21,497
社区成员
发帖
与我相关
我的任务
分享在另一个进程写中断,内存不让写啊,怎么办
我先提升本进程的权限
DWORD EnableDebugAccessCtl(BOOL bEnable)
{
HANDLE hTokenHandle = NULL;
if( !OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&hTokenHandle ) )
{
return GetLastError();
}
// Lookup the privilege value
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
if( !LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid ) )
{
CloseHandle(hTokenHandle);
return -1;
}
// Enable/disable the privilege
tp.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
if( !AdjustTokenPrivileges( hTokenHandle, FALSE, &tp, sizeof(tp), NULL, NULL ) )
{
CloseHandle(hTokenHandle);
return -1;
}
CloseHandle(hTokenHandle);
return 0;
}
在我的子线程UINT ProjDebugThreadFunc(LPVOID lpParam)里调用上面这个函数提升权限,
int purview;//设置权限
if(purview = EnableDebugAccessCtl(TRUE))
{
Info.pComplyShow->SetWindowText("权限不够!");
return purview;
}
再然后创建进程
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory( &si, sizeof(si) );
si.cb = sizeof(si);
::GetStartupInfo(&si);
ZeroMemory( &pi, sizeof(pi) );
CString Cmd;
Cmd = Info.strPathName.Left(Info.strPathName.Find('.'));
Cmd += ".exe";
if( !CreateProcess(NULL, Cmd.GetBuffer(0),
NULL, NULL, FALSE,
DEBUG_PROCESS | DEBUG_ONLY_THIS_PROCESS,
NULL, NULL,
&si, &pi ) )
{
Info.pComplyShow->SetWindowText("创建不成功!");
return GetLastError();
}
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
最后进入WaitForDebugEvent(&DebugInfo.debug_event, INFINITE); 循环
在此循环中WriteProcessMemory(hProcess,(LPVOID)rip,&codebuf,1,&readsize);不能写入,函数返回值为FALSE,这是为什么呢?我已经提升了权限啊?
高手帮帮忙~
DWORD EnableDebugAccessCtl(BOOL bEnable)
{
HANDLE hTokenHandle = NULL;
if( !OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&hTokenHandle ) )
{
return GetLastError();
}
// Lookup the privilege value
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
if( !LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid ) )
{
CloseHandle(hTokenHandle);
return -1;
}
// Enable/disable the privilege
tp.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
if( !AdjustTokenPrivileges( hTokenHandle, FALSE, &tp, sizeof(tp), NULL, NULL ) )
{
CloseHandle(hTokenHandle);
return -1;
}
CloseHandle(hTokenHandle);
return 0;
}
在我的子线程UINT ProjDebugThreadFunc(LPVOID lpParam)里调用上面这个函数提升权限,
int purview;//设置权限
if(purview = EnableDebugAccessCtl(TRUE))
{
Info.pComplyShow->SetWindowText("权限不够!");
return purview;
}
再然后创建进程
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory( &si, sizeof(si) );
si.cb = sizeof(si);
::GetStartupInfo(&si);
ZeroMemory( &pi, sizeof(pi) );
CString Cmd;
Cmd = Info.strPathName.Left(Info.strPathName.Find('.'));
Cmd += ".exe";
if( !CreateProcess(NULL, Cmd.GetBuffer(0),
NULL, NULL, FALSE,
DEBUG_PROCESS | DEBUG_ONLY_THIS_PROCESS,
NULL, NULL,
&si, &pi ) )
{
Info.pComplyShow->SetWindowText("创建不成功!");
return GetLastError();
}
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
最后进入WaitForDebugEvent(&DebugInfo.debug_event, INFINITE); 循环
在此循环中WriteProcessMemory(hProcess,(LPVOID)rip,&codebuf,1,&readsize);不能写入,函数返回值为FALSE,这是为什么呢?我已经提升了权限啊?
高手帮帮忙~
...全文
请发表友善的回复…
发表回复
rsp19801226 2007-06-13
- 打赏
- 举报
忘了我把rip直接写成0x400000,或是0x10000,或是0x401000都是一样的结果.
