来个大佬帮忙看看CRT初始化哪里出了问题
CRT(C++运行库)初始化遇到了问题,我手动将我的dll动态数据库映射到另外一个dll的内存中,我将一个IAT hook到“CloseHandle”函数,所以游戏会调用我的mainCRTStartup(C++初始化函数,这是程序的入口点,然后会调用我的main()函数),如果禁用CRT,入口点会直接跳到main()函数,编译后,注入时良好,但是一旦到crt初始化目标进程将在此处(见下图)崩溃,我解析了dll导入,hook没问题,但是crt初始化,直接崩溃,偶尔甚至无法执行我需要hook的代码:(全部在内核中运行)
```c
constexpr wchar_t s_RustClientModule[] = L"uplay_r164.dll";
UNICODE_STRING u_RustClientModule = { 0 };
funcs::RtlInitUnicodeString( &u_RustClientModule, s_RustClientModule );
const auto rust_client_exe = game.get_module( &u_RustClientModule, nullptr );
if ( !rust_client_exe )
{
game.detach( );
return STATUS_UNSUCCESSFUL;
}
funcs::DbgPrint( "rust_client_exe: %p\n", rust_client_exe );
utils::sleep( 2000 );
auto import_address = utils::get_imported_function( rust_client_exe, "CloseHandle" );
if ( !import_address )
{
game.detach( );
return STATUS_UNSUCCESSFUL;
}
funcs::DbgPrint( "import_address: %p\n", import_address );
utils::sleep( 2000 );
auto import_ptr_protect = reinterpret_cast< PVOID >( import_address );
auto import_ptr = reinterpret_cast< uintptr_t* >( import_address );
const auto original_import_ptr = *import_ptr;
funcs::DbgPrint( "import_ptr: %p\n", import_ptr );
funcs::DbgPrint( "import_ptr deref: %p\n", *import_ptr );
funcs::DbgPrint( "import_ptr address of: %p\n", &import_ptr );
utils::sleep( 2000 );
SIZE_T size = sizeof( uintptr_t );
ULONG old_access;
ULONG old_access2;
if ( !NT_SUCCESS( funcs::ZwProtectVirtualMemory( NtCurrentProcess( ), &import_ptr_protect, &size, PAGE_READWRITE, &old_access ) ) )
{
funcs::DbgPrint( "failed protect 1" );
utils::sleep( 2000 );
game.detach( );
return STATUS_UNSUCCESSFUL;
}
RtlCopyMemory( import_ptr, &entry_point, sizeof( entry_point ) );
utils::sleep( 50 );
if ( !NT_SUCCESS( funcs::ZwProtectVirtualMemory( NtCurrentProcess( ), &import_ptr_protect, &size, old_access, &old_access2 ) ) )
{
funcs::DbgPrint( "failed protect 2" );
utils::sleep( 2000 );
game.detach( );
return STATUS_UNSUCCESSFUL;
}
funcs::DbgPrint( "finished hook" );
utils::sleep( 2000 );```
到底哪里出了问题?
