向 UWP 注入 dll 文件

2021-12-28 00:00:00 hook c++ uwp

我制作了一个简单的 UWP 应用和一个桌面应用.这段代码将ConsoleApplication1.dll文件注入桌面是正常的,但是我无法注入到UWP应用程序中.我有两个问题:为什么此代码无法注入 UWP 应用?以及如何修复它?

I make simple a UWP app and a desktop app. This code inject the ConsoleApplication1.dll file to the desktop is normal, but I cannot inject to UWP app. I have two question : Why this code cannot inject to UWP app? and How fix it?

这段代码注入了一个DLL文件

This code inject a DLL file

#include "pch.h"
#include <vector>
#include <string>
#include <windows.h>
#include <Tlhelp32.h>

using std::vector;
using std::string;

int main(void)
{
while (true)
{
    vector<string>processNames;
    PROCESSENTRY32 pe32;
    pe32.dwSize = sizeof(PROCESSENTRY32);
    HANDLE hTool32 = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
    BOOL bProcess = Process32First(hTool32, &pe32);
    if (bProcess == TRUE)
    {
        while ((Process32Next(hTool32, &pe32)) == TRUE)
        {
            processNames.push_back(pe32.szExeFile);
            if (strcmp(pe32.szExeFile, "ConsoleApplication4.exe") == 0 || strcmp(pe32.szExeFile, "UWP.exe") == 0)
            {
                printf("Hooked %s, %d 
", pe32.szExeFile, pe32.th32ProcessID);
                char* DirPath = new char[MAX_PATH];
                char* FullPath = new char[MAX_PATH];
                GetCurrentDirectory(MAX_PATH, DirPath);
                sprintf_s(FullPath, MAX_PATH, "%s\..\ConsoleApplication1\ConsoleApplication1.dll", DirPath);
                FILE *pFile;
                if (fopen_s(&pFile, FullPath, "r") || !pFile)
                {
                    OutputDebugString("[Hook] File name or file does not exist");
                    OutputDebugString(FullPath);
                    return -1;
                }
                fclose(pFile);

                HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
                LPVOID LoadLibraryAddr = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
                LPVOID LLParam = (LPVOID)VirtualAllocEx(hProcess, NULL, strlen(FullPath), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);

                bool result = WriteProcessMemory(hProcess, LLParam, FullPath, strlen(FullPath), NULL);
                CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibraryAddr, LLParam, NULL, NULL);

                CloseHandle(hProcess);
                delete[] DirPath;
                delete[] FullPath;

                OutputDebugString("[Hook] Hooked success");

                system("pause");

                return 0;
            }
        }
    }
    CloseHandle(hTool32);
}
return 0;
}

谢谢

推荐答案

DLL 注入 UWP 应用程序与注入 Win32 程序没有什么不同;相同的技术和通用 DLL 注入器将适用于 UWP 应用程序.但是,如果只是尝试将任何常规 DLL 注入 UWP 应用程序,则 DLL 可能不会加载.这样做的原因是因为 ALL APPLICATION PACKAGES 组必须已阅读 &被注入的 DLL 的执行权限.

DLL injecting UWP apps is no different than injecting Win32 programs; the same techniques and generic DLL injectors will work for UWP apps. However, if one simply tries to inject any regular DLL into a UWP app, the DLL likely won't load. The reason for this is because the ALL APPLICATION PACKAGES group must have read & execute permissions for the DLL being injected.

要手动设置这些权限:右键单击 DLL,进入属性,进入安全选项卡,点击编辑,点击添加,在弹出的对话框中输入ALL"并点击确定.在英文系统上,这会将所有应用程序包添加到默认启用读取/执行的权限列表中;对于非英语系统,该组将被命名为不同的名称.

To set these permissions manually: right click on the DLL, go into properties, go to the security tab, hit Edit, click Add, type "ALL" in the dialog that pops up and hit okay. On English systems, this will add ALL APPLICATION PACKAGES to the list of permissions with read/execute enabled by default; for non-English systems, the group will be named something different.

https://www.unknowncheats.me/forum/general-programming-and-reversing/177183-basic-intermediate-techniques-uwp-app-modding.html

谢谢

相关文章