ReadProcessMemory

A- A+
流沙团 C/C++ 2955View 0

测试进程之间互相读取信息 

// 20180106_06.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <stdio.h>
#include <windows.h>

int main(int argc, char* argv[])
{
	TCHAR szFileName[] = "c://ipmsg.exe";

	STARTUPINFO si={0};
	si.cb = sizeof(STARTUPINFO);
	PROCESS_INFORMATION pi;

	//创建进程, 并挂起
	CreateProcess(szFileName,
		NULL,
		NULL,
		NULL,
		FALSE,
		CREATE_SUSPENDED,
		NULL,
		NULL,
		&si,
		&pi);

	printf("进程的: %x, %x\n",pi.hProcess,pi.hThread);
	//获取挂起的继承信息
	CONTEXT contx;
	contx.ContextFlags = CONTEXT_FULL;
	GetThreadContext(pi.hThread,&contx);
	printf("OEP: %x \n",contx.Eax);

	//获取ImageBase的信息
	char* baseAddress  = (CHAR*)contx.Ebx+8;
	TCHAR szBuffer[4]={0};
	ReadProcessMemory(pi.hProcess,baseAddress,szBuffer,4,NULL);
	int* fileImageBase         ;
	//sscanf(szBuffer,"%s",&fileImageBase);
	fileImageBase = (int*)szBuffer;
	printf("ImageBase: %x\n",*fileImageBase);

	ResumeThread(pi.hThread);
	
	return 0;
}

 

 

原文链接: ReadProcessMemory 版权所有,转载时请注明出处,违者必究。
注明出处格式:流沙团 ( http://www.gyarmy.com/post-361.html )

发表评论

0则评论给“ReadProcessMemory”