DWORD pid = 0x590;
// 得到目标进程句柄
HANDLE hRemoteProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
char fileName[] = "c:\\my.dll";
int cb = (1 + sizeof(fileName));
LPVOID remoteAddress = (LPVOID) VirtualAllocEx( hRemoteProcess, NULL, 0x1000, MEM_COMMIT, PAGE_READWRITE);
int iReturnCode = WriteProcessMemory(hRemoteProcess, remoteAddress, (PVOID) fileName, cb, NULL);
LPTHREAD_START_ROUTINE pfnStartAddr = (LPTHREAD_START_ROUTINE )GetProcAddress(GetModuleHandle("Kernel32.dll"), "LoadLibraryA");
CreateRemoteThread( hRemoteProcess, NULL, 0, pfnStartAddr, remoteAddress, 0, NULL);
//VirtualFreeEx();
VirtualFreeEx(hRemoteProcess, remoteAddress, 0x1000, MEM_DECOMMIT);
网友评论