15,471
社区成员
发帖
与我相关
我的任务
分享新手远程注入问题,麻烦各位大哥大姐来帮下忙,可惜我没什么分,不好意思!
void __stdcall idxianguai(RemotePara *lpprar)
{
DWORD dwid;
dwid=lpprar->dww1;
DWORD Address=0x0057e8b0;
_asm
{
pushad
mov esi,dwid
push esi
mov eax,DWORD PTR DS:[0x9151c4]
MOV ecx,DWORD PTR DS:[eax+0x20]
add ecx,0xd4
call Address
popad
}
}
typedef struct _RemotePara{
DWORD dww1;
}RemotePara;
_RemotePara para;
LPTHREAD_START_ROUTINE pRemoteThread;
LPVOID prar;
HANDLE procthread;
para.dww1=guaiwuid;
pRemoteThread=(LPTHREAD_START_ROUTINE)VirtualAllocEx(openrocess,0,128,MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(openrocess,pRemoteThread,&idxianguai,128,NULL);
prar=VirtualAllocEx(openrocess,0,sizeof(_RemotePara),MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(openrocess,prar,¶,sizeof(para),0);
procthread=CreateRemoteThread(openrocess,0,0,(LPTHREAD_START_ROUTINE)pRemoteThread,prar,0,&proceid);
::WaitForSingleObject(procthread,INFINITE);
::CloseHandle(procthread);
麻烦哪位朋友帮我看下,这段注入代码哪有问题,谢谢!
{
DWORD dwid;
dwid=lpprar->dww1;
DWORD Address=0x0057e8b0;
_asm
{
pushad
mov esi,dwid
push esi
mov eax,DWORD PTR DS:[0x9151c4]
MOV ecx,DWORD PTR DS:[eax+0x20]
add ecx,0xd4
call Address
popad
}
}
typedef struct _RemotePara{
DWORD dww1;
}RemotePara;
_RemotePara para;
LPTHREAD_START_ROUTINE pRemoteThread;
LPVOID prar;
HANDLE procthread;
para.dww1=guaiwuid;
pRemoteThread=(LPTHREAD_START_ROUTINE)VirtualAllocEx(openrocess,0,128,MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(openrocess,pRemoteThread,&idxianguai,128,NULL);
prar=VirtualAllocEx(openrocess,0,sizeof(_RemotePara),MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(openrocess,prar,¶,sizeof(para),0);
procthread=CreateRemoteThread(openrocess,0,0,(LPTHREAD_START_ROUTINE)pRemoteThread,prar,0,&proceid);
::WaitForSingleObject(procthread,INFINITE);
::CloseHandle(procthread);
麻烦哪位朋友帮我看下,这段注入代码哪有问题,谢谢!
...全文
请发表友善的回复…
发表回复
xu_2007 2007-09-23
- 打赏
- 举报
还有,二楼这位朋友,您有QQ吗,我知道个方法可以测出到底是我的汇编函数有问题还是我的远程线程有问题,但我自己不知道怎么试,如果你能帮我试下,就万分感激了!
xu_2007 2007-09-23
- 打赏
- 举报
我现在就是怀凝我的无程线程注入代码有问题
xu_2007 2007-09-23
- 打赏
- 举报
这个地址是用OD调试那个程序得到的,一定是对的,别人这样用有用!
vocanicy 2007-09-23
- 打赏
- 举报
关键是你这个地址是从哪里来的0x0057e8b0?
你这里0x0057e8b0是硬编码,在被插入进程中是无法引用插入进程空间的地址的。
如果是调用API函数必须通过调用GetProcAddress来获得
你这里0x0057e8b0是硬编码,在被插入进程中是无法引用插入进程空间的地址的。
如果是调用API函数必须通过调用GetProcAddress来获得
