[00025]-[2015-09-20]-[00]-[代码注入技术 --- 0 基础知识]
[创建线程]
HANDLE CreateThread( LPSECURITY_ATTRIBUTES lpThreadAttributes; // NULL DWORD dwStackSize, // 0 LPTHREAD_START_ROUTINE lpStartAddress, // .... LPVOID lpParameter, // .... DWORD dwCreationFlags, // 0 LPDWORD lpThreadId // NULL ); HANDLE CreateRemoteThread( HANDLE hProcess, // .... LPSECURITY_ATTRIBUTES lpThreadAttributes; // NULL DWORD dwStackSize, // 0 LPTHREAD_START_ROUTINE lpStartAddress, // .... LPVOID lpParameter, // .... DWORD dwCreationFlags, // 0 LPDWORD lpThreadId // NULL ); // 从某种意义上说 CreateThread(...) { CreateRemoteThread(GetCurrentProcess(), ...); }
[事件同步处理]
WaitForSingleObject( HANDLE hHandle, DWORD dwTimeOut // INFINITE ); WaitForMultipleObject( DWORD nCount, CONST HANDLE * lpHandle, BOOL fWaitAll, DWORD dwTimeOut ); CRTICAL_SECTION m_cs; InitializeCriticalSection(&m_cs); DeleteCriticalSection(&m_cs); EnterCriticalSection(&m_cs); LeaveCriticalSection(&m_cs);
[DLL 的动态加载和卸载]
HANDLE LoadLibrary( LPCTSTR lpFileName );
FARPROC GetProcAddress(
HMODULE hModule,
LPCTSTR lpProcName
);
BOOL FreeLibrary( HMODULE hModule );
[(远程)目标进程内存空间的操作:分配内存空间和向内存空间写入数据]
LPVOID VirtualAllocEx( HANDLE hProcess, // 目标进程 LPVOID lpAddress, // 开始地址 NULL SIZE_T dwSize, // 分配大小 DWORD flAllocationType, // 申请内存的状态类型 MEM_COMMIT DWORD flProtect // 申请内存的内存属性 PAGE_READWRITE ); WriteProcessMemory( HANDLE hProcess, // 目标进程句柄 LPVOID lpBaseAddress, // 写入内存的起始地址 LPVOID lpBuffer, // 内容缓冲区(源地址) DWORD nSize // 写入内容的长度 );
