问题描述

我尝试用nativeApi编写dll注入器。我的第一个问题是这个好办法吗？
第二个是：NtReadFile不会失败，也不会读。我认为它的缓冲区错误，但我不知道？如何解决此问题？

I try to write dll injector with nativeApi. My first question is this good way to do it?And second is: NtReadFile doesn't fail, but also doesn't read. I think it's buffer wrong but i'm not sure? How can i fix this issue?

现在看起来像这样：

bool initiationDll(const std::string& dllPath){
if (!isDllExist(dllPath))
{
    printf("Dll doesn't exist!\n");
    return false;
}
else
{
printf("LibraryPath :%s\n", dllPath.c_str());

NTSTATUS status; 
HANDLE lFile;

OBJECT_ATTRIBUTES objAttribs = { 0 }; 
UNICODE_STRING unicodeString;
std::string dllPathWithprefix = "\\??\\" + dllPath;
std::wstring wString = std::wstring(dllPathWithprefix.begin(), dllPathWithprefix.end()); PCWSTR toPcwstr = wString.c_str();
RtlInitUnicodeString(&unicodeString, toPcwstr);
InitializeObjectAttributes(&objAttribs, &unicodeString, OBJ_CASE_INSENSITIVE, NULL, NULL);
objAttribs.Attributes = 0;

const int allocSize = 2048;
LARGE_INTEGER largeInteger;
largeInteger.QuadPart = allocSize;

IO_STATUS_BLOCK ioStatusBlock;

status = NtCreateFile(
    &lFile,
    GENERIC_ALL,
    &objAttribs,
    &ioStatusBlock,
    &largeInteger,
    FILE_ATTRIBUTE_NORMAL, 
    FILE_SHARE_READ, 
    FILE_OPEN,
    FILE_NON_DIRECTORY_FILE, 
    NULL, 
    NULL
);

if (!NT_SUCCESS(status)) {
    printf("CreateFile failed..\n");
    return false;
}
else {
    printf("Library Handle : %p\n", lFile);

    DWORD fileSize = getDllSize(dllPath);

    if (fileSize == 0)
    {
        printf("File size 0.\n");
        return false;
    }
    else
    {
        printf("File size : %d byte.\n", fileSize);

        PVOID FileReadBuffer; 
        FileReadBuffer = new CHAR[fileSize];

        status = NtReadFile(
            lFile,
            NULL,
            NULL, 
            NULL, 
            &ioStatusBlock,
            FileReadBuffer,
            sizeof(FileReadBuffer),
            0, // ByteOffset
            NULL);

        if (!NT_SUCCESS(status))
        {
            printf("Unable to read the dll...  : %d\n", GetLastError());
            return false;
        }
    }
}}

对于NtCreateFile： p>

For NtCreateFile :

status -> 0
ioStatusBlock : Status      -> 0
                Pointer     -> 0x00000000
                Information -> 1

我尝试NtOpenFile和相同的结果。

I try NtOpenFile and same result.

对于NtReadFile：

For NtReadFile :

status -> -1073741811
ioStatusBlock : Status      -> 0
                Pointer     -> 0x00000000
                Information -> 1

推荐答案

if（lFile == INVALID_HANDLE_VALUE） -
您需要检查状态返回但不是 lFile 和NT从不设置文件句柄到 INVALID_HANDLE_VALUE - 所以条件总是FALSE。 OPEN_EXISTING （3） - 错误的常数到 - 需要使用 FILE_OPEN ），或使用。你打开文件作为异步（ FILE_SYNCHRONOUS_IO_NONALERT 或 FILE_SYNCHRONOUS_IO_NALERT ） - 所以你得到更快的 STATUS_PENDING （0x103），因为。所以如果如果（！NT_SUCCESS（status））阻止 STATUS_PENDING ，但数据尚未准备好 FileReadBuffer 。

if (lFile == INVALID_HANDLE_VALUE) - you need check status returned but not lFile and NT never set file handle to INVALID_HANDLE_VALUE - so condition always will be FALSE. OPEN_EXISTING (3) - wrong constant to NtCreateFile - need use FILE_OPEN(1) for example or use NtOpenFile. you open file as asynchronous (no FILE_SYNCHRONOUS_IO_NONALERT or FILE_SYNCHRONOUS_IO_NALERT ) - so faster of all you got STATUS_PENDING (0x103) as result of NtReadFile. so you not enter to if (!NT_SUCCESS(status)) block for STATUS_PENDING but data yet not ready in FileReadBuffer.

并且下次发布所有状态和ioStatusBlock值

and next time post all status and ioStatusBlock values

这篇关于NtReadFile不读的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！