跨进程获取可执行程序的入口地址与基地址
#include "stdafx.h"#include <WINDOWS.H>
int _tmain(int argc, _TCHAR* argv[])
{
// 挂起方式创建进程
STARTUPINFO si = { 0 };
si.cb = sizeof(si);
PROCESS_INFORMATION pi;
char szPath = "C:\\Program Files (x86)\\winmaster\\trashcleaner.exe";
CreateProcess(NULL, szPath, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &si, &pi);
// 获取线程上下文
CONTEXT context;
context.ContextFlags = CONTEXT_FULL;
GetThreadContext(pi.hThread, &context);
// 获取入口点
DWORD dwEntryPoint = context.Eax;
printf("trashcleaner.exe 入口点: %x\n", dwEntryPoint);
// 获取ImageBase
DWORD dwImgeBase = 0;
ReadProcessMemory(pi.hProcess, (LPCVOID)(context.Ebx + 8), &dwImgeBase, 4, NULL);
printf("trashcleaner.exe 基地址: %x\n", dwImgeBase);
// 恢复线程
ResumeThread(pi.hThread);
getchar();
return 0;
} 标记,学习下,感谢分享。 非常感谢 学习下
页:
[1]