win10 x64 用 AHEAD生成源码编译的DLL为何不能正常运行，请各位表哥老师会诊

slzslz · 发表于 2020-1-14 22:22:03

version.dll 源码
//Created by AheadLib x86/x64 v1.2
#include <windows.h>
#include <Shlwapi.h>
#pragma comment( lib, "Shlwapi.lib")

#pragma comment(linker, "/EXPORT:GetFileVersionInfoA=AheadLib_GetFileVersionInfoA,@1")
#pragma comment(linker, "/EXPORT:GetFileVersionInfoByHandle=AheadLib_GetFileVersionInfoByHandle,@2")
#pragma comment(linker, "/EXPORT:GetFileVersionInfoExA=AheadLib_GetFileVersionInfoExA,@3")
#pragma comment(linker, "/EXPORT:GetFileVersionInfoExW=AheadLib_GetFileVersionInfoExW,@4")
#pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeA=AheadLib_GetFileVersionInfoSizeA,@5")
#pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeExA=AheadLib_GetFileVersionInfoSizeExA,@6")
#pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeExW=AheadLib_GetFileVersionInfoSizeExW,@7")
#pragma comment(linker, "/EXPORT:GetFileVersionInfoSizeW=AheadLib_GetFileVersionInfoSizeW,@8")
#pragma comment(linker, "/EXPORT:GetFileVersionInfoW=AheadLib_GetFileVersionInfoW,@9")
#pragma comment(linker, "/EXPORT:VerFindFileA=AheadLib_VerFindFileA,@10")
#pragma comment(linker, "/EXPORT:VerFindFileW=AheadLib_VerFindFileW,@11")
#pragma comment(linker, "/EXPORT:VerInstallFileA=AheadLib_VerInstallFileA,@12")
#pragma comment(linker, "/EXPORT:VerInstallFileW=AheadLib_VerInstallFileW,@13")
#pragma comment(linker, "/EXPORT:VerLanguageNameA=KERNEL32.VerLanguageNameA,@14")
#pragma comment(linker, "/EXPORT:VerLanguageNameW=KERNEL32.VerLanguageNameW,@15")
#pragma comment(linker, "/EXPORT:VerQueryValueA=AheadLib_VerQueryValueA,@16")
#pragma comment(linker, "/EXPORT:VerQueryValueW=AheadLib_VerQueryValueW,@17")

extern "C" {
PVOID pfnAheadLib_GetFileVersionInfoA;
PVOID pfnAheadLib_GetFileVersionInfoByHandle;
PVOID pfnAheadLib_GetFileVersionInfoExA;
PVOID pfnAheadLib_GetFileVersionInfoExW;
PVOID pfnAheadLib_GetFileVersionInfoSizeA;
PVOID pfnAheadLib_GetFileVersionInfoSizeExA;
PVOID pfnAheadLib_GetFileVersionInfoSizeExW;
PVOID pfnAheadLib_GetFileVersionInfoSizeW;
PVOID pfnAheadLib_GetFileVersionInfoW;
PVOID pfnAheadLib_VerFindFileA;
PVOID pfnAheadLib_VerFindFileW;
PVOID pfnAheadLib_VerInstallFileA;
PVOID pfnAheadLib_VerInstallFileW;
PVOID pfnAheadLib_VerQueryValueA;
PVOID pfnAheadLib_VerQueryValueW;
void AheadLib_GetFileVersionInfoA(void);
void AheadLib_GetFileVersionInfoByHandle(void);
void AheadLib_GetFileVersionInfoExA(void);
void AheadLib_GetFileVersionInfoExW(void);
void AheadLib_GetFileVersionInfoSizeA(void);
void AheadLib_GetFileVersionInfoSizeExA(void);
void AheadLib_GetFileVersionInfoSizeExW(void);
void AheadLib_GetFileVersionInfoSizeW(void);
void AheadLib_GetFileVersionInfoW(void);
void AheadLib_VerFindFileA(void);
void AheadLib_VerFindFileW(void);
void AheadLib_VerInstallFileA(void);
void AheadLib_VerInstallFileW(void);
void AheadLib_VerQueryValueA(void);
void AheadLib_VerQueryValueW(void);
};

static HMODULE g_OldModule = NULL;

