好友
阅读权限10
听众
最后登录1970-1-1
|
本帖最后由 h5587686 于 2021-2-6 09:43 编辑
[md]#include <windows.h>
#include<iostream>
using namespace std;
void zhuru(LPVOID p);
void InjectFunc(DWORD ID, LPVOID mFunc, LPVOID Param, DWORD ParamSize);
typedef struct PD
{
DWORD a;
DWORD b;
DWORD c;
}PD,*P;
void main()
{
DWORD id = NULL;
HWND hwnd = ::FindWindow(NULL, TEXT("Plants vs. Zombies"));
GetWindowThreadProcessId(hwnd, &id);
PD pp;
pp.a = 2;
pp.b = 1;
pp.c = 3;
InjectFunc(id, zhuru, &pp, sizeof(pp));
}
void InjectFunc(DWORD ID, LPVOID mFunc, LPVOID Param, DWORD ParamSize)
{
HANDLE hp;
LPVOID mFuncAddr;
LPVOID ParamAddr;
HANDLE ht;
DWORD Byte;
hp = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ID);
//申请内存
mFuncAddr = VirtualAllocEx(hp, NULL, 4096, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
ParamAddr = VirtualAllocEx(hp, NULL, ParamSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
//写内存
bool s= WriteProcessMemory(hp, mFuncAddr, mFunc, 128, &Byte);
bool ss= WriteProcessMemory(hp, ParamAddr, Param, ParamSize, &Byte);
//创建远程线程
ht = CreateRemoteThread(hp, NULL, 0, (LPTHREAD_START_ROUTINE)mFuncAddr,
ParamAddr, 0, &Byte);
WaitForSingleObject(ht, INFINITE); //等待线程结束
//释放申请有内存
VirtualFreeEx(hp, mFuncAddr, 128, MEM_RELEASE);
VirtualFreeEx(hp, ParamAddr, ParamSize, MEM_RELEASE);
//释放远程句柄
CloseHandle(ht);
CloseHandle(hp);
}
void zhuru(LPVOID p)
{
PD* lp;
lp = (PD*)p;
DWORD aa = (DWORD)lp->a;
DWORD bb = (DWORD)lp->b;
DWORD cc = (DWORD)lp->c;
_asm {
pushad
pushfd
push - 1
push cc
mov eax, aa
push bb
mov ebx, ds : [0x00755e0c]
mov ebx, ds : [ebx + 0x868]
push ebx
mov edi, 0x00418D70
call edi
popfd
popad
}
}
这是植物种植CALL
为什么DEBUG运行植物大战就崩溃
但release就能正常运行 |
|
发表于 2021-2-4 15:59
