-
Chrome无法注入dll
修改exe, 低版本系统无该功能 ApplyProcessMitigationsToCurrentProcess
OSInfo__OSInfo
C74614030000008B8424D000000031E88B0D40C0630039C17573
C7461403000000C60605C6460405EB068B0D40C06300C646080089F0
修改后可以 -
renderer进程无法读写文件
-
主进程CreateProcessAsUser, SetTokenInformation等修改进程权限, 屏蔽相关
CreateProcessAsUserW
56FF1510FC630085C00F84880500000F57C0
51FF1510FC6300
SetThreadToken
5150FF159CFC630085C00F8483050000
51505858EB0A9090
CheckImpersonationToken
0F849104000089F1E8DA6BF2FF
740490909090
修改后可以读取文件, 但是无法写入 -
主程序启动添加参数no-sandbox参数, 读写都正常
-
修改主dll文件, 修改no-sandbox参数判断
FileName = ..\144.0.7559.133\chrome.dll
PathList\0000\Descrip = RELOCS_STRIPPED
PathList\0000\NewHex = 2321
PathList\0000\Offset = 0000008E;
PathList\0000\OldHex = 22210B010E00002CDF0B007AEE010000
PathList\0000\Path = 1
PathList\0001\Descrip = ApplyProcessMitigationsToCurrentProcess
PathList\0001\NewHex = B30109C1EBFC90909090
PathList\0001\Offset = 01A8A584;
PathList\0001\OldHex = B30109C10F84F8010000E8BDC76AFEA1A80A56BD
PathList\0001\Path = 0
PathList\0002\Descrip = no-sandbox-must
PathList\0002\NewHex = 68DBEADCBC5824019090
PathList\0002\Offset = 00C86C94;
PathList\0002\OldHex = 68DBEADCBCE8A280E601
PathList\0002\Path = 1
PathList\0003\Descrip = no-sandbox-must
PathList\0003\NewHex = 68DBEADCBC5824019090
PathList\0003\Offset = 00C8C009;
PathList\0003\OldHex = 68DBEADCBCE82D2DE601
PathList\0003\Path = 1
PathList\0004\Descrip = no-sandbox
PathList\0004\NewHex = 68DBEADCBC5824019090
PathList\0004\Offset = 00FC8BD8;
PathList\0004\OldHex = 68DBEADCBCE85E61B201
PathList\0004\Path = 1
PathList\0005\Descrip = no-sandbox-RendererMain
PathList\0005\NewHex = 68DBEADCBCE8C06BB00184C07500
PathList\0005\Offset = 00FE8176;
PathList\0005\OldHex = 68DBEADCBCE8C06BB00184C0751D
PathList\0005\Path = 1
PathList\0006\Descrip = no-sandbox-must
PathList\0006\NewHex = 68DBEADCBC5824019090
PathList\0006\Offset = 00FE8218;
PathList\0006\OldHex = 68DBEADCBCE81E6BB001
PathList\0006\Path = 1
PathList\0007\Descrip = no-sandbox
PathList\0007\NewHex = 68DBEADCBC5824019090
PathList\0007\Offset = 01E6357C;
PathList\0007\OldHex = 68DBEADCBCE8BAB7C800
PathList\0007\Path = 0
PathList\0008\Descrip = no-sandbox-must
PathList\0008\NewHex = 68DBEADCBC5824019090
PathList\0008\Offset = 03CD9FA4;
PathList\0008\OldHex = 68DBEADCBCE8924DE1FE
PathList\0008\Path = 1
PathList\0009\Descrip = no-sandbox
PathList\0009\NewHex = 68DBEADCBC5824019090
PathList\0009\Offset = 03CD9FB9;
PathList\0009\OldHex = 68DBEADCBCE87D4DE1FE
PathList\0009\Path = 0
PathList\0010\Descrip = no-sandbox
PathList\0010\NewHex = 68DBEADCBC5824019090
PathList\0010\Offset = 03CDA113;
PathList\0010\OldHex = 68DBEADCBCE8234CE1FE
PathList\0010\Path = 0
PathList\0011\Descrip = no-sandbox
PathList\0011\NewHex = 68DBEADCBC5824019090
PathList\0011\Offset = 03CDA128;
PathList\0011\OldHex = 68DBEADCBCE80E4CE1FE
PathList\0011\Path = 0
PathList\0012\Descrip = no-sandbox
PathList\0012\NewHex = 68DBEADCBC5824019090
PathList\0012\Offset = 03CDAACE;
PathList\0012\OldHex = 68DBEADCBCE86842E1FE
PathList\0012\Path = 0
PathList\0013\Descrip = no-sandbox
PathList\0013\NewHex = 68DBEADCBC5824019090
PathList\0013\Offset = 03CDAAE2;
PathList\0013\OldHex = 68DBEADCBCE85442E1FE
PathList\0013\Path = 0
PathList\Count = 14
修改后读写都正常, 同时也避免了无法注入dll问题