飘云阁(PYG官方)

 找回密码
 快速注册

QQ登录

只需一步,快速开始

查看: 73|回复: 1

[求助] win10 x64 用 AHEAD生成 源码 编译的DLL为何不能正常运行,请各位表哥老师会诊

[复制链接]
  • TA的每日心情
    奋斗
    3 天前
  • 签到天数: 821 天

    [LV.10]以坛为家III

    发表于 2020-1-14 22:22:03 | 显示全部楼层 |阅读模式
    version.dll 源码
    //Created by AheadLib x86/x64 v1.2
    #include <windows.h>
    #include <Shlwapi.h>
    #pragma comment( lib, "Shlwapi.lib")

    #pragma comment(linker, "/EXPORT:GetFileVersionInfoA=AheadLib_GetFileVersionInfoA,@1")
    #pragma comment(linker, "/EXPORT:GetFileVersionInfoByHandle=AheadLib_GetFileVersionInfoByHandle,@2")
    #pragma comment(linker, "/EXPORT:GetFileVersionInfoExA=AheadLib_GetFileVersionInfoExA,@3")
    #pragma comment(linker, "/EXPORT:GetFileVersionInfoExW=AheadLib_GetFileVersionInfoExW,@4")
    #pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeA=AheadLib_GetFileVersionInfoSizeA,@5")
    #pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeExA=AheadLib_GetFileVersionInfoSizeExA,@6")
    #pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeExW=AheadLib_GetFileVersionInfoSizeExW,@7")
    #pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeW=AheadLib_GetFileVersionInfoSizeW,@8")
    #pragma comment(linker, "/EXPORT:GetFileVersionInfoW=AheadLib_GetFileVersionInfoW,@9")
    #pragma comment(linker, "/EXPORT:VerFindFileA=AheadLib_VerFindFileA,@10")
    #pragma comment(linker, "/EXPORT:VerFindFileW=AheadLib_VerFindFileW,@11")
    #pragma comment(linker, "/EXPORT:VerInstallFileA=AheadLib_VerInstallFileA,@12")
    #pragma comment(linker, "/EXPORT:VerInstallFileW=AheadLib_VerInstallFileW,@13")
    #pragma comment(linker, "/EXPORT:VerLanguageNameA=KERNEL32.VerLanguageNameA,@14")
    #pragma comment(linker, "/EXPORT:VerLanguageNameW=KERNEL32.VerLanguageNameW,@15")
    #pragma comment(linker, "/EXPORT:VerQueryValueA=AheadLib_VerQueryValueA,@16")
    #pragma comment(linker, "/EXPORT:VerQueryValueW=AheadLib_VerQueryValueW,@17")


    extern "C" {
    PVOID pfnAheadLib_GetFileVersionInfoA;
    PVOID pfnAheadLib_GetFileVersionInfoByHandle;
    PVOID pfnAheadLib_GetFileVersionInfoExA;
    PVOID pfnAheadLib_GetFileVersionInfoExW;
    PVOID pfnAheadLib_GetFileVersionInfoSizeA;
    PVOID pfnAheadLib_GetFileVersionInfoSizeExA;
    PVOID pfnAheadLib_GetFileVersionInfoSizeExW;
    PVOID pfnAheadLib_GetFileVersionInfoSizeW;
    PVOID pfnAheadLib_GetFileVersionInfoW;
    PVOID pfnAheadLib_VerFindFileA;
    PVOID pfnAheadLib_VerFindFileW;
    PVOID pfnAheadLib_VerInstallFileA;
    PVOID pfnAheadLib_VerInstallFileW;
    PVOID pfnAheadLib_VerQueryValueA;
    PVOID pfnAheadLib_VerQueryValueW;
    void AheadLib_GetFileVersionInfoA(void);
    void AheadLib_GetFileVersionInfoByHandle(void);
    void AheadLib_GetFileVersionInfoExA(void);
    void AheadLib_GetFileVersionInfoExW(void);
    void AheadLib_GetFileVersionInfoSizeA(void);
    void AheadLib_GetFileVersionInfoSizeExA(void);
    void AheadLib_GetFileVersionInfoSizeExW(void);
    void AheadLib_GetFileVersionInfoSizeW(void);
    void AheadLib_GetFileVersionInfoW(void);
    void AheadLib_VerFindFileA(void);
    void AheadLib_VerFindFileW(void);
    void AheadLib_VerInstallFileA(void);
    void AheadLib_VerInstallFileW(void);
    void AheadLib_VerQueryValueA(void);
    void AheadLib_VerQueryValueW(void);
    };

    static HMODULE        g_OldModule = NULL;

