弄过线程注入的朋友帮忙看眼,谢谢。
以下是我用VC写的线程注入代码。
程序前边都没有问题。
问题在CreateRemoteThread函数调用后,目标进程会崩溃。
我想可能是我写入目标进程的代码不对造成的,可是鼓秋好长时间了
还是没能找出错误的根源。
所以,哪位大神能帮我看一眼程序吗?
顺便指出到底是哪里出了问题,谢谢了。
#include "stdafx.h"
#include <Windows.h>
BYTE bCodeData[1024] = {0};
static DWORD Myfunc(LPVOID *pParam)
{
HWND TestHwnd = FindWindow(NULL,TEXT("1.0MFC"));
MessageBox(TestHwnd, TEXT("MyThread"), TEXT("aaaaaaaa"), MB_OK);
return *(DWORD*)pParam;
}
int _tmain(int argc, _TCHAR* argv[])
{
BYTE* pMyFunAddr = (BYTE*)(DWORD)Myfunc;
int i = 0;
do
{
bCodeData[i++] = *pMyFunAddr++;
}while(*pMyFunAddr != 0xc3); //我的cpu ret = c3
int iError;
HWND TestHwnd = FindWindow(NULL,TEXT("1.0MFC")); //直接运行一个MFC的对话框程序,标题栏是 1.0MFC
if(TestHwnd == NULL)
{
iError = GetLastError();
printf("FindWindow Error = %d",iError);
getchar();
return 1;
}
DWORD PID, TID;
TID = ::GetWindowThreadProcessId (TestHwnd, &PID);
HANDLE hProcess;
hProcess = OpenProcess(PROCESS_ALL_ACCESS,false,PID);
char szBuffer[10] = {0};
*(DWORD*)szBuffer=1000;
void *pDataRemote =(char*) VirtualAllocEx( hProcess, 0, sizeof(szBuffer), MEM_COMMIT,
PAGE_READWRITE );
iError = ::WriteProcessMemory( hProcess, pDataRemote, szBuffer,sizeof(szBuffer),NULL);
if(!iError)
{
printf("WriteProcessMemory Data Error = %d",iError);
getchar();
return 1;
}
PDWORD pCodeRemote = (PDWORD) VirtualAllocEx( hProcess, 0, i, MEM_COMMIT,
PAGE_EXECUTE_READWRITE );
WriteProcessMemory( hProcess, pCodeRemote, (BYTE*)(DWORD)Myfunc, i, NULL);
if(!iError)
{
printf("WriteProcessMemory Code Error = %d",iError);
getchar();
return 1;
}
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0,
(LPTHREAD_START_ROUTINE) pCodeRemote,//
pDataRemote, 0 , NULL);
DWORD h;
if (hThread)
{
::WaitForSingleObject( hThread, INFINITE );
::GetExitCodeThread( hThread, &h );
printf("run and return %d ",h);
::CloseHandle( hThread );
}
return 0;
}
[解决办法]
最简单的说你里面使用的那些字符串的在那里呢??
