[Asm] 纯文本查看 复制代码 #include "stdafx.h"
#include <WINDOWS.H>
int _tmain(int argc, _TCHAR* argv[])
{
// 挂起方式创建进程
STARTUPINFO si = { 0 };
si.cb = sizeof(si);
PROCESS_INFORMATION pi;
char szPath[MAX_PATH] = "C:\\Program Files (x86)\\winmaster\\trashcleaner.exe";
CreateProcess(NULL, szPath, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &si, &pi);
// 获取线程上下文
CONTEXT context;
context.ContextFlags = CONTEXT_FULL;
GetThreadContext(pi.hThread, &context);
// 获取入口点
DWORD dwEntryPoint = context.Eax;
printf("trashcleaner.exe 入口点: %x\n", dwEntryPoint);
// 获取ImageBase
DWORD dwImgeBase = 0;
ReadProcessMemory(pi.hProcess, (LPCVOID)(context.Ebx + 8), &dwImgeBase, 4, NULL);
printf("trashcleaner.exe 基地址: %x\n", dwImgeBase);
// 恢复线程
ResumeThread(pi.hThread);
getchar();
return 0;
} | 
发表于 2023-10-21 17:06