rsp19801226 2007-06-13
- 打赏
- 举报
我在EXCEPTION_BREAKPOINT中写的:
context.ContextFlags = CONTEXT_CONTROL;
if (dwBpCnt == 1)//第一次中断
{
GetThreadContext(hThread, &context);
context.EFlags |= 0x100; //开始单步
SetThreadContext(hThread,&context); }
else
{
}
然后是单步EXCEPTION_SINGLE_STEP了:
SuspendThread(hThread);
++dwSSCnt ;//初始化为0
if (1 == dwSSCnt)
{
char a[20];
context.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hThread, &context) ;
ReadProcessMemory(hProcess, (LPCVOID)(context.Esp+4), &dwAddrProc, sizeof(DWORD), NULL)
ReadProcessMemory(hProcess, (LPCVOID)dwAddrProc, &context, sizeof(CONTEXT), NULL) context.EFlags |= 0x100; //开始单步
WriteProcessMemory(hProcess, (LPVOID)dwAddrProc, &context, sizeof(CONTEXT), NULL) context.Eip = rip; SetThreadContext(hThread, &context) ;
}
else if(2 == dwSSCnt)
{
context.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hThread, &context) ;
context.EFlags |= 0x100; //开始单步
SetThreadContext(hThread, &context) ;
}
else
{
context.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hThread, &context) ;
context.EFlags |= 0x100; //开始单步
SetThreadContext(hThread, &context) ;
}
ResumeThread(hThread);
ContinueDebugEvent(DebugInfo.debug_event.dwProcessId, DebugInfo.debug_event.dwThreadId, DBG_CONTINUE);
break;
结果是单步过一次后直接就EXIT_PROCESS_DEBUG_EVENT了,根本单步不了,到底是怎么回事呢?等待高手ing...
context.ContextFlags = CONTEXT_CONTROL;
if (dwBpCnt == 1)//第一次中断
{
GetThreadContext(hThread, &context);
context.EFlags |= 0x100; //开始单步
SetThreadContext(hThread,&context); }
else
{
}
然后是单步EXCEPTION_SINGLE_STEP了:
SuspendThread(hThread);
++dwSSCnt ;//初始化为0
if (1 == dwSSCnt)
{
char a[20];
context.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hThread, &context) ;
ReadProcessMemory(hProcess, (LPCVOID)(context.Esp+4), &dwAddrProc, sizeof(DWORD), NULL)
ReadProcessMemory(hProcess, (LPCVOID)dwAddrProc, &context, sizeof(CONTEXT), NULL) context.EFlags |= 0x100; //开始单步
WriteProcessMemory(hProcess, (LPVOID)dwAddrProc, &context, sizeof(CONTEXT), NULL) context.Eip = rip; SetThreadContext(hThread, &context) ;
}
else if(2 == dwSSCnt)
{
context.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hThread, &context) ;
context.EFlags |= 0x100; //开始单步
SetThreadContext(hThread, &context) ;
}
else
{
context.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hThread, &context) ;
context.EFlags |= 0x100; //开始单步
SetThreadContext(hThread, &context) ;
}
ResumeThread(hThread);
ContinueDebugEvent(DebugInfo.debug_event.dwProcessId, DebugInfo.debug_event.dwThreadId, DBG_CONTINUE);
break;
结果是单步过一次后直接就EXIT_PROCESS_DEBUG_EVENT了,根本单步不了,到底是怎么回事呢?等待高手ing...
大熊猫侯佩 2007-06-13
- 打赏
- 举报
调用过GetLastError看具体错误没?
context是线程上下文结构,保存线程切换时的状态。
context是线程上下文结构,保存线程切换时的状态。
rsp19801226 2007-06-08
- 打赏
- 举报
我单步跟踪的结果是:CREATE_PROCESS_DEBUG_EVENT->LOAD_DLL_DEBUG_EVENT
->LOAD_DLL_DEBUG_EVENT->EXCEPTION_BREAKPOINT->CREATE_PROCESS_DEBUG_EVENT
->EXIT_PROCESS_DEBUG_EVENT,为什么CREATE_PROCESS_DEBUG_EVENT和LOAD_DLL_DEBUG_EVENT会有两次?
->LOAD_DLL_DEBUG_EVENT->EXCEPTION_BREAKPOINT->CREATE_PROCESS_DEBUG_EVENT
->EXIT_PROCESS_DEBUG_EVENT,为什么CREATE_PROCESS_DEBUG_EVENT和LOAD_DLL_DEBUG_EVENT会有两次?
rsp19801226 2007-06-08
- 打赏
- 举报
CONTEXT context;这个CONTEXT是做什么用的,我是菜鸟,请回答的详细些,最好举个例子之类,就不胜感激了!而且,我发现CREATE_PROCESS_DEBUG_EVENT要走两次,我在前面CreateProcess(NULL, Cmd.GetBuffer(0),NULL, NULL, FALSE,DEBUG_PROCESS | DEBUG_ONLY_THIS_PROCESS, NULL, NULL,&si, &pi )里指定是DEBUG_ONLY_THIS_PROCESS,那就应该是只有一次的啊,不过我在最开始加了个0XCC,就是int 3指令中断,是它的原因吗?
rsp19801226 2007-06-08
- 打赏
- 举报
我想换个话题我用VirtualProtectEx已经可以写了
WizardK 2007-06-08
- 打赏
- 举报
关注。。
