一个开源的Asp.net2.0博客系统
- CWnd* wnd;
- wnd = FindWindow("SciCalc","计算器");
- if(wnd==NULL)
- return;
- HWND hWnd = wnd->m_hWnd;
- DWORD pId=0;//进程ID
- GetWindowThreadProcessId(hWnd,&pId);
- //获取进程handle,以前做得进程防护开发包就是替换了这个函数,所以不一定保险
- HANDLE hP = OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE,NULL,pId);
- if(hP==NULL)
- return;
- char* dllName = "hello.dll";
- DWORD size = (DWORD)strlen(dllName)+1;
- //在远程进程空间内申请空间,然后把dll名称字符串放进去
- LPVOID lpBuf = VirtualAllocEx( hP, NULL, size, MEM_COMMIT, PAGE_READWRITE );
- if(lpBuf==NULL)
- {
- CloseHandle(hP);
- return;
- }
- DWORD writeSize=0;
- if (WriteProcessMemory(hP,lpBuf,(LPVOID)dllName,size,&writeSize ) )
- {
- if ( writeSize != size )
- {
- VirtualFreeEx( hP,lpBuf,writeSize,MEM_DECOMMIT);
- CloseHandle(hP);
- return;
- }
- }
- else
- {
- CloseHandle(hP);
- return ;
- }
- DWORD dwID;
- LPVOID pFunc = LoadLibraryA;
- HANDLE hThread = CreateRemoteThread(hP,NULL,0,(LPTHREAD_START_ROUTINE)pFunc, lpBuf, 0, &dwID );
- WaitForSingleObject(hThread, INFINITE );//等待执行完毕
- Sleep(6000);
- // clean up
- VirtualFreeEx( hP,lpBuf,size, MEM_DECOMMIT );
- CloseHandle( hThread );
- CloseHandle( hP);