进程自我创建---挂起进程方法

//来自<逆向工程核心原理>一书

#include <windows.h>#include <tchar.h>#include <stdio.h>void ChildProc(){    MessageBox(NULL, L"This is a child process!", L"DebugMe2", MB_OK);    ExitProcess(0);}void _tmain(int argc, TCHAR *argv[]) {    TCHAR                   szPath[MAX_PATH] = {0,};    STARTUPINFOsi = {sizeof(STARTUPINFO),};    PROCESS_INFORMATIONpi = {0,};    CONTEXT                 ctx = {0,};    _tprintf(L"This is a parent process!\n");    if( !GetModuleFileName(NULL, szPath, sizeof(TCHAR) * MAX_PATH) )    {        printf("GetModuleFileName() failed! [%d]\n", GetLastError());        return;    }    // Create Child Process    if( !<span style="color:#ff0000;">CreateProcess</span>(            szPath,            NULL,            NULL,            NULL,            FALSE,           <span style="color:#ff0000;"> CREATE_SUSPENDED,</span>            NULL,            NULL,            &si,            &pi) )    {        printf("CreateProcess() failed! [%d]\n", GetLastError());        return;    }    // Change EIP    ctx.ContextFlags = CONTEXT_FULL;    if( !<span style="color:#ff0000;">GetThreadContext</span>(pi.hThread, &ctx) )    {        printf("GetThreadContext() failed! [%d]\n", GetLastError());        return;    }    ctx.Eip = (DWORD)ChildProc;    if( !<span style="color:#ff0000;">SetThreadContext</span>(pi.hThread, &ctx) )    {        printf("SetThreadContext() failed! [%d]\n", GetLastError());        return;    }    // Resume Main Thread    if( -1 == <span style="color:#ff0000;">ResumeThread</span>(pi.hThread) )    {        printf("ResumeThread() failed! [%d]\n", GetLastError());        return;    }    WaitForSingleObject(pi.hProcess, INFINITE);    CloseHandle(pi.hProcess);    CloseHandle(pi.hThread);}