-
-
Hook CreateProcessInternalW的一个奇怪问题
-
-
Hook CreateProcessInternalW的一个奇怪问题
BOOL Fake_CreateProcessInternalW(
HANDLE hToken,
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
PHANDLE hNewToken)
{
BOOL bRet = FALSE;
STARTUPINFOW MyStartupInfo = {0};
memcpy(&MyStartupInfo,lpStartupInfo,lpStartupInfo->cb);
bRet = DEF_CALL_ORIGINAL_FUNCTION(CreateProcessInternalW)(
hToken,
lpApplicationName,
lpCommandLine,
lpProcessAttributes,
lpThreadAttributes,
bInheritHandles,
dwCreationFlags,
lpEnvironment,
lpCurrentDirectory,
&MyStartupInfo,
lpProcessInformation,
hNewToken);
return bRet;
}
什么都没做,就拷贝了下参数,然后调用拷贝后的参数,提示MyStartupInfo附近栈溢出
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!