    // 加载原始模块
    __inline BOOL WINAPI Load()
    {
            TCHAR tzPath[MAX_PATH];
            TCHAR tzTemp[MAX_PATH * 2];
            lstrcat(tzPath,".\\version_ORG.dll"); // 先判断是否存在"dll名称+_ORG.dll"
            if (-1 == GetFileAttributes(tzPath))
            {
            GetSystemDirectory(tzPath, MAX_PATH); // 这里是否从系统目录加载或者当前目录,自行修改
            lstrcat(tzPath, TEXT("\\version.dll"));
            }
            g_OldModule = LoadLibrary(tzPath);
            if (g_OldModule == NULL)
            {
                    wsprintf(tzTemp, TEXT("无法找到模块 %s,程序无法正常运行"), tzPath);
                    MessageBox(NULL, tzTemp, TEXT("AheadLib"), MB_ICONSTOP);
            }

            return (g_OldModule != NULL);       
    }

    // 释放原始模块
    __inline VOID WINAPI Free()
    {
            if (g_OldModule)
            {
                    FreeLibrary(g_OldModule);
            }
    }
    // 获取原始函数地址
    FARPROC WINAPI GetAddress(PCSTR pszProcName)
    {
            FARPROC fpAddress;
            CHAR szProcName[128];
            TCHAR tzTemp[MAX_PATH];

            fpAddress = GetProcAddress(g_OldModule, pszProcName);
            if (fpAddress == NULL)
            {
                    if (HIWORD(pszProcName) == 0)
                    {
                            wsprintfA(szProcName, "%d", pszProcName);
                            pszProcName = szProcName;
                    }

                    wsprintf(tzTemp, TEXT("无法找到函数 %S,程序无法正常运行"), pszProcName);
                    MessageBox(NULL, tzTemp, TEXT("AheadLib"), MB_ICONSTOP);
                    ExitProcess(-2);
            }
            return fpAddress;
    }

    // 初始化获取原函数地址
    BOOL WINAPI Init()
    {
            if(NULL == (pfnAheadLib_GetFileVersionInfoA = GetAddress("GetFileVersionInfoA")))
                    return FALSE;
            if(NULL == (pfnAheadLib_GetFileVersionInfoByHandle = GetAddress("GetFileVersionInfoByHandle")))
                    return FALSE;
            if(NULL == (pfnAheadLib_GetFileVersionInfoExA = GetAddress("GetFileVersionInfoExA")))
                    return FALSE;
            if(NULL == (pfnAheadLib_GetFileVersionInfoExW = GetAddress("GetFileVersionInfoExW")))
                    return FALSE;
            if(NULL == (pfnAheadLib_GetFileVersionInfoSizeA = GetAddress("GetFileVersionInfoSizeA")))
                    return FALSE;
            if(NULL == (pfnAheadLib_GetFileVersionInfoSizeExA = GetAddress("GetFileVersionInfoSizeExA")))
                    return FALSE;
            if(NULL == (pfnAheadLib_GetFileVersionInfoSizeExW = GetAddress("GetFileVersionInfoSizeExW")))
                    return FALSE;
            if(NULL == (pfnAheadLib_GetFileVersionInfoSizeW = GetAddress("GetFileVersionInfoSizeW")))
                    return FALSE;
            if(NULL == (pfnAheadLib_GetFileVersionInfoW = GetAddress("GetFileVersionInfoW")))
                    return FALSE;
            if(NULL == (pfnAheadLib_VerFindFileA = GetAddress("VerFindFileA")))
                    return FALSE;
            if(NULL == (pfnAheadLib_VerFindFileW = GetAddress("VerFindFileW")))
                    return FALSE;
            if(NULL == (pfnAheadLib_VerInstallFileA = GetAddress("VerInstallFileA")))
                    return FALSE;
            if(NULL == (pfnAheadLib_VerInstallFileW = GetAddress("VerInstallFileW")))
                    return FALSE;
            if(NULL == (pfnAheadLib_VerQueryValueA = GetAddress("VerQueryValueA")))
                    return FALSE;
            if(NULL == (pfnAheadLib_VerQueryValueW = GetAddress("VerQueryValueW")))
                    return FALSE;
            return TRUE;
    }

    DWORD WINAPI ThreadProc(LPVOID lpThreadParameter)
    {
            PVOID                        addr1 = reinterpret_cast<PVOID>(0x00401000);
            unsigned char        data1[] = { 0x90, 0x90, 0x90, 0x90 };

            HANDLE                        hProcess;

            //
            //绕过VMP3.x 以上版本的 内存属性保护
            //
            hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, false, GetCurrentProcessId());
            if (hProcess != NULL)
            {
                    WriteProcessMemory(hProcess, addr1, data1, sizeof(data1), NULL);
                    CloseHandle(hProcess);
            }
            return TRUE;
    }

    BOOL WINAPI myfun(HMODULE hModule, DWORD dwReason, PVOID pvReserved)
    {
            if (dwReason == DLL_PROCESS_ATTACH)
            {
                    DisableThreadLibraryCalls(hModule);

                    if(Load() && Init())
                    {
                            TCHAR szAppName[MAX_PATH]  = TEXT("MyApp.exe");        //请改为相应的Dll宿主文件名
                            TCHAR szFullPath[MAX_PATH] = {0};
                            int nLength = 0;
                            nLength = GetModuleFileName(NULL, szFullPath, MAX_PATH);
                            PathStripPath(szFullPath);
                            if (StrCmpI(szAppName, szFullPath) == 0) //这里是否判断宿主进程名?
                            {
                                    ::CreateThread(NULL, NULL, ThreadProc, NULL, NULL, NULL); //打补丁线程
                            }
                    }
                    else
                    {
                            return FALSE;
                    }
            }
            else if (dwReason == DLL_PROCESS_DETACH)
            {
                    Free();
            }

