我想尝试做远程线程注入、但是一上来就出问题、
OpenProcess打开某些进程返回0比如有道、酷狗、csrss之类、
打开某些进程如QQ以及我自己的测试写的小程序、就能成功、代码如下,其中bTemp三次都是为true的:
private void btnStart_Click(object sender, EventArgs e)
{
if (_processId == 0 || _fileNameOfDll == null) return;
bool bTemp;
//一:1
IntPtr phToken = IntPtr.Zero;
bTemp = Function.OpenProcessToken(Process.GetCurrentProcess().Handle, DesiredAccessRights.TOKEN_ADJUST_PRIVILEGES | DesiredAccessRights.TOKEN_QUERY, ref phToken);
//2
TokenPrivilegeLuid token;
token.PrivilegesLuid = 0;
token.PrivilegesCount = 1;
token.PrivilegesAttributes = PrivilegesAttributes.SE_PRIVILEGE_ENABLED;
bTemp = Function.LookupPrivilegeValue(null, WinNtPrivilegeName.SE_DEBUG_NAME, ref token.PrivilegesLuid);
//3
bTemp = Function.AdjustTokenPrivileges(phToken, false, ref token, 0, IntPtr.Zero, IntPtr.Zero); //二
IntPtr hProcess = Function.OpenProcess(ProcessAccessRights.PROCESS_ALL_ACCESS, false, _processId); //三
IntPtr allocBaseAddress = Function.VirualAllocEx(hProcess, IntPtr.Zero, _fileNameOfDll.Length + 1,
AllocationType.MEM_COMMIT | AllocationType.MEM_RESERVE, ProtectionType.PAGE_EXECUTE_READWRITE);
}
}
在什么情况下openprocess会失败呢、应该怎么解决呢?
OpenProcess打开某些进程返回0比如有道、酷狗、csrss之类、
打开某些进程如QQ以及我自己的测试写的小程序、就能成功、代码如下,其中bTemp三次都是为true的:
private void btnStart_Click(object sender, EventArgs e)
{
if (_processId == 0 || _fileNameOfDll == null) return;
bool bTemp;
//一:1
IntPtr phToken = IntPtr.Zero;
bTemp = Function.OpenProcessToken(Process.GetCurrentProcess().Handle, DesiredAccessRights.TOKEN_ADJUST_PRIVILEGES | DesiredAccessRights.TOKEN_QUERY, ref phToken);
//2
TokenPrivilegeLuid token;
token.PrivilegesLuid = 0;
token.PrivilegesCount = 1;
token.PrivilegesAttributes = PrivilegesAttributes.SE_PRIVILEGE_ENABLED;
bTemp = Function.LookupPrivilegeValue(null, WinNtPrivilegeName.SE_DEBUG_NAME, ref token.PrivilegesLuid);
//3
bTemp = Function.AdjustTokenPrivileges(phToken, false, ref token, 0, IntPtr.Zero, IntPtr.Zero); //二
IntPtr hProcess = Function.OpenProcess(ProcessAccessRights.PROCESS_ALL_ACCESS, false, _processId); //三
IntPtr allocBaseAddress = Function.VirualAllocEx(hProcess, IntPtr.Zero, _fileNameOfDll.Length + 1,
AllocationType.MEM_COMMIT | AllocationType.MEM_RESERVE, ProtectionType.PAGE_EXECUTE_READWRITE);
}
}
在什么情况下openprocess会失败呢、应该怎么解决呢?
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货