writepr2.asm

来自「windows下汇编语言学习汇编语言好助手」· 汇编代码 · 共 279 行

ASM

279 行

;********************************
;文件：WritePr2.asm 		*
;功能：写入别的进程的地址空间	*
;********************************
.386p
.model flat,stdcall
extrn MessageBoxA:proc
extrn ExitProcess:proc
extrn ExitThread:proc
extrn CreateProcessA:proc
extrn CloseHandle:proc
extrn CreateRemoteThread:proc
extrn WriteProcessMemory:proc
extrn ResumeThread:proc
extrn GetLastError:proc
extrn GetThreadContext:proc
extrn SetThreadContext:proc
extrn VirtualQueryEx:proc
extrn GetModuleHandleA:proc
extrn GetProcAddress:proc
extrn GetExitCodeThread:proc
extrn Sleep:proc

MB_OK = 0
NULL  = 0
FALSE = 0
INFINITE   = 0FFFFFFFFH
CREATE_SUSPENDED  = 00000004H
SIZE_OF_80387_REGISTERS    =  80

STATUS_PENDING   = 00000103H
STILL_ACTIVE     = STATUS_PENDING

CONTEXT_i386   = 00010000H
CONTEXT_i486   = 00010000H

CONTEXT_CONTROL  =   CONTEXT_i386 or 00000001H ; SS:SP, CS:IP, FLAGS, BP
CONTEXT_INTEGER  =   CONTEXT_i386 or 00000002H ; AX, BX, CX, DX, SI, DI

MEMORY_BASIC_INFORMATION STRUC
	BaseAddress			DD ?	;base address of region 
	AllocationBase		DD ?	;allocation base address 
	AllocationProtect	DD ?	;initial access protection 
	RegionSize	DD ?	;size, in bytes, of region 
	State		DD ?	;committed, reserved, free 
	Protect		DD ?	;current access protection 
	Type		DD ?	;type of pages 
ENDS

STARTUPINFO STRUC
   cb			DD ?
   lpReserved	DD ?
   lpDesktop	DD ?
   lpTitle		DD ?
   dwX			DD ?
   dwY			DD ?
   dwXSize		DD ?
   dwYSize		DD ?
   dwXCountChars	DD ?
   dwYCountChars 	DD ?
   dwFillAttribute	DD ?
   dwFlags		DD ?
   wShowWindow  DW ?
   cbReserved2	DW ?
   lpReserved2	DD ?
   hStdInput 	DD ?
   hStdOutput	DD ?
   hStdError	DD ?
ENDS
	
PROCESS_INFOMATION STRUC
    hProcess 	DD ?
    hThread  	DD ?
    dwProcessId	DD ?
    dwThreadId 	DD ?
ENDS

FLOATING_SAVE_AREA STRUC
	ControlWord	DD ?
	StatusWord	DD ?
	TagWord		DD ?
	ErrorOffset	DD ?
	ErrorSelector	DD ?
	DataOffset		DD ?
	DataSelector	DD ?
	RegisterArea    DB SIZE_OF_80387_REGISTERS DUP(?)
	Cr0NpxState		DD ?
ENDS

CONTEXT STRUC
	ContextFlags DD ?

	X86Dr0	DD ?
	X86Dr1	DD ?
    X86Dr2	DD ?
    X86Dr3	DD ?
    X86Dr6	DD ?
    X86Dr7	DD ?

	FloatSave FLOATING_SAVE_AREA<>

	SegGs	dd ?
	SegFs	dd ?
	SegEs	dd ?
	SegDs	dd ?

	X86Edi	dd ?
	X86Esi	dd ?
	X86Ebx	dd ?
	X86Edx	dd ?
	X86Ecx	dd ?
	X86Eax	dd ?

