VirtualFreeExΪɶһֱʧ°ÜÄØ
ÍøÉϸ´ÖƵķ½·¨£¬·¢ÏÖµ÷Óöà´ÎºóÄÚ´æÕ¼ÓÃÔ½À´Ô½¶à£¬ºóÀ´Í¨¹ýgetlasterror»ñÈ¡µÄÖµÊÇ87£¬²»ÖªµÀÄÄÀïд´íÁË#include <iostream>
#include<stdio.h>
#include<windows.h>
using namespace std;
//**************************************************************************************
//º¯ÊýÃû£ºInfusionFunc
//¹¦ÄÜ£º·â×°Ô¶³Ì×¢ÈëµÄº¯Êý
//²ÎÊý 1£º½ø³ÌID
//²ÎÊý 2£º±»×¢È뺯ÊýÖ¸Õë<º¯ÊýÃû>
//²ÎÊý 3£º²ÎÊý
//²ÎÊý 4£º²ÎÊý³¤¶È
//**************************************************************************************
void InfusionFunc(DWORD dwProcId,LPVOID mFunc, LPVOID Param, DWORD ParamSize)
{
HANDLE hProcess;//Ô¶³Ì¾ä±ú
LPVOID mFuncAddr;//ÉêÇ뺯ÊýÄÚ´æµØÖ·
LPVOID ParamAddr;//ÉêÇë²ÎÊýÄÚ´æµØÖ·
HANDLE hThread; //Ï߳̾ä±ú
DWORD NumberOfByte; // ·µ»ØÖµ
//´ò¿ª±»×¢ÈëµÄ½ø³Ì¾ä±ú
//PROCESS_ALL_ACCESS
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcId);
//ÉêÇëÄÚ´æ
mFuncAddr = VirtualAllocEx(hProcess,NULL,128,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
ParamAddr = VirtualAllocEx(hProcess,NULL,ParamSize,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
//дÄÚ´æ
WriteProcessMemory(hProcess,mFuncAddr,mFunc,128, &NumberOfByte);
WriteProcessMemory(hProcess,ParamAddr,Param,ParamSize, &NumberOfByte);
//´´½¨Ô¶³ÌÏß³Ì
hThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)mFuncAddr,
ParamAddr,0,&NumberOfByte);
WaitForSingleObject(hThread, INFINITE); //µÈ´ýÏ߳̽áÊø
//ÊÍ·ÅÉêÇëÓÐÄÚ´æ
VirtualFreeEx(hProcess,mFuncAddr,128,MEM_RELEASE);
VirtualFreeEx(hProcess,ParamAddr,ParamSize,MEM_RELEASE);
//ÊÍ·ÅÔ¶³Ì¾ä±ú
CloseHandle(hThread);
CloseHandle(hProcess);
} ²»¶®Ê²Ã´ ¶¥Ò»Ï ºÃÀ÷º¦µÄÑù×Ó ÊÔÊÔ¿´²»Ð´128ÓÃsizeof ÄØ£¿... 87´íÎóÂë˵µÄºÜÃ÷°×£¬²ÎÊý´íÎó£¡ dwSize
ÐéÄâÄÚ´æ¿Õ¼äµÄ×Ö½ÚÊý¡£
Èç¹û dwFreeType Ϊ MEM_RELEASE£¬Ôò dwSize ±ØÐëΪ0 . °´ VirtualAllocExÉóÇëʱµÄ´óСȫ²¿ÊÍ·Å¡£
Èç¹ûdwFreeType Ϊ MEM_DECOMMIT, ÔòÊÍ·Å´ÓlpAddress ¿ªÊ¼µÄÒ»¸ö»ò¶à¸ö×Ö½Ú £¬¼´ lpAddress +dwSize¡£
À´×Ô°Ù¶È°Ù¿Æ ËµµÄºÜÇå³þ dwSize ²»ÐèÒªÄ㴫ʲô128 Ò²²»ÐèÒªÄãsizeofµ±ÄãÏëÊÍ·ÅÈ«²¿ÉêÇëµÄÄÚ´æ Ö±½Ó¸ø0 invoke VirtualFreeEx,@hProc,@dwNeiCun_DZ,0,MEM_RELEASE
V5£¬Ö§³ÖÂ¥Ö÷£¡ лл¥Ö÷·ÖÏí~
Ò³:
[1]