Skip to content

Commit

Permalink
修复了
Browse files Browse the repository at this point in the history 
- 无法注入问题
- 栈溢出漏洞
  • Loading branch information
@issuimo
issuimo committed Feb 4, 2024
1 parent 5558bcb commit 5228391
Show file tree
Hide file tree
Showing 7 changed files with 710 additions and 646 deletions.
14 changes: 14 additions & 0 deletions Inject & launcher/Form1.Designer.cs
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

96 changes: 11 additions & 85 deletions Inject & launcher/Form1.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,30 +13,8 @@ public partial class Form1 : Form {
}
}

[DllImport("kernel32.dll")] //声明API函数
public static extern IntPtr VirtualAllocEx(IntPtr hwnd, IntPtr lpaddress, int size, int type, int tect);

[DllImport("kernel32.dll")]
public static extern int WriteProcessMemory(IntPtr hwnd, IntPtr baseaddress, string buffer, int nsize, int filewriten);

[DllImport("kernel32.dll")]
public static extern IntPtr GetProcAddress(IntPtr hwnd, string lpname);

[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandleA(string name);

[DllImport("kernel32.dll")]
public static extern IntPtr CreateRemoteThread(IntPtr hwnd, IntPtr attrib, int size, IntPtr address, IntPtr par, int flags, IntPtr threadid);


[DllImport("KERNEL32.DLL ")]
public static extern int CloseHandle(IntPtr handle);

[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);

[DllImport("kernel32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern long GetLastError();
[DllImport("Phasmophobia.dll")] //声明API函数
public static extern void Inject();

/// <summary>
///
Expand Down Expand Up @@ -87,7 +65,7 @@ public partial class Form1 : Form {
p.StandardInput.AutoFlush = true;
p.WaitForExit(); //等待程序执行完退出进程
p.Close();
this.button1.Enabled = true;
}).Start();
} catch (ThreadStateException ex) {
Expand Down Expand Up @@ -154,68 +132,16 @@ public partial class Form1 : Form {
}

private void button3_Click(object sender, EventArgs e) {
new Thread(
() => {
this.button3.Enabled = false;
findProcess:
var process = Process.GetProcessesByName("Phasmophobia");
if (process == null || process.Length == 0) {
Thread.Sleep(5000);
goto findProcess;
}
Int32 SYNCHRONIZE = 0x00100000;
Int32 STANDARD_RIGHTS_REQUIRED = 0x000F0000;
Int32 PROCESS_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF);
string dllname = System.AppDomain.CurrentDomain.BaseDirectory + "Phasmophobia.dll";
this.listBox1.Items.Add(Log.FormatLog("游戏ID: " + process[0].Id));
nint handle = OpenProcess(PROCESS_ALL_ACCESS, false, process[0].Id);
this.listBox1.Items.Add(Log.FormatLog("游戏句柄: " + handle));
this.listBox1.Items.Add(Log.FormatLog("正在注入..."));
IntPtr allocBaseAddress = VirtualAllocEx(handle, 0, dllname.Length, 4096, 4);
if (allocBaseAddress == 0) {
MessageBox.Show("内存分配失败", "错误");
this.listBox1.Items.Add(Log.FormatLog("内存分配失败!"));
this.button3.Enabled = true;
return;
}
this.listBox1.Items.Add(Log.FormatLog("已分配内存地址: " + allocBaseAddress));
if (WriteProcessMemory(handle, allocBaseAddress, dllname, dllname.Length, 0) == 0) {
MessageBox.Show("DLL写入失败 error:" + GetLastError(), "错误", 0);
this.listBox1.Items.Add(Log.FormatLog("DLL写入失败!"));
this.button3.Enabled = true;
return;
}
IntPtr loadaddr = GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
if (loadaddr == 0) {
MessageBox.Show("取得LoadLibraryA的地址失败");
this.listBox1.Items.Add(Log.FormatLog("取得LoadLibraryA的地址失败!"));
this.button3.Enabled = true;
return;
}
this.listBox1.Items.Add(Log.FormatLog("LoadLibraryA内存地址: " + loadaddr));
IntPtr ThreadHwnd = CreateRemoteThread(handle, 0, 0, loadaddr, allocBaseAddress, 0, 0);
if (ThreadHwnd == IntPtr.Zero) {
MessageBox.Show("创建远程线程失败");
this.listBox1.Items.Add(Log.FormatLog("创建远程线程失败!"));
this.button3.Enabled = true;
return;
}
new Thread(
() => {
this.button3.Enabled = false;
Form1.Inject();
this.button3.Enabled = true;
}).Start();
}

this.listBox1.Items.Add(Log.FormatLog("远程线程句柄: " + ThreadHwnd));
private void label2_Click(object sender, EventArgs e) {

