关于注入
先上代码:
struct thread_task{
void *func;
char param[100];
};
unsigned long __stdcall remote_thead_function(void *param)
{
thread_task *task=(thread_task *)param;
void __stdcall (*output_dbg_string)(LPCTSTR)=0;
output_dbg_string=(void __stdcall (*)(LPCTSTR))(task->func);
output_dbg_string(task->param);
return 0;
}
void __stdcall inject_code4(char wnd_title[])
{
int r=0;
HWND wnd_handle=NULL;
unsigned long proc_id=0;
HANDLE goal_proc_handle=NULL;
void *code_vm=0;
void *data_vm=0;
thread_task task;
void *sys_dll_handle=NULL;
void *remote_thread=NULL;
ZeroMemory(&task,sizeof(task));
wnd_handle=FindWindow(NULL,wnd_title);
GetWindowThreadProcessId(wnd_handle,&proc_id);
goal_proc_handle=OpenProcess( PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE, false, proc_id );
sys_dll_handle=LoadLibrary("Kernel32.dll");
task.func=(void *)GetProcAddress(sys_dll_handle,"OutputDebugString");
FreeLibrary(sys_dll_handle);
MoveMemory(task.param,"I'm be injected!",strlen("I'm be injected!"));
code_vm=VirtualAllocEx(goal_proc_handle,NULL,2048,MEM_COMMIT | MEM_RESERVE,PAGE_EXECUTE_READWRITE);
data_vm=VirtualAllocEx(goal_proc_handle,NULL,sizeof(task),MEM_COMMIT | MEM_RESERVE,PAGE_READWRITE);
WriteProcessMemory(goal_proc_handle,code_vm,remote_thead_function,2048,NULL);
WriteProcessMemory(goal_proc_handle,data_vm,&task,sizeof(task),NULL);
CreateRemoteThread(goal_proc_handle,NULL,0,(LPTHREAD_START_ROUTINE)code_vm,data_vm,0,NULL);
}
void __fastcall TForm1::btn_inject_codeClick(TObject *Sender)
{
inject_code4("Sample");
}
感觉流程应该没问题啊,但是总是出现va问题,难道有其他注意事项吗?
[解决办法]
是000000000错误
