Chinaunix首页 | 论坛 | 博客
  • 博客访问: 73901
  • 博文数量: 26
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 230
  • 用 户 组: 普通用户
  • 注册时间: 2015-01-17 20:15
个人简介

我叫什么干什么的我还是我不知道

文章分类

全部博文(26)

文章存档

2016年(4)

2015年(22)

我的朋友

分类: Windows平台

2015-01-17 20:46:32

HWND hWnd=::FindWindow(NULL,L"窗口标题");
if(hWnd==NULL)
{
MessageBox(L"未获取窗口句柄!",L"失败",MB_OK);
return;
}
DWORD pid,tid;
tid=GetWindowThreadProcessId(hWnd,&pid);
if(tid<=0)
{
MessageBox(L"未获取线程ID",L"失败");
return;
}
if(pid<=0)
{
MessageBox(L"未获取进程ID",L"失败");
return;
}
HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid);
if(hProcess <= 0)
{
MessageBox(L"未获取进程句柄",L"失败");
return;
}
HANDLE hThread=OpenThread(THREAD_ALL_ACCESS,FALSE,tid);
if(hThread <= 0)
{
MessageBox(L"未获取线程ID",L"失败");
return;
}
SuspendThread(hThread);
CONTEXT ct={0};
ct.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hThread,&ct);
DWORD dwSize = sizeof(WCHAR)*1024;
BYTE *pProcessMem = (BYTE *)::VirtualAllocEx(hProcess,NULL,dwSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
DWORD dwWrited = 0;
::WriteProcessMemory(hProcess, (pProcessMem + 0x100), pDllPath, (wcslen(pDllPath) + 1) * sizeof(WCHAR), &dwWrited);

FARPROC pLoadLibraryW = (FARPROC)::GetProcAddress(::GetModuleHandle(L"Kernel32"), "LoadLibraryW");
BYTE ShellCode[32] = { 0 };
DWORD *pdwAddr = NULL;

ShellCode[0] = 0x60; // pushad
ShellCode[1] = 0x9c; // pushfd
ShellCode[2] = 0x68; // push
pdwAddr = (DWORD *)&ShellCode[3]; // ShellCode[3/4/5/6]
*pdwAddr = (DWORD)(pProcessMem + 0x100);
ShellCode[7] = 0xe8;//call
pdwAddr = (DWORD *)&ShellCode[8]; // ShellCode[8/9/10/11]
*pdwAddr = (DWORD)pLoadLibraryW - (DWORD)(pProcessMem + 7) - 5;
ShellCode[12] = 0x9d; // popfd
ShellCode[13] = 0x61; // popad
ShellCode[14] = 0xe9; // jmp

pdwAddr = (DWORD *)&ShellCode[15]; // ShellCode[15/16/17/18]
*pdwAddr = ct.Eip - (DWORD)(pProcessMem + 14) - 5;
::WriteProcessMemory(hProcess, pProcessMem, ShellCode, sizeof(ShellCode), &dwWrited);
ct.Eip = (DWORD)pProcessMem;
::SetThreadContext(hThread, &ct);

::ResumeThread(hThread);
::CloseHandle(hProcess);
::CloseHandle(hThread);
阅读(1779) | 评论(0) | 转发(0) |
0

上一篇:没有了

下一篇:ListBox控件怎样删除选择的多个Item(c#)

给主人留下些什么吧!~~