在win10 中编译成32程序 没问题 编译成64位 错误 0xc00000F6
是哪里问题呢 ?
TZwMapViewOfSection = function(SectionHandle: THANDLE;
ProcessHandle: THANDLE;
BaseAddress: Pointer;
ZeroBits: ULONG_PTR ;//LongWord;
CommitSize: SIZE_T ;//LongWord;
SectionOffset: PLARGE_INTEGER;
ViewSize: Pointer;
InheritDisposition: SECTION_INHERIT;
AllocationType: ULONG;
Win32Protect: ULONG): DWORD; stdcall;
procedure main(ProcessHandle: THANDLE; Address : UInt64; Size: UInt64);
var
h, SectionHandle: THandle;
ZwCreateSection: TZwCreateSection;
ZwMapViewOfSection: TZwMapViewOfSection;
MaximumSize: LARGE_INTEGER;
obj: OBJECT_ATTRIBUTES;
error :DWORD;
BaseAddress: Pointer;
ViewSize : LongWord;
begin
h := LoadLibraryA('ntdll.dll');
ZwCreateSection := TZwCreateSection(GetProcAddress(h, 'NtCreateSection'));
ZwMapViewOfSection := TZwMapViewOfSection(GetProcAddress(h, 'ZwMapViewOfSection'));
FillChar(MaximumSize, SizeOf(LARGE_INTEGER), 0);
MaximumSize.QuadPart := Size ; //$50000;
error := ZwCreateSection(@SectionHandle, SECTION_ALL_ACCESS, nil, @MaximumSize, PAGE_EXECUTE_READ, SEC_COMMIT, 0);
BaseAddress := nil;
ViewSize := 0; //GetCurrentProcess()
error := ZwMapViewOfSection(SectionHandle,ProcessHandle , @BaseAddress , 0,
Size, nil, @ViewSize, ViewShare, 0, PAGE_EXECUTE_READ);
end;
[课程]FART 脱壳王!加量不加价!FART作者讲授!
最后于 2020-2-3 00:45
被lg好人编辑
,原因:
