分类分类
关注+2009-11-03作者:
//获得进程句柄
HWND hwnd=::FindWindow(NULL,"计算器");
if(!hwnd)
{
AfxMessageBox("请打开计算器");
return;
}
//取得进程句柄和进程ID
DWORD Process,ProcessId;
Process=::GetWindowThreadProcessId(hwnd,&ProcessId);
//利用进程句柄来打开进程
HANDLE hProcess=::OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_READ |PROCESS_VM_OPERATION
| PROCESS_VM_WRITE,false,ProcessId);
CString m_DllName="C:\\Documents and Settings\\User\\桌面\\CreateRemoteThread\\GameHook1\\Debug\\GameHook1.dll";
char* m_Rometstr;
//在计算器进程中为DLL的名字申请内存空间,返回值为申请到的空间基址
m_Rometstr=(char*)::VirtualAllocEx(hProcess,NULL,m_DllName.GetLength()+1,MEM_COMMIT,PAGE_READWRITE);
//写入DLL名字
::WriteProcessMemory(hProcess,m_Rometstr,m_DllName.GetBuffer(0),m_DllName.GetLength()+1,NULL);
LPTHREAD_START_ROUTINE pfn_LoadLib;
HANDLE hThread;
//取得LoadLibraryA的入口地址
pfn_LoadLib=(LPTHREAD_START_ROUTINE)::GetProcAddress(::GetModuleHandle("Kernel32"),"LoadLibraryA");
//建立新线程,并令入口点为LoadLibraryA,附加参数为DLL名字,令DLL启动
hThread=::CreateRemoteThread(hProcess,NULL,NULL,pfn_LoadLib,m_Rometstr,0,NULL);
WaitForSingleObject(hThread,INFINITE);
VirtualFreeEx(hProcess,m_Rometstr,0,MEM_RELEASE);
/////如果进程结束,则关闭进程头和线程头;
WaitForSingleObject( hProcess, INFINITE );
CloseHandle( hProcess );
CloseHandle( hThread );
//VirtualFreeEx(hProcess,m_Rometstr,0,MEM_RELEASE);
DWORD de=::GetLastError();
相关文章
更多+相同厂商
热门推荐
点击查看更多
点击查看更多
点击查看更多
说两句网友评论