-
-
[求助]远程线程注入
-
发表于:
2014-3-16 13:15
4341
-
下面这段代码为什么要写入的函数没有执行?
#include "stdafx.h"
#include <stdio.h>
//要写入的函数
int KeyboardProc()
{
MessageBox(NULL," 执行! ",NULL,NULL);
return 0;
}
//远程创建线程函数
int InfusionFunc(DWORD dwProcId,LPVOID mFunc)
{
HANDLE hProcess;//远程句柄
LPVOID mFuncAddr;//申请函数内存地址
HANDLE hThread; //线程句柄
//打开被注入的进程句柄
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcId);
if(!hProcess)
{
MessageBox(NULL,"打开进程失败",NULL,NULL);
}
//申请内存
mFuncAddr = VirtualAllocEx(hProcess,NULL,20000,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
//写内存
WriteProcessMemory(hProcess,mFuncAddr,mFunc,20000, 0);
//创建远程线程
hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)mFuncAddr,0,0,0);
if(!hThread)
{
MessageBox(NULL,"创建远程线程失败",NULL,NULL);
}
WaitForSingleObject(hThread, INFINITE); //等待线程结束
//释放申请有内存
VirtualFreeEx(hProcess,mFuncAddr,128,MEM_RELEASE);
//释放远程句柄
CloseHandle(hThread);
CloseHandle(hProcess);
return 0;
}
//主函数
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
HWND hwnd=::FindWindow(NULL,"计算器");
if(!hwnd)
{
MessageBox(NULL,"打开计算器失败",NULL,NULL);
return 0;
}
DWORD Tid,Pid;
Tid=GetWindowThreadProcessId(hwnd,&Pid);
InfusionFunc(Pid,KeyboardProc); //调用线程创建函数
return 0;
}
[招生]系统0day安全班,企业级设备固件漏洞挖掘,Linux平台漏洞挖掘!
