最简单的远程线程

发布时间:2017-2-22 0:41:02 编辑:www.fx114.net 分享查询网我要评论
本篇文章主要介绍了"最简单的远程线程",主要涉及到最简单的远程线程方面的内容,对于最简单的远程线程感兴趣的同学可以参考一下。

1. Windows子系统设置错误, 提示: libcmtd.lib(crt0.obj) : error LNK2001: unresolved external symbol _main Windows项目要使用Windows子系统, 而不是Console, 可以这样设置: [Project] --> [Settings] --> 选择"Link"属性页, 在Project Options中将/subsystem:console改成/subsystem:windows       #include <windows.h>typedef struct _RemotePara//参数结构{char pMessageBox[102];DWORD dwMessageBox;}RemotePara;//远程线程DWORD __stdcall ThreadProc (RemotePara *lpPara){typedef int (__stdcall *MMessageBoxA)(HWND,LPCTSTR,LPCTSTR,DWORD);//定义MessageBox函数MMessageBoxA myMessageBoxA;myMessageBoxA =(MMessageBoxA) lpPara->dwMessageBox ;//得到函数入口地址myMessageBoxA(NULL,lpPara->pMessageBox ,lpPara->pMessageBox,MB_YESNO);//call return 0;}void EnableDebugPriv();//提升应用级调试权限 int APIENTRY WinMain(HINSTANCE hInstance,                     HINSTANCE hPrevInstance,                     LPSTR     lpCmdLine,                     int       nCmdShow){  // TODO: Place code here. const DWORD THREADSIZE=1024*8; DWORD byte_write; EnableDebugPriv();//提升权限 HANDLE hWnd = ::OpenProcess (PROCESS_CREATE_THREAD |   PROCESS_VM_OPERATION |  PROCESS_VM_WRITE,  FALSE,940);//PROCESS_ALL_ACCESS if(!hWnd)return 0; void *pRemoteThread =::VirtualAllocEx(hWnd,0,THREADSIZE,MEM_COMMIT| MEM_RESERVE,PAGE_EXECUTE_READWRITE); if(!pRemoteThread)return 0; if(!::WriteProcessMemory(hWnd,pRemoteThread,&ThreadProc,THREADSIZE,0))  return 0;  //再付值 RemotePara myRemotePara; ::ZeroMemory(&myRemotePara,sizeof(RemotePara)); HINSTANCE hUser32 = ::LoadLibrary ("user32.dll");//user32 myRemotePara.dwMessageBox =(DWORD) ::GetProcAddress (hUser32 , "MessageBoxA");//MessageBoxA strcat(myRemotePara.pMessageBox,"helloREWTGAEST/0"); //写进目标进程 RemotePara *pRemotePara =(RemotePara *) ::VirtualAllocEx (hWnd ,0,sizeof(RemotePara),MEM_COMMIT,PAGE_READWRITE);//注意申请空间时的页面属性 if(!pRemotePara)return 0; if(!::WriteProcessMemory (hWnd ,pRemotePara,&myRemotePara,sizeof myRemotePara,0))return 0;  //启动线程 HANDLE hThread = ::CreateRemoteThread (hWnd ,0,0,(DWORD (__stdcall *)(void *))pRemoteThread ,pRemotePara,0,&byte_write); if(!hThread){  return 0; }  return 0;} void EnableDebugPriv( void ){ HANDLE hToken; LUID sedebugnameValue; TOKEN_PRIVILEGES tkp;  if ( ! OpenProcessToken( GetCurrentProcess(),  TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) )  return; if ( ! LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue ) ){  CloseHandle( hToken );  return; } tkp.PrivilegeCount = 1; tkp.Privileges[0].Luid = sedebugnameValue; tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if ( ! AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL ) )  CloseHandle( hToken );}  

上一篇:NRA High Power Competition
下一篇:javascript技巧大全

相关文章

相关评论