从 DLL 创建线程 - ERROR_NOT_ENOUGH_MEMORY
我有这个dll,它在被LoadLibraryA加载时创建一个线程,使用RtlCreateUserThread将该dll注入到另一个进程中,注入成功,该dll被加载到目标进程中(kernel32 LoadLibraryA线程在那里),但是当涉及到CreateThread 我得到了 ERROR_NOT_ENOUGH_MEMORY,那么 RtlCreateUserThread 或目标进程或 DLL 本身的问题出在哪里?我该如何解决它?多谢!!
i've got this dll that creates a thread when loaded by LoadLibraryA, the dll is injected into another process using RtlCreateUserThread, the injection succeeds, the dll is loaded into the target process (kernel32 LoadLibraryA thread is there) but when it comes to the CreateThread i got ERROR_NOT_ENOUGH_MEMORY, so where is the problem RtlCreateUserThread or the target process or the DLL itself? and how may i solve it? thanks alot!!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
好吧,我确实解决了这个问题,我在dll中使用了RtlCreateUserThread而不是CreateThread,无论如何谢谢大家,对于给您带来的不便表示歉意。
Well, i did solve it, i used RtlCreateUserThread inside the dll instead of CreateThread, thank you all anyway, sorry for any incovenience.
问题出在你的目标上。您加载了 Kernel32,很好,但是您没有告诉目标进程该函数的地址在哪里。我假设您从主机进程注入了代码段,因此没有像 DLL 注入那样解析注入到目标进程的导入表。
您可以从注入的函数中调用
CreateThread,但是您需要首先加载它的地址!像这样^,您将能够从注入的函数中调用
CreateThread。PS我不记得createthread的参数,但这是当场写的。
不客气 :)
The problem is in your target. You loaded
Kernel32, great, but you didn't tell the target process where the address of the function is. I assume you injected a code segment from your host process, therefore did not resolve the import table for your injection to the target process, as you would with DLL injection.You can call
CreateThreadfrom the injected function, however you need to load it's address first!Like that ^, you will be able to call
CreateThreadfrom your injected function.P.S. I don't memorize the params createthread has, but this was written on the spot.
You're welcome :)