在vc环境中一个c语言源程序要经过编译,在vc环境中,一个c语言源程序要经过编辑、编译、和什么后才能执行？...-优快云博客

2020-02-25 回答

//code by pnig0s1992

//date:2012,3,13

#include

typedef void (_stdcall*p)(void);

bool enabledebugpriv()

{

handle htoken;

luid sedebugnamevalue;

token_privileges tkp;

if (!openprocesstoken(getcurrentprocess(),

token_adjust_privileges | token_query, &htoken))

{

return false;

}

if (!lookupprivilegevalue(null, se_debug_name, &sedebugnamevalue))

{

closehandle(htoken);

return false;

}

tkp.privilegecount = 1;

tkp.privileges[0].luid = sedebugnamevalue;

tkp.privileges[0].attributes = se_privilege_enabled;

if (!adjusttokenprivileges(htoken, false, &tkp, sizeof(tkp), null, null))

{

closehandle(htoken);

return false;

}

return true;

}

dword getprocesshandle(lpctstr lpprocessname)//根据进程名查找进程pid

{

dword dwret = 0;

handle hsnapshot = createtoolhelp32snapshot(th32cs_snapprocess,0);

if(hsnapshot == invalid_handle_value)

{

printf("\n获得进程快照失败%d",getlasterror());

return dwret;

}

processentry32 pe32;//声明进程入口对象

pe32.dwsize = sizeof(processentry32);//填充进程入口对象大小

process32first(hsnapshot,&pe32);//遍历进程列表

{

if(!lstrcmpi(pe32.szexefile,lpprocessname))//查找指定进程名的pid

{

dwret = pe32.th32processid;

break;

}

} while (process32next(hsnapshot,&pe32));

closehandle(hsnapshot);

return dwret;//返回

}

int main(int argc,char * argv[])

{

dword dwpid = getprocesshandle((lpctstr)argv[1]);

lpcstr lpdllname = "c:\\windows\\system32\\printmsg.dll";

if(!enabledebugpriv())printf("开启调试失败:%d",getlasterror());

handle hprocess = openprocess(process_vm_operation|process_vm_write|process_create_thread ,false,dwpid);

if(hprocess == null)

{

printf("\n获取进程句柄错误%d",getlasterror());

return -1;

}

dword dwsize = strlen(lpdllname)+1;

dword dwhaswrite;

lpvoid lpremotebuf = virtualallocex(hprocess,null,dwsize,mem_commit,page_readwrite);

if(writeprocessmemory(hprocess,lpremotebuf,(void*)lpdllname,dwsize,&dwhaswrite))

{

if(dwhaswrite != dwsize)

{

virtualfreeex(hprocess,lpremotebuf,dwsize,mem_commit);

closehandle(hprocess);

return -1;

}

}else

{

printf("\n写入远程进程内存空间出错%d。",getlasterror());

closehandle(hprocess);

return -1;

}

dword dwnewthreadid;

lpvoid lploaddll = getprocaddress(getmodulehandle(text("kernel32")), "loadlibrarya");

if(lploaddll==null){printf("sb");exit(1);}

handle hnewremotethread = createremotethread(hprocess,null,0,(lpthread_start_routine)lploaddll,lpremotebuf,0,&dwnewthreadid);

if(hnewremotethread == null)

{

printf("\n建立远程线程失败%d",getlasterror());

closehandle(hprocess);

return -1;

}

waitforsingleobject(hnewremotethread,infinite);

closehandle(hnewremotethread);

//准备卸载之前注入的dll

dword dwhandle,dwid;

lpvoid pfunc = getmodulehandlea;//获得在远程线程中被注入的dll的句柄

handle hthread = createremotethread(hprocess,null,0,(lpthread_start_routine)pfunc,lpremotebuf,0,&dwid);

waitforsingleobject(hthread,infinite);

getexitcodethread(hthread,&dwhandle);//线程的结束码即为dll模块儿的句柄

closehandle(hthread);

pfunc = freelibrarya;

hthread = createremotethread(hthread,null,0,(lpthread_start_routine)pfunc,(lpvoid)dwhandle,0,&dwid); //将freelibrarya注入到远程线程中去卸载dll

waitforsingleobject(hthread,infinite);

closehandle(hthread);

closehandle(hprocess);

return 0;

}

\\内容来源于网上，本人亲测可以成功(必须关闭杀毒软件)