	X86Ebp	dd ?
	X86Eip	dd ?
	SegCs	dd ?
	EFlags	dd ?
	X86Esp	dd ?
	SegSs	dd ?
ENDS

.data 
	Ctt	CONTEXT<>
	Mbi	MEMORY_BASIC_INFORMATION<>
	SUI	STARTUPINFO<17*4,>
	PI	PROCESS_INFOMATION<>
	ProcessName	db '..\..\Chapter3\Asm32\Asm32.exe',0	
	CaptionLoad	db '载入进程',0
	CaptionCRT0	db '建立远程线程(0)',0
	CaptionCRT1	db '建立远程线程(1)',0
	CaptionGTC	db '取线程CONTEXT:call GetThreadContext',0
	CaptionVQE	db 'call VirtualQueryEx',0
	CaptionWPM	db 'call WriteMemoryProcess',0
	CaptionGMHK	db 'call GetModule--Kernel32',0
	CaptionGMHU	db 'call GetModule--User32',0
	CaptionGAET	db 'call GetProcessAddr--ExitThread',0
	CaptionGAMBA	db 'call GetProcessAddr--MessageBoxA',0
	CaptionSTC	db 'call SetThreadContext',0	
	TextFail    db '失败!',0
	NumWritten	dd ?
	hKernel		dd ?
	hUser		dd ?
	hGdi		dd ?
	dwThreadNew	dd ?
	hThreadNew	dd ?
	dwThreadNew1	dd ?
	hThreadNew1		dd ?	
	ThreadExitCode	dd ?
	szKernel	db 'Kernel32.dll',0
	szUser		db 'User32.dll',0
	szGdi		db 'Gdi32.dll',0
	szExitThread	db 'ExitThread',0
	szMessageBoxA	db 'MessageBoxA',0
;=======================================================
OtherProcessProc label byte
	call Addr
Addr:	
	pop  ebx
	mov  eax,ebx
	mov  esi,ebx
	mov  edi,ebx
	add  ebx,TextStr-Addr
	add  eax,CaptionStr-Addr
	add  esi,AddrOfMsgBoxA-Addr
	add  edi,AddrOfExitThread-Addr
	push edi
	call [esi],NULL,ebx,eax,MB_OK		;call MessageBoxA
	pop  edi
	call [edi],eax	;CALL ExitThread
	AddrOfMsgBoxA		dd ?
	AddrOfExitThread	dd ?
	TextStr		db '在别的进程建线程、写代码并执行',0
	CaptionStr	db '运行成功!',0
OtherProcessProcLen=$-OtherProcessProc	
;+++++++++++++++++++++++++++++++++++++++++++++++
.code
main:
	call CreateProcessA,offset ProcessName,0,0,0,FALSE,0,0,0,offset SUI,offset PI
	or   eax,eax
	jnz  Next0	
	mov  eax,offset CaptionLoad
	jmp  Error
Next0:
	;建立远程线程以取得空间
	call CreateRemoteThread,PI.hProcess,NULL,OtherProcessProcLen+1024,0,NULL,CREATE_SUSPENDED,offset dwThreadNew
	mov  hThreadNew,eax
	or   eax,eax
	jnz  Next1
	mov  eax,offset CaptionCRT0
	jmp  Error
Next1:
	mov  Ctt.ContextFlags,CONTEXT_CONTROL or CONTEXT_INTEGER
	call GetThreadContext,hThreadNew,offset Ctt
	or   eax,eax
	jnz  Next2
	mov  eax,offset CaptionGTC
	jmp  Error
Next2:
	mov  ebx,Ctt.X86Esp
	dec  ebx
	call VirtualQueryEx,PI.hProcess,ebx,offset Mbi,size Mbi
	cmp  eax,size Mbi
	jz   Next3
	mov  eax,offset CaptionVQE
	jmp  Error	
Next3:	
	call GetModuleHandleA,offset szKernel	;取Kernal32.dll句柄
	mov  hKernel,eax
	or   eax,eax
	jnz  Next31
	mov  eax,offset CaptionGMHK
	jmp  Error
Next31:	
	call GetModuleHandleA,offset szUser		;取User32.dll句柄
	mov  hUser,eax
	or   eax,eax
	jnz  Next32
	mov  eax,offset CaptionGMHU
	jmp  Error
Next32:
	call GetProcAddress,hUser,offset szMessageBoxA
	mov  AddrOfMsgBoxA,eax
	or   eax,eax
	jnz  Next33
	mov  eax,offset CaptionGAMBA
	jmp  Error
Next33:
	call GetProcAddress,hKernel,offset szExitThread	
	mov  AddrOfExitThread,eax
	mov  Ctt.X86Eip,eax		;把线程的开始运行地址放在ExitThread
	or   eax,eax
	jnz  Next4
	mov  eax,offset CaptionGAET
	jmp  Error	
Next4:
	;把我们的子程序写入远程地址空间
	call WriteProcessMemory,PI.hProcess,Mbi.BaseAddress,offset OtherProcessProc,OtherProcessProcLen,offset NumWritten
	or   eax,eax
	jnz  Next5
	mov  eax,offset CaptionWPM
	jmp  Error
Next5:
	call SetThreadContext,hThreadNew,offset Ctt
	or   eax,eax
	jnz  Next6
	mov  eax,offset CaptionSTC
	jmp  Error
Next6:
	;建立线程并运行
	call CreateRemoteThread,PI.hProcess,NULL,0,Mbi.BaseAddress,0,0,offset dwThreadNew1
	mov  hThreadNew1,eax
	or   eax,eax
	jnz  Next7
	mov  eax,offset CaptionCRT1
	jmp  Error
Next7:	
	call Sleep,1500
	call GetExitCodeThread,hThreadNew1,offset ThreadExitCode
	cmp  [ThreadExitCode],STILL_ACTIVE
	jz   Next7
	call ResumeThread,hThreadNew
	jmp  Complete
Error:
	call MessageBoxA,0,offset TextFail ,eax,MB_OK
Complete:
	cmp  PI.hProcess,0
	jz   Exit
	call CloseHandle,PI.hProcess
	call CloseHandle,PI.hThread
	cmp  hThreadNew,0
	jz   Exit
	call CloseHandle,hThreadNew
	cmp  hThreadNew1,0
	jz   Exit
	call CloseHandle,hThreadNew1	
Exit:	
	call ExitProcess,0
	end main

writepr2.asm - 源码说明

本页面展示了「windows下汇编语言学习汇编语言好助手」中的 writepr2.asm 源码文件，采用汇编编程语言编写，共 279 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与windows相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C

搜索代码Ctrl + F

全屏模式F11

增大字号Ctrl + =

减小字号Ctrl + -

显示快捷键?