|
HANDLE g_hProcess;
char szFileName[] = "D:\\MyProject\\test1.exe";
STARTUPINFO si = {sizeof(STARTUPINFO)};
PROCESS_INFORMATION pi;
::CreateProcess(NULL,szFileName,NULL,NULL,FALSE,CREATE_NEW_CONSOLE,NULL,NULL,
&si,&pi);
::CloseHandle(pi.hThread);
g_hProcess = ::OpenProcess(PROCESS_ALL_ACCESS,FALSE,pi.dwProcessId);
LPCVOID pbase=(LPCVOID)0x00401036;
LPCVOID pbase1=(LPCVOID)0x00401037;
byte buf[] = "\0x90";
WriteProcessMemory(g_hProcess, (LPVOID)pbase, buf, 2, NULL);
WriteProcessMemory(g_hProcess, (LPVOID)pbase1, buf,2, NULL);
::CloseHandle(g_hProcess);
不知道为啥执行总是失败,操作系统是64位的
::CloseHandle(pi.hThread); 这一句好象已经关掉了你打开的进程? 不太确定. 可以先注起来.或是移到后面去.
g_hProcess = ::OpenProcess(PROCESS_ALL_ACCESS,FALSE,pi.dwProcessId); 后面可以接个显示一下它的返回值.以确定是否正确打开了.
我记得在64位下修改是需要先提权的.相关代码搜一下就有了,很多.
象这样
//提权
BOOL CMyDlg::AdjustPri()
{
HANDLE hToken;
TOKEN_PRIVILEGES tkp;
// 取得系统版本
OSVERSIONINFO osvi;
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
if (GetVersionEx(&osvi) == 0)
return false;
if (osvi.dwPlatformId == VER_PLATFORM_WIN32_NT)
{
// Windows NT 3.51, Windows NT 4.0, Windows 2000,
// Windows XP, Windows .NET Server
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
//打开当前进程访问代号
{return false;}
LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &tkp.Privileges[0].Luid);//获取本地唯一标识用于在特定系统中设置权限
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0);
//提升访问令牌权限
return TRUE;
}
return FALSE;
}
|
上一篇: C++声明的问题下一篇: 关于MFC中的控件问题
|