CreateRemoteThread 访问被拒绝
大哥哥大姐姐们 救命啊!
以下的代码是我先提升本进程的权限,然后向QQ.exe这个宿主进程中进行DLL注入,但是运行到CreateRemoteThread就出现访问被拒绝的问题,我登陆系统是以Administrator登陆的.下面是我的代码:
//提高本进程的权限
HANDLE hToken;
BOOL fOk=FALSE;
if(OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken))
{
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount=1;
if(!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&tp.Privileges[0].Luid))
printf("Can't lookup privilege value.\n");
tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
if(!AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL))
printf("Can't adjust privilege value.\n");
fOk=(GetLastError()==ERROR_SUCCESS);
CloseHandle(hToken);
}
//获取QQ.exe的进程ID
HANDLE hProcessSnap=NULL;
PROCESSENTRY32 pe32={0};
hProcessSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hProcessSnap==(HANDLE)-1)
{
::MessageBox(NULL,"查询进程失败!:(","错误提示",MB_OK);
}
pe32.dwSize=sizeof(PROCESSENTRY32);
DWORD dwProcessID = 0;
CString ss = "QQ.exe";
if(Process32First(hProcessSnap,&pe32))
{
do
{
if(!ss.CompareNoCase(pe32.szExeFile)) //判断制定进程号
{
dwProcessID = pe32.th32ProcessID;
break;
}
}while(Process32Next(hProcessSnap,&pe32));
}
else
{
::MessageBox(NULL,"出现意外错误!","错误提示",MB_OK);
} //==
// CloseHandle(hProcessSnap);
//打开远程进程QQ.exe
HANDLE hRemoteProcess;
if( (hRemoteProcess = OpenProcess( PROCESS_CREATE_PROCESS | //允许远程创建线程
PROCESS_VM_OPERATION | //允许远程VM操作
PROCESS_VM_WRITE, //允许远程VM写
FALSE, dwProcessID) )== NULL )
{
AfxMessageBox("OpenProcess Error!");
// return FALSE;
}
char *pszLibFileRemote;
//在远程进程的内存地址空间分配DLL文件名缓冲区
CString DllFullPath = "D:\\DllZhuRu\\dllRemoteThread.dll";
pszLibFileRemote = (char *) VirtualAllocEx( hRemoteProcess, NULL, lstrlen(DllFullPath)+1,
MEM_COMMIT, PAGE_READWRITE);
if(pszLibFileRemote == NULL)
{
AfxMessageBox("VirtualAllocEx error! ");
// return FALSE;
}
//将DLL的路径名复制到远程进程的内存空间
if( WriteProcessMemory(hRemoteProcess,
pszLibFileRemote, &DllFullPath, lstrlen(DllFullPath)+1, NULL) == 0)
{
AfxMessageBox("WriteProcessMemory Error");
// return FALSE;
}
//计算LoadLibraryA的入口地址
PTHREAD_START_ROUTINE pfnStartAddr = (PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(TEXT("Kernel32")), "LoadLibraryA");
if(pfnStartAddr == NULL)
{
AfxMessageBox("GetProcAddress Error");
// return FALSE;
}
HANDLE hRemoteThread;
if( CreateRemoteThread( hRemoteProcess, NULL, 0, pfnStartAddr, pszLibFileRemote, 0, NULL) == NULL)
{
CString str;
FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
GetLastError(),
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
(LPTSTR) &str,
0,
NULL
);
AfxMessageBox(str);
// return FALSE;
}