this.listBox1.Items.Add(Log.FormatLog("注入成功!"));
this.button3.Enabled = true;
}).Start();
}
}
}
2 changes: 1 addition & 1 deletion Inject & launcher/Inject & launcher.csproj.user
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<_LastSelectedProfileId>D:\代码\Phasmophobia\Inject &amp; launcher\Properties\PublishProfiles\FolderProfile.pubxml</_LastSelectedProfileId>
<_LastSelectedProfileId>E:\APP\PhasmophobiaCheat\Inject &amp; launcher\Properties\PublishProfiles\FolderProfile.pubxml</_LastSelectedProfileId>
</PropertyGroup>
<ItemGroup>
<Compile Update="Form1.cs">
Expand Down
2 changes: 1 addition & 1 deletion Inject & launcher/Properties/PublishProfiles/FolderProfile.pubxml.user
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ https://go.microsoft.com/fwlink/?LinkID=208121.
-->
<Project>
<PropertyGroup>
<History>True|2023-08-22T03:36:16.4713851Z;True|2023-08-22T11:34:34.7411867+08:00;True|2023-08-22T11:01:24.4057170+08:00;True|2023-08-22T10:48:04.0176246+08:00;True|2023-08-20T22:24:16.8807147+08:00;True|2023-08-20T22:17:07.7122993+08:00;True|2023-08-20T21:37:08.2505839+08:00;True|2023-08-20T21:30:39.9997950+08:00;True|2023-08-20T20:56:32.9642789+08:00;True|2023-08-20T20:54:22.2111866+08:00;True|2023-08-20T20:25:42.7514045+08:00;True|2023-08-20T20:22:31.1387630+08:00;True|2023-08-20T20:20:37.8825783+08:00;True|2023-08-20T20:18:02.5090329+08:00;True|2023-08-20T20:16:31.2357270+08:00;True|2023-08-20T17:56:11.7437646+08:00;False|2023-08-20T17:55:32.8103986+08:00;False|2023-08-20T17:55:08.6606799+08:00;False|2023-08-20T17:48:14.0384117+08:00;False|2023-08-20T17:47:00.1949649+08:00;False|2023-08-20T17:43:41.3829674+08:00;False|2023-08-20T17:42:45.4533940+08:00;False|2023-08-20T17:30:26.8329100+08:00;False|2023-08-20T17:25:37.0721141+08:00;False|2023-08-20T17:23:10.4866537+08:00;False|2023-08-20T17:22:06.2446466+08:00;False|2023-08-20T17:21:51.9085101+08:00;False|2023-08-20T17:13:49.4061589+08:00;False|2023-08-20T17:03:40.7429387+08:00;False|2023-08-20T17:01:08.0146089+08:00;True|2023-08-20T17:00:19.4299224+08:00;False|2023-08-20T16:59:59.4328076+08:00;False|2023-08-20T16:56:48.1290848+08:00;False|2023-08-20T16:55:52.5232280+08:00;False|2023-08-20T16:55:35.9491754+08:00;True|2023-08-20T16:54:20.3238788+08:00;</History>
<History>True|2024-02-04T04:06:59.4471403Z;True|2023-08-22T11:36:16.4713851+08:00;True|2023-08-22T11:34:34.7411867+08:00;True|2023-08-22T11:01:24.4057170+08:00;True|2023-08-22T10:48:04.0176246+08:00;True|2023-08-20T22:24:16.8807147+08:00;True|2023-08-20T22:17:07.7122993+08:00;True|2023-08-20T21:37:08.2505839+08:00;True|2023-08-20T21:30:39.9997950+08:00;True|2023-08-20T20:56:32.9642789+08:00;True|2023-08-20T20:54:22.2111866+08:00;True|2023-08-20T20:25:42.7514045+08:00;True|2023-08-20T20:22:31.1387630+08:00;True|2023-08-20T20:20:37.8825783+08:00;True|2023-08-20T20:18:02.5090329+08:00;True|2023-08-20T20:16:31.2357270+08:00;True|2023-08-20T17:56:11.7437646+08:00;False|2023-08-20T17:55:32.8103986+08:00;False|2023-08-20T17:55:08.6606799+08:00;False|2023-08-20T17:48:14.0384117+08:00;False|2023-08-20T17:47:00.1949649+08:00;False|2023-08-20T17:43:41.3829674+08:00;False|2023-08-20T17:42:45.4533940+08:00;False|2023-08-20T17:30:26.8329100+08:00;False|2023-08-20T17:25:37.0721141+08:00;False|2023-08-20T17:23:10.4866537+08:00;False|2023-08-20T17:22:06.2446466+08:00;False|2023-08-20T17:21:51.9085101+08:00;False|2023-08-20T17:13:49.4061589+08:00;False|2023-08-20T17:03:40.7429387+08:00;False|2023-08-20T17:01:08.0146089+08:00;True|2023-08-20T17:00:19.4299224+08:00;False|2023-08-20T16:59:59.4328076+08:00;False|2023-08-20T16:56:48.1290848+08:00;False|2023-08-20T16:55:52.5232280+08:00;False|2023-08-20T16:55:35.9491754+08:00;True|2023-08-20T16:54:20.3238788+08:00;</History>
<LastFailureDetails />
</PropertyGroup>
</Project>
Loading

0 comments on commit 5228391

Please sign in to comment.