随笔分类 - Windows编程
摘要:转载请声明出处:http://www.cnblogs.com/predator-wang/p/4792976.html参考:http://andylin02.iteye.com/blog/459483进程注入的方法分类如下: 带DLL的注入 利用注册表注入 利用Windows Hooks注入...
阅读全文
摘要:FormatMessageFormats a message string. The function requires a message definition as input. The message definition can come from a buffer passed into ...
阅读全文
摘要:Reserves, commits, or changes the state of a region of pages in the virtual address space of the calling process. Memory allocated by this function is...
阅读全文
摘要:什么是重定位:重定位就是你本来这个程序理论上要占据这个地址,但是由于某种原因,这个地址现在不能让你占用,你必须转移到别的地址,这就需要基址重定位。你可能会问,不是说过每个进程都有自己独立的虚拟地址空间吗?既然都是自己的,怎么会被占据呢?对于EXE应用程序来说,是这样的。但是动态链接库就不一样了,我们...
阅读全文
摘要:Retrieves a module handle for the specified module. The module must have been loaded by the calling process.HMODULE WINAPI GetModuleHandle( _In_opt_ ...
阅读全文
摘要:sectionalignment和FileAlignment内存中块大小和文件中块大小参考:http://bbs.pediy.com/showthread.php?s=&threadid=18022
阅读全文
摘要:GetExitCodeRetrieves the termination status of the specified thread.BOOL WINAPI GetExitCodeThread( _In_ HANDLE hThread, _Out_ LPDWORD lpExitCode);...
阅读全文
摘要:参考:http://qiusuoge.com/11496.htmlhttp://www.cnblogs.com/BoyXiao/archive/2011/01/01/1923828.htmlstdin是标准输入,stdout是标准输出,stderr是标准错误输出。大多数的命令行程序从stdin输入,...
阅读全文
摘要:WaitForSingleObjectWaits until the specified object is in the signaled state or the time-out interval elapses.DWORD WINAPI WaitForSingleObject( _In_ ...
阅读全文
摘要:CreateFileCreates or opens a file or I/O device. The most commonly used I/O devices are as follows: file, file stream, directory, physical disk, volum...
阅读全文
摘要:Creates or opens a file or I/O device. The most commonly used I/O devices are as follows: file, file stream, directory, physical disk, volume, console...
阅读全文
摘要:参考:https://msdn.microsoft.com/en-us/library/aa364418%28VS.85%29.aspxFindFirstFileSearches a directory for a file or subdirectory with a name that matc...
阅读全文
摘要:参考:http://blog.csdn.net/hw_henry2008/article/details/6568255 Windows 的 DLL 装入(除 ntdll.dll 外)和连接是通过 ntdll.dll 中的一个函数LdrInitializeThunk()实现的.在进入这个函数之前,目...
阅读全文
摘要:InternetOpen:Initializes an application's use of the WinINet functions.HINTERNET InternetOpen( _In_ LPCTSTR lpszAgent, _In_ DWORD dwAccessType, _...
阅读全文
摘要:GetStartupInfo 参考:https://msdn.microsoft.com/en-us/library/windows/desktop/ms683230%28v=vs.85%29.aspxRetrieves the contents of the STARTUPINFO structu...
阅读全文
摘要:CreateToolhelp32Snapshot:参考:https://msdn.microsoft.com/en-us/library/ms682489%28VS.85%29.aspxHANDLE WINAPI CreateToolhelp32Snapshot( _In_ DWORD dwFla...
阅读全文
摘要:ReadProcessMemory:BOOL WINAPI ReadProcessMemory( _In_ HANDLE hProcess, _In_ LPCVOID lpBaseAddress, _Out_ LPVOID lpBuffer, _In_ SIZE_T nSize,...
阅读全文
摘要:The following example uses the OpenProcessToken and GetTokenInformation functions to get the group memberships in an access token.The GetTokenInformat...
阅读全文
摘要:这里主要是利用NTDLL.dll中未文档化的API:RtlAdjustPrivilege来实现提权、自动关机的功能。RtlAdjustPrivilege定义如下:NTSTATUS RtlAdjustPrivilege(ULONG Privilege,BOOLEAN Enable,BOOLEAN...
阅读全文
摘要:MSDN介绍CreatePipeA pipe is a section of shared memory that processes use for communication. The process that creates a pipe is the pipe server. A proce...
阅读全文
浙公网安备 33010602011771号