- 注册时间
- 2011-9-21
- 最后登录
- 1970-1-1
该用户从未签到
|
楼主 |
发表于 2011-9-22 10:58:53
|
显示全部楼层
谢谢小小思维的回答,我理解为什么出错了,我虽然打开了目标进程,但是汇编代码所涉及的地址,代码等,并不是在目标的地址空间中,而是在我本地进程的地址空间,如果直接调用,肯定就会出问题。代码修改后,调用依然没有效果。代码如下:
DWORD dwProcId = 556;
BOOL bRet = WinLib_RaiseProcPrivilegToDebug(GetCurrentProcess());
if ( !bRet )
{
MessageBox("提权失败", "提示", MB_OK);
return;
}
// 打开进程
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcId);
if ( hProc )
{
// 分配空间
LPVOID lpAddress = VirtualAllocEx(hProc, NULL, REMOTE_MEM_SIZE, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if ( NULL == lpAddress )
{
MessageBox("分配虚拟地址失败", "提示", MB_OK);
CloseHandle(hProc);
return;
}
// 写入代码
bRet = WriteProcessMemory(hProc, lpAddress, CallAddBlood, REMOTE_MEM_SIZE, NULL);
if ( !bRet )
{
MessageBox("写入代码失败", "提示", MB_OK);
VirtualFreeEx(hProc, lpAddress, REMOTE_MEM_SIZE, MEM_DECOMMIT | MEM_RESERVE);
CloseHandle(hProc);
return;
}
// 调用加血CALL
DWORD dwRemoteThreadId = 0;
HANDLE hRemoteThread = CreateRemoteThread(hProc, NULL, 0, (LPTHREAD_START_ROUTINE)lpAddress, NULL, 0, &dwRemoteThreadId);
if ( NULL == hRemoteThread )
{
MessageBox("执行远程代码失败", "提示", MB_OK);
}
else
{
WaitForSingleObject(hRemoteThread, NULL);
CloseHandle(hRemoteThread);
}
VirtualFreeEx(hProc, lpAddress, REMOTE_MEM_SIZE, MEM_DECOMMIT | MEM_RESERVE);
CloseHandle(hProc);
}
else
{
DWORD dwErrorCode = GetLastError();
OutputDebugString("OpenProcess Failed!\n");
} |
|