//来自<逆向工程核心原理>一书
#include <windows.h>
#include <tchar.h>
#include <stdio.h>
void ChildProc()
{
MessageBox(NULL, L"This is a child process!", L"DebugMe2", MB_OK);
ExitProcess(0);
}
void _tmain(int argc, TCHAR *argv[])
{
TCHAR szPath[MAX_PATH] = {0,};
STARTUPINFO si = {sizeof(STARTUPINFO),};
PROCESS_INFORMATION pi = {0,};
CONTEXT ctx = {0,};
_tprintf(L"This is a parent process!\n");
if( !GetModuleFileName(NULL, szPath, sizeof(TCHAR) * MAX_PATH) )
{
printf("GetModuleFileName() failed! [%d]\n", GetLastError());
return;
}
// Create Child Process
if( !<span style="color:#ff0000;">CreateProcess</span>(
szPath,
NULL,
NULL,
NULL,
FALSE,
<span style="color:#ff0000;"> CREATE_SUSPENDED,</span>
NULL,
NULL,
&si,
&pi) )
{
printf("CreateProcess() failed! [%d]\n", GetLastError());
return;
}
// Change EIP
ctx.ContextFlags = CONTEXT_FULL;
if( !<span style="color:#ff0000;">GetThreadContext</span>(pi.hThread, &ctx) )
{
printf("GetThreadContext() failed! [%d]\n", GetLastError());
return;
}
ctx.Eip = (DWORD)ChildProc;
if( !<span style="color:#ff0000;">SetThreadContext</span>(pi.hThread, &ctx) )
{
printf("SetThreadContext() failed! [%d]\n", GetLastError());
return;
}
// Resume Main Thread
if( -1 == <span style="color:#ff0000;">ResumeThread</span>(pi.hThread) )
{
printf("ResumeThread() failed! [%d]\n", GetLastError());
return;
}
WaitForSingleObject(pi.hProcess, INFINITE);
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
}
3987
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
