我正在尝试将我的可执行负载注入远程进程。我在远程进程中分配了内存，我使用 RVA 寻址转换了原始负载。我应用了重定位和导入表。

当我在 Windows 10 环境中测试我的解决方案时，它运行良好。exe 已注入并正常运行，并向我显示消息框。

但是，当我尝试在 Windows 7 64 位（加载程序、有效负载和目标编译为 x86 代码）上执行相同操作时，出现错误：

访问冲突执行位置 0x7698FD1E

我查了一下，这个地址是来自 user32.dll 库的 MessageBoxA 函数的地址

这是我将 pe 注入远程进程的主要代码：

char* target_n = "InjectTarget.exe";
    char* payload_path  = "C:\\Users\\pb\\source\\repos\\pe-dumper\\Debug\\DummyApp.exe";

    FILE* raw_payload = get_file_buffer(payload_path);
    PIMAGE_NT_HEADERS inth = get_nt_headers(raw_payload);

    DWORD kImageSize = inth->OptionalHeader.SizeOfImage;
    DWORD kTargetProcId = get_process_id(target_n);

    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, NULL, kTargetProcId);
    if (hProcess == NULL) {
        printf("Error: Process handle is NULL\n");
    }

    LPVOID imageBaseRemote = VirtualAllocEx(hProcess, NULL, kImageSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
    if (imageBaseRemote == NULL) {
        printf("Error: Image base remote is NULL\n");
    }

    LPVOID imageBaseLocal = VirtualAlloc(NULL, kImageSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
    copy_raw_to_image_local(imageBaseLocal, raw_payload);
    adjust_relocations(imageBaseRemote, imageBaseLocal);
    adjust_imports(imageBaseLocal);

    DWORD bytesWritten;
    if (!WriteProcessMemory(hProcess, imageBaseRemote, imageBaseLocal, kImageSize, &bytesWritten)) {
        printf("Cannot write to remote process!\n");
    }

    LPTHREAD_START_ROUTINE routine = ((ULONG_PTR)imageBaseRemote + inth->OptionalHeader.AddressOfEntryPoint);

    DWORD threadId;
    HANDLE hThread = CreateRemoteThread(hProcess, NULL, NULL, routine, NULL, NULL, &threadId);

    if (hThread == NULL) {
        printf("%d", GetLastError());
    }

    VirtualFree(imageBaseLocal, kImageSize, MEM_RELEASE);
    fclose(raw_payload);

为什么 Windows 10 和 Windows 7 之间会出现这些差异？