代码远程注入关键段 

 1 HANDLE handleProcess = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE
 2             , FALSE
 3             , dwProcessId); 
 4 
 5         //param
 6         char szBuff[10]={0};
 7         *(DWORD*)szBuff = 1000;
 8         void* pDataRemote = VirtualAllocEx(handleProcess,0,sizeof(szBuff),MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_READWRITE);
 9         WriteProcessMemory(handleProcess,pDataRemote,szBuff,sizeof(szBuff),NULL);
10 
11         //fun
12         DWORD cbCodeSize = (LPBYTE)InjectFunEnd - (LPBYTE)InjectFun;
13         PDWORD pCodeRemote = (PDWORD)VirtualAllocEx(handleProcess,0,cbCodeSize,MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_READWRITE);
14         WriteProcessMemory(handleProcess,pCodeRemote,&InjectFun,cbCodeSize,NULL);
15 
16         HANDLE hThread = CreateRemoteThread(handleProcess,NULL,0,(LPTHREAD_START_ROUTINE)pCodeRemote,pDataRemote,0,NULL);
17 
18         DWORD dwExtCode;
19         if (hThread)
20         {
21             WaitForSingleObject(hThread,INFINITE);
22             GetExitCodeThread(hThread,&dwExtCode);
23 
24             printf("return %d",dwExtCode);
25             //TRACE("return %d",dwExtCode);
26             CloseHandle(hThread);
27         }
28 
29         VirtualFreeEx(handleProcess,pCodeRemote,cbCodeSize,MEM_RELEASE);
30         VirtualFreeEx(handleProcess,pDataRemote,sizeof(szBuff),MEM_RELEASE);
31 
32         CloseHandle(handleProcess);

 

posted @ 2013-02-06 00:10  我的程序人生  阅读(250)  评论(0)    收藏  举报