设为首页收藏本站
开启辅助访问 切换到宽版

看流星社区

 找回密码
 注册账号
看流星社区»看流星社区 » 【编程技术】 C/C++技术分享 ring3下的reload,你懂得!
返回列表 发新帖
查看: 1728|回复: 0

ring3下的reload,你懂得!

[复制链接]
Peace4once

该用户从未签到
发表于 2013-4-2 09:13:09 | 显示全部楼层 |阅读模式
代码是偷的~~偷了大部分wrk~~

DWORD GetProcessIdToKill( LPCTSTR szProcName )
{
  PROCESSENTRY32 pe;   
  DWORD dwRet;
  BOOL bInit = FALSE;
  HANDLE hProcess;

  ReGetReBuildFuncBase((PULONG)&ReCreateToolhelp32Snapshot,"kernel32.dll","CreateToolhelp32Snapshot");
  ReGetReBuildFuncBase((PULONG)&ReProcess32First,"kernel32.dll","Process32First");
  ReGetReBuildFuncBase((PULONG)&ReProcess32Next,"kernel32.dll","Process32Next");
  ReGetReBuildFuncBase((PULONG)&ReOpenProcess,"kernel32.dll","OpenProcess");
  ReGetReBuildFuncBase((PULONG)&ReTerminateProcess,"kernel32.dll","TerminateProcess");
  ReGetReBuildFuncBase((PULONG)&ReCloseHandle,"kernel32.dll","CloseHandle");
  if (ReCreateToolhelp32Snapshot &&
    ReProcess32First &&
    ReProcess32Next &&
    ReOpenProcess &&
    ReTerminateProcess &&
    ReCloseHandle)
  {
    bInit = TRUE;
  }
  if (!bInit)
  {
    printf("init failed\n%x\n%x\n%x\n%x\n%x\n",ReCreateToolhelp32Snapshot,ReProcess32First,ReProcess32Next,ReOpenProcess,ReTerminateProcess,ReCloseHandle);
    return 0;
  }
  HANDLE hSP = ReCreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
  if ( hSP )
  {
    pe.dwSize = sizeof( pe );

    for (dwRet = ReProcess32First(hSP, &pe );
      dwRet;
      dwRet = ReProcess32Next(hSP, &pe ) )
    {
      if (_strcmpi(pe.szExeFile,szProcName) == 0)
      {
        hProcess = ReOpenProcess(PROCESS_TERMINATE,FALSE,pe.th32ProcessID);
        if (hProcess)
        {
          printf("kill pid: %d\r\n",pe.th32ProcessID);
          ReTerminateProcess(hProcess,-1);
          ReCloseHandle(hProcess);   //结束

          return TRUE;
        }
      }
    }
    ReCloseHandle( hSP );
  }
  return FALSE;
}
int main(int argc, char *argv[])
{
  char lpModule[100] = {0};

  if (!InitDllModule()){
    printf("rebuild dll module failed\n");
    return 0;
  }
  printf("\n\ncall test\n\n");

  ReGetReBuildFuncBase((PULONG)&ReGetModuleFileName,"kernel32.dll","GetModuleFileNameA");
  if (ReGetModuleFileName){

    //for test
    ReGetModuleFileName(NULL,lpModule,sizeof(lpModule));
    printf("ReGetModuleFileName:0x%08x\n%s\n",ReGetModuleFileName,lpModule);

  }
  ReGetReBuildFuncBase((PULONG)&ReNtOpenProcess,"ntdll.dll","NtOpenProcess");
  if (ReNtOpenProcess){
    //for test
    HANDLE hProcess;
    ReNtOpenProcess(&hProcess,0,0,0);
    printf("ReNtOpenProcess:0x%08x\n",ReNtOpenProcess);
  }
  
  //for test
  GetProcessIdToKill("taskmgr.exe");

  //导入user32和shell32
  SendMessage(0,0,0,0);
  ShellExecute(0,0,0,0,0,0);
  return 0;
}
回复

举报

返回列表 发新帖
点击按钮快速添加回复内容: 支持 高兴 激动 给力 加油 苦寻 生气 回帖 路过 感恩
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册账号

本版积分规则

小黑屋|手机版|Archiver|看流星社区 |网站地图

GMT+8, 2024-4-30 11:32

Powered by Kanliuxing X3.4

© 2010-2019 kanliuxing.com

快速回复 返回顶部 返回列表