#include "stdafx.h"
#include <WINDOWS.H>
int main(int argc, char* argv[])
{
SECURITY_ATTRIBUTES sa_p;
sa_p.nLength = sizeof(sa_p);
sa_p.lpSecurityDescriptor = NULL;
sa_p.bInheritHandle = TRUE;
SECURITY_ATTRIBUTES sa_t;
sa_t.nLength = sizeof(sa_t);
sa_t.lpSecurityDescriptor = NULL;
sa_t.bInheritHandle = TRUE;
STARTUPINFOA si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
ZeroMemory(&pi, sizeof(pi));
//si.dwFlags = STARTF_USESHOWWINDOW; // 指定wShowWindow成员有效
//si.wShowWindow = TRUE; // 此成员设为TRUE的话则显示新建进程的主窗口,
char s1[50] = {0};
char s2[255] = {0};
char szBuffer[256] = {0};
//TCHAR stcAppName[] = TEXT("C://Program Files//Internet Explorer//iexplore.exe");
TCHAR stcAppName[] = TEXT("C:\\Windows\\SysWOW64\\notepad.exe");
BOOL res1 = CreateProcess(NULL,stcAppName,&sa_p,&sa_t,TRUE,CREATE_SUSPENDED,NULL,NULL,&si,&pi);
if (!res1)
{
DWORD dwcode = GetLastError();
printf("%x\n",dwcode);
}
//打印入口值
CONTEXT contx;
contx.ContextFlags = CONTEXT_FULL;
int code = GetThreadContext(pi.hThread,&contx);
printf("入口点:%x\n",contx.Eax);
//获取ImageBase
char* baseAddress = (CHAR *) contx.Ebx+8;
memset(szBuffer,0,256);
ReadProcessMemory(pi.hProcess,baseAddress,szBuffer,4,NULL);
ResumeThread(pi.hThread);
getchar();
printf("Hello World!\n");
return 0;
}
