#include<windows.h>
#include<iostream.h>
main()
{
HANDLE htoken;
::OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&htoken);
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount=1;
tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
::LookupPrivilegeValue(NULL,"seDebugPrivilege",&tp.Privileges[0].Luid);
::AdjustTokenPrivileges(htoken,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL);
HWND hwnd=::FindWindow("notepad",NULL);
DWORD dwProcessId;
::GetWindowThreadProcessId(hwnd,&dwProcessId);
HANDLE hprocess=::OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessId);
char name[]="E:\\vc\\进入QQ\\dll\\Debug\\dll.dll";
int cbsize=(strlen(name)+1);
if(!hprocess)
cout<<"a"<<endl;
HMODULE hmod= ::LoadLibrary("kernel32.dll");
LPTHREAD_START_ROUTINE pfnstartroutine=(LPTHREAD_START_ROUTINE)::GetProcAddress(hmod,"loadlibrarya");
::FreeLibrary(hmod);
LPVOID remadd=::VirtualAllocEx(hprocess,NULL,cbsize,MEM_COMMIT,PAGE_READWRITE);
::WriteProcessMemory(hprocess,remadd,name,cbsize,NULL);
char pname[10];
::ReadProcessMemory(hprocess,remadd,pname,cbsize,NULL);
DWORD dw;
HANDLE hremotethread=::CreateRemoteThread(hprocess,NULL,NULL,pfnstartroutine,remadd,0,&dw);
::WaitForSingleObject(hremotethread,INFINITE);
::CloseHandle(hremotethread);
::CloseHandle(hprocess);
::VirtualFreeEx(hprocess,remadd,cbsize,MEM_RELEASE);
cout<<"f"<<pname;}
#include<iostream.h>
main()
{
HANDLE htoken;
::OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&htoken);
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount=1;
tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
::LookupPrivilegeValue(NULL,"seDebugPrivilege",&tp.Privileges[0].Luid);
::AdjustTokenPrivileges(htoken,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL);
HWND hwnd=::FindWindow("notepad",NULL);
DWORD dwProcessId;
::GetWindowThreadProcessId(hwnd,&dwProcessId);
HANDLE hprocess=::OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessId);
char name[]="E:\\vc\\进入QQ\\dll\\Debug\\dll.dll";
int cbsize=(strlen(name)+1);
if(!hprocess)
cout<<"a"<<endl;
HMODULE hmod= ::LoadLibrary("kernel32.dll");
LPTHREAD_START_ROUTINE pfnstartroutine=(LPTHREAD_START_ROUTINE)::GetProcAddress(hmod,"loadlibrarya");
::FreeLibrary(hmod);
LPVOID remadd=::VirtualAllocEx(hprocess,NULL,cbsize,MEM_COMMIT,PAGE_READWRITE);
::WriteProcessMemory(hprocess,remadd,name,cbsize,NULL);
char pname[10];
::ReadProcessMemory(hprocess,remadd,pname,cbsize,NULL);
DWORD dw;
HANDLE hremotethread=::CreateRemoteThread(hprocess,NULL,NULL,pfnstartroutine,remadd,0,&dw);
::WaitForSingleObject(hremotethread,INFINITE);
::CloseHandle(hremotethread);
::CloseHandle(hprocess);
::VirtualFreeEx(hprocess,remadd,cbsize,MEM_RELEASE);
cout<<"f"<<pname;}
大小写.......
没有对返回值pfnstartroutine进行判断,这个值肯定是个NULL。
pfnstartroutine 为 NULL.
"loadlibrarya" 这个函数名要区分大小写的.