(转载)CreateRemoteThread (代码注入)
来源:互联网 发布:俄罗斯新纳粹 知乎 编辑:程序博客网 时间:2024/05/23 21:15
转载自:http://win32.mvps.org/processes/remthread.html CreateRemoteThread Update 12-Dec-00: Keith Brown drew my attention to some weirdbehaviour. If incremental linking is on, and if a wstrstream is used to converta string to a numeric PID, then the remote thread will crash the target process,and I have not the faintest idea why. (OK, so I have an idea, but it's allspeculation.) In consequence, I removed all references to the standard C++library. Update 21-Nov-99: Tomas Restrepo found a bug, and one of anunbelievably horrible kind, too -- I used VirtualFree() instead of VirtualFreeEx(),meaning that I not only leaked memory in the target process, but also freedsomething I never allocated in the remthread process. The bug has been fixed,and I owe Tomas a big thank-you. This sample demonstrates how to get the command line another process wasstarted with. To this end, it performs the following steps:
There are other methods, too, for code injection, most notably hooks. ICK!Not only does a hook not hook all processes, it usually includes a ton of bloat.I know people who write global hooks in VB and drag megabytes and megabytes ofdead fish into every process their hook touches.
A few caveats apply:
The code you copy into the target should not call any functionsbesides those in kernel32.dll; only kernel32.dll is guaranteed to be present(and at the same load address) in both the local and the target processes. Ifyou need more or other library routines, pass the addresses of LoadLibrary() andGetProcAddress(), both of which are in kernel32.dll, to the injected code, andlet it go and get the rest itself.
Do not call subroutines. If you must, then copy each routine individually,and supply a table to the new addresses of the copied routines in your dataarea. Why? Because the linker is free to reorder functions; if you definefunctions in the order first(), second(), ..., last(), after_last() and copy thecode between &first and &after_last, you may find that the linker hasmoved second() elsewhere, and you are missing it. You can, however,supply the linker with a text file listing the ordering of the functions; doingthat will allow you to copy a block of memory from first() toafter_last().
Tread lightly. Loading DLLs always may have unexpected side effects; try tostick with Windows-supplied DLLs, and the fewer the better.
Don't bother the target process. Interference is not only impolite, it isdownright risky, as the target, in all likelihood, is unaware of your intrusion.
If you produce a debug build, remember to remove the /GZ switch from theproject options!( If you forget, the compiler generates calls to a routine thatchecks the stack for munging -- calls to a routine that is not there.
remthread.dsw, 4 KB: workspace file,not that you need it ...
remthread.dsp, 1 KB: project file.
remthread.cpp,6 KB: the meat of this sample. The rest is salad.
stdafx.cpp, 1 KB; stdafx.h,1 KB: these two generate the precompiled header.
remthread.zip,61 KB: all of the above, plus a ready-to-run executable.
<script type="text/javascript"><!--google_ad_client = "pub-1992382271196226";/* 728x15, 创建于 08-9-3 */google_ad_slot = "9127232582";google_ad_width = 728;google_ad_height = 15;// --></script><script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript"></script>
- (转载)CreateRemoteThread (代码注入)
- CreateRemoteThread的使用(转载)
- CreateRemoteThread的使用(转载)
- CreateRemoteThread的使用(转载)
- CreateRemoteThread 直接注入代码执行
- createremotethread讲解(转)
- CreateRemoteThread 直接注入代码执行一文拾遗
- 使用CreateRemoteThread把代码远程注入指定exe执行
- createremotethread()远程注入dll
- CreateRemoteThread注入NOTEPAD
- CreateRemoteThread LoadLibrary 注入DLL
- DLL注入之CreateRemoteThread
- Delphi利用CreateRemoteThread远程注入 详细 (非dll注入,是代码注入)
- SQL注入(转载)
- 主动防御的代码注入方法一点思考 (转载)
- 转载(一)代码注入的三种方法
- CreateRemoteThread远程注入 使用例子
- 远程线程注入与CreateRemoteThread
- An Overview on Common JVM Level Problems in Java SE Application
- 如何通过HtmlInputFile控件上传文件的类
- 用javascript打开模态页面并得到返回值
- GC(Garbage collection) Log and Analysis
- PHP 集成环境之 WampServer2.0
- (转载)CreateRemoteThread (代码注入)
- winform menustrip的遍历
- 指针和堆的内存分配&指针数组和数组指针(转)
- 用Visual C#实现MVC模式的简要方法(转)
- svn Locked的几种解决方法
- Windows下JProfiler监控本地tomcat性能之安装配置
- 可爱字符
- 檢驗按下的是否 數字/TAB/回車/退格鍵
- 美国主机,原来这么方便好用!顶啦!!!!