执行完createremotethread后explorer报错。不知道错在哪里。如何改?
#include "stdafx.h"#include <tlhelp32.h>
#pragma comment (lib,"Advapi32.lib")const DWORD THREADSIZE=1024*4;DWORD WINAPI MyTest( LPVOID lpParameter )
{
::MessageBox(0,"hi",0,0);
return 0;
}int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
DWORD pid=0;
HANDLE hSnapshot = NULL;
hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
PROCESSENTRY32 pe;
pe.dwSize = sizeof(PROCESSENTRY32);
Process32First(hSnapshot,&pe);
do
{
if(_strnicmp(pe.szExeFile,"explorer.exe",strlen("explorer.exe"))==0)
{
pid = pe.th32ProcessID;
break;
}
}
while(Process32Next(hSnapshot,&pe)==TRUE);
CloseHandle (hSnapshot);
if(!pid) return 0; HANDLE hRemoteProcess = NULL,hRemoteThread = NULL;
hRemoteProcess = OpenProcess(
PROCESS_QUERY_INFORMATION | // Required by Alpha
PROCESS_CREATE_THREAD | // For CreateRemoteThread
PROCESS_VM_OPERATION | // For VirtualAllocEx/VirtualFreeEx
PROCESS_VM_WRITE, // For WriteProcessMemory
FALSE, pid);
void * pRemoteThread = VirtualAllocEx(hRemoteProcess, 0, THREADSIZE, MEM_COMMIT | MEM_RESERVE,PAGE_EXECUTE_READWRITE);
if(!WriteProcessMemory(hRemoteProcess, pRemoteThread, &MyTest, THREADSIZE,0))
return 0;
hRemoteThread = CreateRemoteThread(hRemoteProcess, NULL, 0, (DWORD (WINAPI *)(LPVOID))pRemoteThread, 0, 0, NULL);
return 0;
}
#include "stdafx.h"#include <tlhelp32.h>
#pragma comment (lib,"Advapi32.lib")const DWORD THREADSIZE=1024*4;DWORD WINAPI MyTest( LPVOID lpParameter )
{
::MessageBox(0,"hi",0,0);
return 0;
}int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
DWORD pid=0;
HANDLE hSnapshot = NULL;
hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
PROCESSENTRY32 pe;
pe.dwSize = sizeof(PROCESSENTRY32);
Process32First(hSnapshot,&pe);
do
{
if(_strnicmp(pe.szExeFile,"explorer.exe",strlen("explorer.exe"))==0)
{
pid = pe.th32ProcessID;
break;
}
}
while(Process32Next(hSnapshot,&pe)==TRUE);
CloseHandle (hSnapshot);
if(!pid) return 0; HANDLE hRemoteProcess = NULL,hRemoteThread = NULL;
hRemoteProcess = OpenProcess(
PROCESS_QUERY_INFORMATION | // Required by Alpha
PROCESS_CREATE_THREAD | // For CreateRemoteThread
PROCESS_VM_OPERATION | // For VirtualAllocEx/VirtualFreeEx
PROCESS_VM_WRITE, // For WriteProcessMemory
FALSE, pid);
void * pRemoteThread = VirtualAllocEx(hRemoteProcess, 0, THREADSIZE, MEM_COMMIT | MEM_RESERVE,PAGE_EXECUTE_READWRITE);
if(!WriteProcessMemory(hRemoteProcess, pRemoteThread, &MyTest, THREADSIZE,0))
return 0;
hRemoteThread = CreateRemoteThread(hRemoteProcess, NULL, 0, (DWORD (WINAPI *)(LPVOID))pRemoteThread, 0, 0, NULL);
return 0;
}
解决方案 »
- 怎样用new和delete进行动态二维数组内存分配与释放?
- 在编写完端口进程关联程序后的完善问题。(句柄数猛增)
- 怎样将TextOut函数的参数X,Y转换成为文档坐标?
- 如何用vc控制鼠标操作?
- 关于VC的菜鸟问题
- 创建了一个SDK的DLL,为了使用CString而包含afxwin.h,导致如下错误,请高人指点。
- 关于得到窗体上控件的问题
- MFC 怎么连接 ACESS 数据库?
- 精通ATL的请进?
- 关于属性页的小问题?
- hhk=SetWindowsHookEx(WH_KEYBOARD,(HOOKPROC)KeyboardProc,hInstance,0);hhk==NUll ???
- 一个DerectX方面的问题!!!!!!!!!
你可以找找《windows核心编程》看看,它附带的程序也很不错。
www.vckbase.com上也有一些讨论。
这一句是不是应该把 &MyTest 改成 MyTest? 函数名本身就是函数所在的在址了,
用高级语言创建远程线程的步骤:
1。先写自己的一个dll
2。获取Kernel32.dll中LoadLibraryA的地址
3。找出要寄生的进程
4。将自己dll的路径字符串用WriteProcessMemory copy到寄生进程就CreateRemoteThread
5。the end.