您的位置:首页 > 编程语言

使用writeprocess写机器码改变代码执行状态

2009-08-28 16:11 337 查看
#include <windows.h>

#include <tchar.h>

#include <windef.h>

typedef int (*PFNMESSAGEW)(HWND,LPCWSTR,LPCWSTR,UINT);

int sum(int a,int b);

LPCWSTR STR_OK=_T("ok");

LPCWSTR STR_WORDS=_T("it work well");

PFNMESSAGEW pfnMessageBoxW=NULL;

int WinMain(HINSTANCE hInstance,HINSTANCE,LPSTR lpCmdLine,int nShowCmd)

{

DWORD dwNum=0;

BYTE OBJ_CODE[]={0xe9,0x0,0x0,0x0,0x0};//jmp code

HMODULE hUser32=::LoadLibraryA("user32");

pfnMessageBoxW=(PFNMESSAGEW)GetProcAddress(hUser32,"MessageBoxW");

//获取__MESSAGEBOX地址

DWORD dwMessageAddr=0;

_asm

{

push ebx

mov ebx, __MESSAGEBOX

mov dwMessageAddr,ebx

pop ebx

}

//计算改变后的地址地址

dwMessageAddr-=(DWORD)sum+5;

memcpy(&OBJ_CODE[1],&dwMessageAddr,sizeof(DWORD));

DWORD dwSumAddr=(DWORD)sum;

::WriteProcessMemory(::GetCurrentProcess(),(LPVOID)dwSumAddr,OBJ_CODE,5,&dwNum);

int s=sum(3,5);

_asm

{

__MESSAGEBOX:

push MB_OK

push STR_OK

push STR_WORDS

push 0

call pfnMessageBoxW

add esp,16

}

FreeLibrary(hUser32);

return 0;

}

int sum(int a,int b)

{

return 5;

}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航