// 加载原始模块
__inline BOOL WINAPI Load()
{
TCHAR tzPath[MAX_PATH];
TCHAR tzTemp[MAX_PATH * 2];
lstrcat(tzPath,".\\version_ORG.dll"); // 先判断是否存在"dll名称+_ORG.dll"
if (-1 == GetFileAttributes(tzPath))
{
GetSystemDirectory(tzPath, MAX_PATH); // 这里是否从系统目录加载或者当前目录，自行修改
lstrcat(tzPath, TEXT("\\version.dll"));
}
g_OldModule = LoadLibrary(tzPath);
if (g_OldModule == NULL)
{
wsprintf(tzTemp, TEXT("无法找到模块 %s,程序无法正常运行"), tzPath);
MessageBox(NULL, tzTemp, TEXT("AheadLib"), MB_ICONSTOP);
}

return (g_OldModule != NULL);
}

// 释放原始模块
__inline VOID WINAPI Free()
{
if (g_OldModule)
{
FreeLibrary(g_OldModule);
}
}
// 获取原始函数地址
FARPROC WINAPI GetAddress(PCSTR pszProcName)
{
FARPROC fpAddress;
CHAR szProcName[128];
TCHAR tzTemp[MAX_PATH];

fpAddress = GetProcAddress(g_OldModule, pszProcName);
if (fpAddress == NULL)
{
if (HIWORD(pszProcName) == 0)
{
wsprintfA(szProcName, "%d", pszProcName);
pszProcName = szProcName;
}

wsprintf(tzTemp, TEXT("无法找到函数 %S,程序无法正常运行"), pszProcName);
MessageBox(NULL, tzTemp, TEXT("AheadLib"), MB_ICONSTOP);
ExitProcess(-2);
}
return fpAddress;
}

// 初始化获取原函数地址
BOOL WINAPI Init()
{
if(NULL == (pfnAheadLib_GetFileVersionInfoA = GetAddress("GetFileVersionInfoA")))
return FALSE;
if(NULL == (pfnAheadLib_GetFileVersionInfoByHandle = GetAddress("GetFileVersionInfoByHandle")))
return FALSE;
if(NULL == (pfnAheadLib_GetFileVersionInfoExA = GetAddress("GetFileVersionInfoExA")))
return FALSE;
if(NULL == (pfnAheadLib_GetFileVersionInfoExW = GetAddress("GetFileVersionInfoExW")))
return FALSE;
if(NULL == (pfnAheadLib_GetFileVersionInfoSizeA = GetAddress("GetFileVersionInfoSizeA")))
return FALSE;
if(NULL == (pfnAheadLib_GetFileVersionInfoSizeExA = GetAddress("GetFileVersionInfoSizeExA")))
return FALSE;
if(NULL == (pfnAheadLib_GetFileVersionInfoSizeExW = GetAddress("GetFileVersionInfoSizeExW")))
return FALSE;
if(NULL == (pfnAheadLib_GetFileVersionInfoSizeW = GetAddress("GetFileVersionInfoSizeW")))
return FALSE;
if(NULL == (pfnAheadLib_GetFileVersionInfoW = GetAddress("GetFileVersionInfoW")))
return FALSE;
if(NULL == (pfnAheadLib_VerFindFileA = GetAddress("VerFindFileA")))
return FALSE;
if(NULL == (pfnAheadLib_VerFindFileW = GetAddress("VerFindFileW")))
return FALSE;
if(NULL == (pfnAheadLib_VerInstallFileA = GetAddress("VerInstallFileA")))
return FALSE;
if(NULL == (pfnAheadLib_VerInstallFileW = GetAddress("VerInstallFileW")))
return FALSE;
if(NULL == (pfnAheadLib_VerQueryValueA = GetAddress("VerQueryValueA")))
return FALSE;
if(NULL == (pfnAheadLib_VerQueryValueW = GetAddress("VerQueryValueW")))
return FALSE;
return TRUE;
}

DWORD WINAPI ThreadProc(LPVOID lpThreadParameter)
{
PVOID addr1 = reinterpret_cast<PVOID>(0x00401000);
unsigned char data1[] = { 0x90, 0x90, 0x90, 0x90 };

HANDLE hProcess;

//
//绕过VMP3.x 以上版本的内存属性保护
//
hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, false, GetCurrentProcessId());
if (hProcess != NULL)
{
WriteProcessMemory(hProcess, addr1, data1, sizeof(data1), NULL);
CloseHandle(hProcess);
}
return TRUE;
}

