其具体含义请参考msdn中关于virtualallocex函数的说明。
void* premotethread = virtualallocex(htargetprocess, 0,
dwthreadsize, mem_commit | mem_reserve, page_execute_readwrite);
if (!premotethread) {
messagebox(null, "alloc memory in target process failed !",
"notice", mb_iconinformation | mb_ok);
return 0;
}
//将线程体拷贝到宿主进程中
if (!writeprocessmemory(htargetprocess,
premotethread, &threadproc, dwthreadsize, 0)) {
messagebox(null, "write data to target process failed !",
"notice", mb_iconinformation | mb_ok);
return 0;
}
//定义线程参数结构体变量
remoteparam remotedata;
zeromemory(&remotedata, sizeof(remoteparam));
//填充结构体变量中的成员
hinstance huser32 = loadlibrary("user32.dll");
remotedata.dwmessagebox = (dword)getprocaddress(huser32, "messageboxa");
strcat(remotedata.szmsg, "hello\0");
//为线程参数在宿主进程中开辟存储区域
remoteparam* premoteparam = (remoteparam*)virtualallocex(
htargetprocess , 0, sizeof(remoteparam), mem_commit, page_readwrite);
if (!premoteparam) {
messagebox(null, "alloc memory failed !",
"notice", mb_iconinformation | mb_ok);
return 0;
}
//将线程参数拷贝到宿主进程地址空间中
if (!writeprocessmemory(htargetprocess ,
premoteparam, &remotedata, sizeof(remotedata), 0)) {
messagebox(null, "write data to target process failed !",
"notice", mb_iconinformation | mb_ok);
return 0;
}
//在宿主进程中创建线程
handle hremotethread = createremotethread(
htargetprocess, null, 0, (dword (__stdcall *)(void *))premotethread,
premoteparam, 0, &dwwritebytes);
if (!hremotethread) {
messagebox(null, "create remote thread failed !", "notice", mb_iconinformation | mb_ok);
return 0;
}
closehandle(hremotethread);
freelibrary(huser32);
return 0;
}
不过有个困扰我的问题:就是在前面加上
#include <iostream>
using namespace std;
然后在主程序里输入进程名时不用scanf,而用cin,程序执行完就会弹出非法操作对话筐
我百思不得其解,望高手指点迷津。。。。。。。
这个程序在网上也能找到,献丑了