            return TRUE;
    }
  • TA的每日心情
    奋斗
    3 天前
  • 签到天数: 821 天

    [LV.10]以坛为家III

     楼主| 发表于 2020-1-14 22:22:55 | 显示全部楼层
    asm 部分
    ;Created by AheadLib x86/x64 v1.2
    ;把.asm文件添加到工程-右键-属性-常规-项类型-自定义生成工具,然后复制下面命令填入
    ;ml64 /Fo $(IntDir)%(fileName).obj /c %(fileName).asm
    ;$(IntDir)%(fileName).obj;%(Outputs)


    .DATA
    EXTERN pfnAheadLib_GetFileVersionInfoA:dq;
    EXTERN pfnAheadLib_GetFileVersionInfoByHandle:dq;
    EXTERN pfnAheadLib_GetFileVersionInfoExA:dq;
    EXTERN pfnAheadLib_GetFileVersionInfoExW:dq;
    EXTERN pfnAheadLib_GetFileVersionInfoSizeA:dq;
    EXTERN pfnAheadLib_GetFileVersionInfoSizeExA:dq;
    EXTERN pfnAheadLib_GetFileVersionInfoSizeExW:dq;
    EXTERN pfnAheadLib_GetFileVersionInfoSizeW:dq;
    EXTERN pfnAheadLib_GetFileVersionInfoW:dq;
    EXTERN pfnAheadLib_VerFindFileA:dq;
    EXTERN pfnAheadLib_VerFindFileW:dq;
    EXTERN pfnAheadLib_VerInstallFileA:dq;
    EXTERN pfnAheadLib_VerInstallFileW:dq;
    EXTERN pfnAheadLib_VerQueryValueA:dq;
    EXTERN pfnAheadLib_VerQueryValueW:dq;

    .CODE
    AheadLib_GetFileVersionInfoA PROC
    jmp pfnAheadLib_GetFileVersionInfoA
    AheadLib_GetFileVersionInfoA ENDP

    AheadLib_GetFileVersionInfoByHandle PROC
    jmp pfnAheadLib_GetFileVersionInfoByHandle
    AheadLib_GetFileVersionInfoByHandle ENDP

    AheadLib_GetFileVersionInfoExA PROC
    jmp pfnAheadLib_GetFileVersionInfoExA
    AheadLib_GetFileVersionInfoExA ENDP

    AheadLib_GetFileVersionInfoExW PROC
    jmp pfnAheadLib_GetFileVersionInfoExW
    AheadLib_GetFileVersionInfoExW ENDP

    AheadLib_GetFileVersionInfoSizeA PROC
    jmp pfnAheadLib_GetFileVersionInfoSizeA
    AheadLib_GetFileVersionInfoSizeA ENDP

    AheadLib_GetFileVersionInfoSizeExA PROC
    jmp pfnAheadLib_GetFileVersionInfoSizeExA
    AheadLib_GetFileVersionInfoSizeExA ENDP

    AheadLib_GetFileVersionInfoSizeExW PROC
    jmp pfnAheadLib_GetFileVersionInfoSizeExW
    AheadLib_GetFileVersionInfoSizeExW ENDP

    AheadLib_GetFileVersionInfoSizeW PROC
    jmp pfnAheadLib_GetFileVersionInfoSizeW
    AheadLib_GetFileVersionInfoSizeW ENDP

    AheadLib_GetFileVersionInfoW PROC
    jmp pfnAheadLib_GetFileVersionInfoW
    AheadLib_GetFileVersionInfoW ENDP

    AheadLib_VerFindFileA PROC
    jmp pfnAheadLib_VerFindFileA
    AheadLib_VerFindFileA ENDP

    AheadLib_VerFindFileW PROC
    jmp pfnAheadLib_VerFindFileW
    AheadLib_VerFindFileW ENDP

    AheadLib_VerInstallFileA PROC
    jmp pfnAheadLib_VerInstallFileA
    AheadLib_VerInstallFileA ENDP

    AheadLib_VerInstallFileW PROC
    jmp pfnAheadLib_VerInstallFileW
    AheadLib_VerInstallFileW ENDP

    AheadLib_VerQueryValueA PROC
    jmp pfnAheadLib_VerQueryValueA
    AheadLib_VerQueryValueA ENDP

    AheadLib_VerQueryValueW PROC
    jmp pfnAheadLib_VerQueryValueW
    AheadLib_VerQueryValueW ENDP


    END
    回复 支持 反对

    使用道具 举报

    您需要登录后才可以回帖 登录 | 快速注册

    本版积分规则

    关闭

    站长推荐上一条 /1 下一条

    小黑屋|手机版|Archiver|飘云阁安全论坛 ( 粤ICP备15107817号-2 )|扫码赞助

    Powered by Discuz! X3.3© 2001-2017 Comsenz Inc.

      
    快速回复 返回顶部 返回列表