|
阅读:1267回复:0
远程注入问题?
我在 XP 系统上,以User用户登陆
程序中使用CreateRemoteThread进行远程注入 提示 "存储空间不足 无法处理此命令" 在XP 管理员用户上无错误, 2000上User用户,管理员用户皆无提示 下面是程序代码 enableDebugPriv(); // 取得LoadLibraryA函数的地址,我们将以它作为远程线程函数启动 HMODULE hModule=::GetModuleHandle("kernel32.dll"); if (hModule==NULL) { PrintLog("kernel32.dll未载入"); return 0L; } LPTHREAD_START_ROUTINE pfnStartRoutine = (LPTHREAD_START_ROUTINE)::GetProcAddress(hModule, "LoadLibraryA"); // 在目标进程中申请空间,存放字符串szDllName,作为远程线程的参数 CHAR szDllName[MAX_PATH]; GetSystemDirectory(szDllName,MAX_PATH); strcat(szDllName,"\\abc.dll"); int cbSize = (strlen(szDllName) + 1); LPVOID lpRemoteDllName = ::VirtualAllocEx(hProcess, NULL, cbSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (lpRemoteDllName) { SECURITY_ATTRIBUTES sa; SECURITY_DESCRIPTOR sd; InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION); SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE); sa.nLength = sizeof(SECURITY_ATTRIBUTES); sa.bInheritHandle = TRUE; sa.lpSecurityDescriptor = &sd; ::WriteProcessMemory(hProcess, lpRemoteDllName, szDllName, cbSize, NULL); // 启动远程线程,并立刻运行 HANDLE hRemoteThread = ::CreateRemoteThread(hProcess, NULL, 0, pfnStartRoutine, lpRemoteDllName, 0, NULL); if (hRemoteThread==NULL) { ::VirtualFreeEx(hProcess, lpRemoteDllName, cbSize, MEM_RELEASE); ::CloseHandle(hProcess); return 0; } // 等待目标线程运行结束,即LoadLibraryA函数返回 ::WaitForSingleObject(hRemoteThread, INFINITE); ::CloseHandle(hRemoteThread); ::VirtualFreeEx(hProcess, lpRemoteDllName, cbSize, MEM_RELEASE); } 请各位大侠指点一下! |
|
|
