我写了个很简单的远程线程注入程序,注入PID为2515的进程,代码如下:
int __stdcall ThreadProc (void *lpPara){
//MessageBox(NULL,"hello","hello",0);
//先定义参数结构
typedef struct _RemotePara{//参数结构
char pMessageBox[12];
DWORD dwMessageBox;
}RemotePara;
//赋值
RemotePara myRemotePara;
::ZeroMemory(&myRemotePara,sizeof(RemotePara));
HINSTANCE hUser32 = ::LoadLibrary ("user32.dll");
myRemotePara.dwMessageBox =(DWORD) ::GetProcAddress (hUser32 , "MessageBoxA");
strcat(myRemotePara.pMessageBox,"hello\0");
return 0;
}
int main(int argc, char* argv[])
{
const DWORD THREADSIZE=1024*4;//暂定线程体大小为4K
DWORD byte_write;
HANDLE hWnd = ::OpenProcess (PROCESS_ALL_ACCESS,FALSE,2515); //打开PID为2515的进程
if(!hWnd)
printf("error OpenProcess!\n ");
void *pRemoteThread =::VirtualAllocEx(hWnd,0,THREADSIZE,MEM_COMMIT| MEM_RESERVE,PAGE_EXECUTE_READWRITE);//在宿主进程中使用VirtualAllocEx函数申请一段内存
if(!pRemoteThread)
printf("error VirtualAllocEx!\n");
if(!::WriteProcessMemory(hWnd,pRemoteThread,&ThreadProc,THREADSIZE,0))//写入宿主进程
printf("error WriteProcessMemory!\n");
//启动线程
HANDLE hThread = ::CreateRemoteThread (hWnd ,0,0,(DWORD (__stdcall *)(void *))pRemoteThread ,NULL,0,&byte_write);
if(!hThread){ //还有内存分配未释放
printf("error CreateRemoteThread!\n");
}
return 0;
}
编译通过没问题,但是每次运行,都导致了PID2515的进程终止,出现错误 提示。我不清楚是自己的程序出了问题,还是运行方法不对,还是windows自己的一种保护机制?我是用windowsXP+SP3。请指教。谢谢!
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!