代码远程注入关键段
1 HANDLE handleProcess = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE 2 , FALSE 3 , dwProcessId); 4 5 //param 6 char szBuff[10]={0}; 7 *(DWORD*)szBuff = 1000; 8 void* pDataRemote = VirtualAllocEx(handleProcess,0,sizeof(szBuff),MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_READWRITE); 9 WriteProcessMemory(handleProcess,pDataRemote,szBuff,sizeof(szBuff),NULL); 10 11 //fun 12 DWORD cbCodeSize = (LPBYTE)InjectFunEnd - (LPBYTE)InjectFun; 13 PDWORD pCodeRemote = (PDWORD)VirtualAllocEx(handleProcess,0,cbCodeSize,MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_READWRITE); 14 WriteProcessMemory(handleProcess,pCodeRemote,&InjectFun,cbCodeSize,NULL); 15 16 HANDLE hThread = CreateRemoteThread(handleProcess,NULL,0,(LPTHREAD_START_ROUTINE)pCodeRemote,pDataRemote,0,NULL); 17 18 DWORD dwExtCode; 19 if (hThread) 20 { 21 WaitForSingleObject(hThread,INFINITE); 22 GetExitCodeThread(hThread,&dwExtCode); 23 24 printf("return %d",dwExtCode); 25 //TRACE("return %d",dwExtCode); 26 CloseHandle(hThread); 27 } 28 29 VirtualFreeEx(handleProcess,pCodeRemote,cbCodeSize,MEM_RELEASE); 30 VirtualFreeEx(handleProcess,pDataRemote,sizeof(szBuff),MEM_RELEASE); 31 32 CloseHandle(handleProcess);