问题描述
代码:
STARTUPINFO si = { 0 };
PROCESS_informatION pi = { 0 };
WCHAR lpCmdline[] = L"ad.exe";
if (!CreateProcess(
NULL,lpCmdline,NULL,TRUE,CREATE_SUSPENDED,&si,&pi)) {
wprintf(L"Create process fail: %d\n",GetLastError());
return -1;
}
PROCESS_BASIC_informatION pbi = { 0 };
NtQueryinformationProcessFn pNtQueryinformationProcess = (NtQueryinformationProcessFn) \
GetProcAddress(LoadLibrary(L"ntdll"),"NtQueryinformationProcess");
ULONG dwRead;
if (NT_ERROR(pNtQueryinformationProcess(
pi.hProcess,ProcessBasicinformation,&pbi,sizeof pbi,&dwRead))) {
wprintf(L"Call NtQueryinformationProcess error: %d\n",GetLastError());
return -1;
}
PEB peb = { 0 };
SIZE_T stRead;
if (!ReadProcessMemory(pi.hProcess,pbi.PebBaseAddress,&peb,sizeof PEB,NULL)) {
wprintf(L"Call ReadProcessMemory fail: %d\n",GetLastError());
return -1;
}
return 0;
编译为x86二进制,ad.exe也是x86二进制。系统是Windows10 64位
PS C:\> .\t.exe
Call ReadProcessMemory fail: 6
PS C:\> file .\t.exe
.\t.exe: PE32 executable (console) Intel 80386,for MS Windows
PS C:\> file .\ad.exe
.\ad.exe: PE32 executable (console) Intel 80386,for MS Windows
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)