📄 subject_35464.htm
字号:
<p>
序号:35464 发表者:han_shaojie 发表日期:2003-04-07 09:36:26
<br>主题:关于EnumProcesses,请教高手
<br>内容:我在进程中使用EnumProcesses没有任何问题。但是当我用createremotethread()函数把代码写入别的进程,用loadlibrary()把EnumProcesses的地址也传入那个进程,但是执行EnumProcesses时总是报“我传入的地址”的指令引用了“我传入的地址”的内存,该内存不能为"read"。请教高手这是为何?该如何解决。多谢!
<br><a href="javascript:history.go(-1)">返回上页</a><br><a href=http://www.copathway.com/cndevforum/>访问论坛</a></p>
<hr size=1>
<blockquote><p>
<font color=red>答案被接受</font><br>回复者:neilgan 回复日期:2003-04-07 12:25:35
<br>内容:If I need to answer you in one sentence, that will be: CreateRemoteThread need an address in remote process. For a same function, it is quite possible that it is in different addresses in different processes.<BR><BR>I don't know what do you mean "use loadlibrary to transfer the address of EnumProcesses to the remote process". LoadLibrary cann't do that.<BR><BR>LoadLibrary is a function in Kernel32.dll and this dll is loaded in the same address for every process, so you can get the address of LoadLibrary from local process and use it in remote process.<BR><BR>EnumProcesses is a function in psapi.dll, this dll is loaded in different addresses for different processes(in most case), so you cann't use it in remote process.<BR><BR>I don't know why do you want to let remote process to excute EnumProcesses, because the result will be the same with what you get if you excute it in local process.<BR><BR>If you want to control a existing process, you need EnumProcesses, OpenProcess and two fuctions: LoadRemoteLibrary and FreeRemoteLibrary. These two fuction load and free a library for remote process. Once you can load a library for a remote process, you can do anything to it because the DllMain code will run in the scope of that process.<BR>
<br>
<a href="javascript:history.go(-1)">返回上页</a><br><a href=http://www.copathway.com/cndevforum/>访问论坛</a></p></blockquote>
<hr size=1>
<blockquote><p>
回复者:han_shaojie 回复日期:2003-04-07 12:34:45
<br>内容:but the loadRemoteLibrary and the FreeRemoteLibrary is not found in msdn.can you tell me what these function are.
<br>
<a href="javascript:history.go(-1)">返回上页</a><br><a href=http://www.copathway.com/cndevforum/>访问论坛</a></p></blockquote>
<hr size=1>
<blockquote><p>
回复者:neilgan 回复日期:2003-04-07 13:00:39
<br>内容:Sorry. I wrote these two functions. I forgot to attach them. Following is the source code:<BR><BR>HMODULE LoadRemoteLibrary(HANDLE hProcess,const char *pcLibraryName)<BR>{<BR> void* pvRemoteMem=NULL;<BR> DWORD dwBytesWritten;<BR> HMODULE hRetVal=NULL;<BR> DWORD dwRemoteThreadId;<BR> HANDLE hRemoteThread=NULL;<BR><BR> __try<BR> {<BR> pvRemoteMem=VirtualAllocEx(hProcess,NULL,strlen(pcLibraryName)+1,MEM_COMMIT,PAGE_EXECUTE_READWRITE);<BR> if (NULL == pvRemoteMem) __leave;<BR><BR> if (FALSE == WriteProcessMemory(hProcess,pvRemoteMem,(void*)pcLibraryName,strlen(pcLibraryName)+1,&dwBytesWritten))<BR> __leave;<BR><BR> hRemoteThread=CreateRemoteThread(hProcess,NULL,1024*16,<BR> (LPTHREAD_START_ROUTINE)LoadLibrary,pvRemoteMem,0,&dwRemoteThreadId);<BR> if (NULL == hRemoteThread)<BR> __leave;<BR> WaitForSingleObject(hRemoteThread,INFINITE);<BR> }<BR> __finally<BR> {<BR> if (NULL != hRemoteThread)<BR> {<BR> GetExitCodeThread(hRemoteThread,(DWORD*)&hRetVal);<BR> CloseHandle(hRemoteThread);<BR> }<BR> if (NULL != pvRemoteMem)<BR> VirtualFreeEx(hProcess,pvRemoteMem,0,MEM_RELEASE);<BR> }<BR> return hRetVal;<BR>}<BR><BR>BOOL FreeRemoteLibrary(HANDLE hProcess, HMODULE hRemoteLibrary)<BR>{<BR> DWORD dwRemoteThreadId;<BR> HANDLE hRemoteThread;<BR> BOOL nRetVal;<BR><BR> hRemoteThread=CreateRemoteThread(hProcess,NULL,1024*16,<BR> (LPTHREAD_START_ROUTINE)FreeLibrary,(void*)hRemoteLibrary,0,&dwRemoteThreadId);<BR> if (NULL == hRemoteThread)<BR> return FALSE;<BR> <BR> WaitForSingleObject(hRemoteThread,INFINITE);<BR> GetExitCodeThread(hRemoteThread,(DWORD*)&nRetVal);<BR> return nRetVal;<BR>}<BR>
<br>
<a href="javascript:history.go(-1)">返回上页</a><br><a href=http://www.copathway.com/cndevforum/>访问论坛</a></p></blockquote>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -