[C++] 纯文本查看 复制代码
#include "stdafx.h"
#include <Windows.h>
#include <Psapi.h>
#pragma comment(lib, "Psapi.lib"
//static void dbgprintex(LPCSTR fmt,...)
//{
////#ifdef _DEBUG
// va_list marker;
// va_start(marker,fmt);
// char sbuf_dbgprintex[1024]={0};
// vsprintf_s(sbuf_dbgprintex,fmt,marker);
// va_end(marker);
// OutputDebugStringA(sbuf_dbgprintex);
////#endif
//}
#define dbgprintex printf
int _tmain(int argc, _TCHAR* argv[])
{
CHAR m_ExePath[] = "abcdefg.exe";
STARTUPINFOA si = {0};
si.cb = sizeof(si);
PROCESS_INFORMATION pi = {0};
BOOL bRet = FALSE;
//我这里写暂停行不行?
bRet = CreateProcessA(m_ExePath, NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &si, &pi);
//bRet = CreateProcessA(m_ExePath, NULL, NULL, NULL, FALSE, NULL, NULL, NULL, &si, &pi);
if (!bRet)
{
dbgprintex("创建子进程失败!\n");
return 0;
}
HANDLE m_Process = OpenProcess(PROCESS_ALL_ACCESS, 0, pi.dwProcessId);
if (m_Process == NULL)
{
dbgprintex("打开子进程失败! 错误码: %d\n", GetLastError());
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
return 0;
}
//程序动态基址,这里如何动态获取基址?动态基址+偏移 计算后写补丁
DWORD dwOffset = 0x14AA;
//这样肯定不对的,因为这里是启动目标EXE,GetModuleHandleA(NULL);获取的是自身无意义的基址/
//这里需要获取的是被补丁的目标EXE的基址(abcdefg.exe)。
//DWORD dwExeBase = (DWORD)GetModuleHandleA(NULL);
DWORD dwPatchAddr = dwExeBase + dwOffset;
BYTE bPatchData[] = {0x90, 0x90};
DWORD dOldProtect = 0;
VirtualProtectEx(m_Process, (LPVOID)dwPatchAddr, sizeof(bPatchData), PAGE_EXECUTE_READWRITE, &dOldProtect);
if(WriteProcessMemory(m_Process, (LPVOID)dwPatchAddr, (LPVOID)bPatchData, sizeof(bPatchData),NULL) == FALSE)
{
dbgprintex("写补丁失败,错误码:%d\n", GetLastError());
}
VirtualProtectEx(m_Process, (LPVOID)dwPatchAddr, sizeof(bPatchData), dOldProtect, &dOldProtect);
ResumeThread(pi.hThread);
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
system("pause");
return 0;
}