| 网站首页 | 业界新闻 | 小组 | 威客 | 人才 | 下载频道 | 博客 | 代码贴 | 在线编程 | 编程论坛
欢迎加入我们,一同切磋技术
用户名:   
 
密 码:  
共有 388 人关注过本帖
标题:哪位大侠给看看哪里出问题了
取消只看楼主 加入收藏
蜀山野鬼
Rank: 1
等 级:新手上路
帖 子:3
专家分:0
注 册:2012-11-15
结帖率:0
收藏
已结贴  问题点数:20 回复次数:1 
哪位大侠给看看哪里出问题了
远 程线程注入的程序  能够编译成功 但是运行不起来   

#include <stdio.h>
#include <windows.h>
#include <TlHelp32.h>

DWORD GetProcessIdByName(LPSTR processname,LPDWORD lpPid){
    HANDLE ps;
     PROCESSENTRY32 pe;
     pe.dwSize = sizeof(pe);
     ps = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
     if(ps == INVALID_HANDLE_VALUE){
          printf("error\n");
          exit(-1);
     }
     BOOL bProcess = Process32First(ps,&pe);
     while(bProcess){
          //char buff[MAX_PATH];
          //ZeroMemory(buff,MAX_PATH);
          if(lstrcmp(pe.szExeFile,processname) == 0){
               *lpPid = pe.th32ProcessID;
                return 0;
          }
          bProcess = Process32Next(ps,&pe);
     }
   
}
BOOL enableDebugPriv(){
     HANDLE hToken;
     LUID sedebugnameValue;
     TOKEN_PRIVILEGES tkp;
  
     if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
         return FALSE;
     }

     if (!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&sedebugnameValue)){
         CloseHandle(hToken);
         return FALSE;
     }

     tkp.PrivilegeCount = 1;
     tkp.Privileges[0].Luid = sedebugnameValue;
     tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

     if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL)) {
         CloseHandle(hToken);
         return FALSE;
     }

     return TRUE;
}


DWORD __stdcall threadProc(LPVOID lParam){
    MessageBox(NULL,"test","test",MB_OK);
    return 0;
}


int main(){
    typedef struct _RemoteParam {
        char szMsg[12];     //MessageBox函数显示的字符串
        DWORD dwMessageBox;//MessageBox函数的入口地址
    }RemoteParam, *PRemoteParam;
    DWORD pid;
    HANDLE Rthread;
    LPSTR pname="iexplorer.exe";
    DWORD dwThreadSize = 4096;
    DWORD dwWriteBytes;
    RemoteParam remoteData;
    ZeroMemory(&remoteData, sizeof(RemoteParam));
    enableDebugPriv();
    GetProcessIdByName(pname,&pid);
    //printf("%d\n",pid);
    Rthread = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid);
    if(Rthread == INVALID_HANDLE_VALUE){
        printf("Open process error\n");
        exit(-1);
    }
    HINSTANCE hUser32 = LoadLibrary("User32.dll");
    remoteData.dwMessageBox = (DWORD)GetProcAddress(hUser32, "MessageBoxA");
    strcat(remoteData.szMsg,"test\0");

    //在宿主进程中分配存储空间
    RemoteParam* pRemoteParam = (RemoteParam*)VirtualAllocEx(Rthread,0,sizeof(RemoteParam),MEM_COMMIT,PAGE_READWRITE);

    if (!pRemoteParam) {
        MessageBox(NULL, "Alloc memory failed !","Notice", MB_ICONINFORMATION | MB_OK);
             return 0;
    }

    //将字符串和MessageBox函数的入口地址写入宿主进程
    if (!WriteProcessMemory(Rthread,pRemoteParam,&remoteData,sizeof(remoteData),0)){
             MessageBox(NULL, "Write data to target process failed !","Notice",MB_ICONINFORMATION | MB_OK);
            return 0;
    }
   
    HANDLE hRemoteThread = CreateRemoteThread(Rthread,NULL,0,(DWORD (__stdcall *)(void *))pRemoteParam,NULL,0,&dwWriteBytes);
         if (!hRemoteThread){
             MessageBox(NULL, "Create remote thread failed !", "Notice", MB_ICONSTOP);
             return -1;
         }
    return 0;
}
搜索更多相关主题的帖子: include 
2013-01-22 16:15
蜀山野鬼
Rank: 1
等 级:新手上路
帖 子:3
专家分:0
注 册:2012-11-15
收藏
得分:0 
回复 2楼 ren613
这是俺第一次发帖   没人给点指点么
2013-01-22 19:52
快速回复:哪位大侠给看看哪里出问题了
数据加载中...
 
   



关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.033407 second(s), 8 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved