Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

出现错误 : STATUS INTERNAL ERROR: Unable to find internal entry point (Code: 76611532) #43

Open
bigsinger opened this issue Oct 31, 2024 · 10 comments
Open

出现错误 : STATUS INTERNAL ERROR: Unable to find internal entry point (Code: 76611532) #43

bigsinger opened this issue Oct 31, 2024 · 10 comments

Comments

@bigsinger
Copy link

927fe34f73f57a7c2582afa0c5842b6
@x-nas
Copy link
Owner

x-nas commented Oct 31, 2024

这个进程不能注入,有防护机制吧?加个代理试一下

@bigsinger
Copy link
Author

@x-nas
没有防护机制,可以测试:

  1. 从这里下载安装:https://www.ra2ol.com/
  2. 运行后创建房间或加入别人房间,进入测试游戏。
  3. 运行WPE64,选择进程:gamemd-spawn.exe

你可以测试看看。

@x-nas
Copy link
Owner

x-nas commented Nov 1, 2024

试了WPE64还有其它几个拦截封包的软件都没办法直接抓到包,用代理抓吧

@x-nas
Copy link
Owner

x-nas commented Nov 1, 2024

111

@bigsinger
Copy link
Author

怎么抓的,求个流程
@x-nas

@x-nas
Copy link
Owner

x-nas commented Nov 1, 2024

Charles做代理,Proxifier做转发,然后wpe64 hook 花瓶就可以抓包了

@x-nas
Copy link
Owner

x-nas commented Nov 4, 2024

试了WPE64还有其它几个拦截封包的软件都没办法直接抓到包,用代理抓吧

我倒是想知道为什么不能抓?我是一名安全开发人员,这方面我有经验,请告诉我,我可以提供解决方案。

我试了两种注入方法,都可以成功注入和hook: 1、消息钩子 2、劫持

不知道你是用的什么方法注入的?

@x-nas

easyhook 你可以看我的源码

@bigsinger
Copy link
Author

bigsinger commented Nov 4, 2024
edited
Loading

@x-nas
查看了代码:

  if (ProcessID > -1)
  {
      RemoteHooking.Inject(ProcessID, injectionLibrary_x86, injectionLibrary_x64, Properties.Settings.Default.DefaultLanguage);
  }
  else
  {
      RemoteHooking.CreateAndInject(ProcessPath, string.Empty, 0, injectionLibrary_x86, injectionLibrary_x64, out this.ProcessID, Properties.Settings.Default.DefaultLanguage);
  }

看上去是远程线程方式注入,这种方式很不可靠,容易:被防御机制拦截而导致失败。

建议使用消息钩子注入,或者两种方式配合使用,消息钩子不适用时再用远程线程方式。

另外劫持的方式也可以考虑,可以作为备选。

@x-nas
Copy link
Owner

x-nas commented Nov 4, 2024
edited
Loading

@x-nas 查看了代码:

  if (ProcessID > -1)
  {
      RemoteHooking.Inject(ProcessID, injectionLibrary_x86, injectionLibrary_x64, Properties.Settings.Default.DefaultLanguage);
  }
  else
  {
      RemoteHooking.CreateAndInject(ProcessPath, string.Empty, 0, injectionLibrary_x86, injectionLibrary_x64, out this.ProcessID, Properties.Settings.Default.DefaultLanguage);
  }

看上去是远程线程方式注入,这种方式很不可靠,容易:被防御机制拦截而导致失败。

建议使用消息钩子注入,或者两种方式配合使用,消息钩子不适用时再用远程线程方式。

另外劫持的方式也可以考虑,可以作为备选。

感谢你的建议,方便的话可以加我QQ详细沟通吗? QQ:263659

@bigsinger
Copy link
Author

使用 SetWindowsHookEx WH_MOUSE
可以使用gpt或kimi 让他实现一段c#的代码就行

@bigsinger bigsinger mentioned this issue Nov 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bigsinger @x-nas