#include "stdafx.h" #include <WINDOWS.H>
int main(int argc, char* argv[]) { SECURITY_ATTRIBUTES sa_p; sa_p.nLength = sizeof(sa_p); sa_p.lpSecurityDescriptor = NULL; sa_p.bInheritHandle = TRUE; SECURITY_ATTRIBUTES sa_t; sa_t.nLength = sizeof(sa_t); sa_t.lpSecurityDescriptor = NULL; sa_t.bInheritHandle = TRUE; STARTUPINFOA si; PROCESS_INFORMATION pi; ZeroMemory(&si, sizeof(si)); si.cb = sizeof(si); ZeroMemory(&pi, sizeof(pi)); //si.dwFlags = STARTF_USESHOWWINDOW; // 指定wShowWindow成员有效 //si.wShowWindow = TRUE; // 此成员设为TRUE的话则显示新建进程的主窗口,
char s1[50] = {0}; char s2[255] = {0}; char szBuffer[256] = {0}; //TCHAR stcAppName[] = TEXT("C://Program Files//Internet Explorer//iexplore.exe");
TCHAR stcAppName[] = TEXT("C:\\Windows\\SysWOW64\\notepad.exe"); BOOL res1 = CreateProcess(NULL,stcAppName,&sa_p,&sa_t,TRUE,CREATE_SUSPENDED,NULL,NULL,&si,&pi); if (!res1) { DWORD dwcode = GetLastError(); printf("%x\n",dwcode); } //打印入口值
CONTEXT contx; contx.ContextFlags = CONTEXT_FULL; int code = GetThreadContext(pi.hThread,&contx); printf("入口点:%x\n",contx.Eax); //获取ImageBase
char* baseAddress = (CHAR *) contx.Ebx+8; memset(szBuffer,0,256); ReadProcessMemory(pi.hProcess,baseAddress,szBuffer,4,NULL); ResumeThread(pi.hThread); getchar(); printf("Hello World!\n"); return 0; }
