhk:=SetWindowsHookEx(WH_KEYBOARD,@Keyproc,GetModuleHandle('Gamedll.dll'),GameTid);
if keyhhk>0 then
begin
//messageBox(0,'安装钩子成功,可以正常使用!','调用提示',0);
Result:=true;
end;
end;
Procedure DllEnterProc(reason:integer); //卸载函数窗体
begin
case reason of
windows.DLL_PROCESS_ATTACH : begin end;
windows.DLL_PROCESS_DETACH :begin Form1.Free ;Form1:=nil; end;
end;
end;
exports
addHp,
installKeyProc;
begin
dllProc:=@DllEnterProc;
end.
三、以下是调用单元代码
unit exeForm;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ExtCtrls;
type
TForm1 = class(TForm)
Edit1: TEdit;
Button1: TButton;
Edit2: TEdit;
Button2: TButton;
Timer1: TTimer;
Button3: TButton;
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
procedure Timer1Timer(Sender: TObject);
procedure Button3Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
Gameh: hWnd=0;
addHpA:Function():boolean;stdcall;
installkeyProc:Function(Gameh:hWnd):boolean;stdcall; //
implementation
{$R *.dfm}
procedure TForm1.Button3Click(Sender: TObject);
var
hModule:Thandle;
GamePid:Thandle; //进程ID
begin
try
hModule:=LoadLibrary('Gamedll.dll');
addHpA:=GetProcAddress(hModule,'addHp');
addHpA();
except
MessageBox(0,'读取数据错误','出错警告',0);
exit;
end;
end;
end.
注入的代码我就不发了,注入是没问题的,因为通过HOME热键呼出窗体调用函数是没有问题的,经过多次验证。
现在的问题是,凡是访问地址就出现问题,凡是使用汇编CALL指令就出问题,是我的调用代码有问题?还是函数写的有问题?敬请教导!先谢了。