BOOL WINAPI myfun(HMODULE hModule, DWORD dwReason, PVOID pvReserved)
{
if (dwReason == DLL_PROCESS_ATTACH)
{
DisableThreadLibraryCalls(hModule);

if(Load() && Init())
{
TCHAR szAppName[MAX_PATH] = TEXT("MyApp.exe"); //请改为相应的Dll宿主文件名
TCHAR szFullPath[MAX_PATH] = {0};
int nLength = 0;
nLength = GetModuleFileName(NULL, szFullPath, MAX_PATH);
PathStripPath(szFullPath);
if (StrCmpI(szAppName, szFullPath) == 0) //这里是否判断宿主进程名?
{
::CreateThread(NULL, NULL, ThreadProc, NULL, NULL, NULL); //打补丁线程
}
}
else
{
return FALSE;
}
}
else if (dwReason == DLL_PROCESS_DETACH)
{
Free();
}

return TRUE;
}

slzslz · 发表于 2020-1-14 22:22:55

asm 部分
;Created by AheadLib x86/x64 v1.2
;把.asm文件添加到工程-右键-属性-常规-项类型-自定义生成工具，然后复制下面命令填入
;ml64 /Fo $(IntDir)%(fileName).obj /c %(fileName).asm
;$(IntDir)%(fileName).obj;%(Outputs)

.DATA
EXTERN pfnAheadLib_GetFileVersionInfoA:dq;
EXTERN pfnAheadLib_GetFileVersionInfoByHandle:dq;
EXTERN pfnAheadLib_GetFileVersionInfoExA:dq;
EXTERN pfnAheadLib_GetFileVersionInfoExW:dq;
EXTERN pfnAheadLib_GetFileVersionInfoSizeA:dq;
EXTERN pfnAheadLib_GetFileVersionInfoSizeExA:dq;
EXTERN pfnAheadLib_GetFileVersionInfoSizeExW:dq;
EXTERN pfnAheadLib_GetFileVersionInfoSizeW:dq;
EXTERN pfnAheadLib_GetFileVersionInfoW:dq;
EXTERN pfnAheadLib_VerFindFileA:dq;
EXTERN pfnAheadLib_VerFindFileW:dq;
EXTERN pfnAheadLib_VerInstallFileA:dq;
EXTERN pfnAheadLib_VerInstallFileW:dq;
EXTERN pfnAheadLib_VerQueryValueA:dq;
EXTERN pfnAheadLib_VerQueryValueW:dq;

.CODE
AheadLib_GetFileVersionInfoA PROC
jmp pfnAheadLib_GetFileVersionInfoA
AheadLib_GetFileVersionInfoA ENDP

AheadLib_GetFileVersionInfoByHandle PROC
jmp pfnAheadLib_GetFileVersionInfoByHandle
AheadLib_GetFileVersionInfoByHandle ENDP

AheadLib_GetFileVersionInfoExA PROC
jmp pfnAheadLib_GetFileVersionInfoExA
AheadLib_GetFileVersionInfoExA ENDP

AheadLib_GetFileVersionInfoExW PROC
jmp pfnAheadLib_GetFileVersionInfoExW
AheadLib_GetFileVersionInfoExW ENDP

AheadLib_GetFileVersionInfoSizeA PROC
jmp pfnAheadLib_GetFileVersionInfoSizeA
AheadLib_GetFileVersionInfoSizeA ENDP

AheadLib_GetFileVersionInfoSizeExA PROC
jmp pfnAheadLib_GetFileVersionInfoSizeExA
AheadLib_GetFileVersionInfoSizeExA ENDP

AheadLib_GetFileVersionInfoSizeExW PROC
jmp pfnAheadLib_GetFileVersionInfoSizeExW
AheadLib_GetFileVersionInfoSizeExW ENDP

AheadLib_GetFileVersionInfoSizeW PROC
jmp pfnAheadLib_GetFileVersionInfoSizeW
AheadLib_GetFileVersionInfoSizeW ENDP

AheadLib_GetFileVersionInfoW PROC
jmp pfnAheadLib_GetFileVersionInfoW
AheadLib_GetFileVersionInfoW ENDP

AheadLib_VerFindFileA PROC
jmp pfnAheadLib_VerFindFileA
AheadLib_VerFindFileA ENDP

AheadLib_VerFindFileW PROC
jmp pfnAheadLib_VerFindFileW
AheadLib_VerFindFileW ENDP

AheadLib_VerInstallFileA PROC
jmp pfnAheadLib_VerInstallFileA
AheadLib_VerInstallFileA ENDP

AheadLib_VerInstallFileW PROC
jmp pfnAheadLib_VerInstallFileW
AheadLib_VerInstallFileW ENDP

AheadLib_VerQueryValueA PROC
jmp pfnAheadLib_VerQueryValueA
AheadLib_VerQueryValueA ENDP

AheadLib_VerQueryValueW PROC
jmp pfnAheadLib_VerQueryValueW
AheadLib_VerQueryValueW ENDP

END

		自动登录	找回密码
密码			加入我们

[求助] win10 x64 用 AHEAD生成 源码 编译的DLL为何不能正常运行，请各位表哥老师会诊

[求助] win10 x64 用 AHEAD生成源码编译的DLL为何不能正常运行，请各位表哥老师会诊