进程自我创建---挂起进程方法

//来自<逆向工程核心原理>一书
 
 
#include <windows.h>
#include <tchar.h>
#include <stdio.h>


void ChildProc()
{
    MessageBox(NULL, L"This is a child process!", L"DebugMe2", MB_OK);

    ExitProcess(0);
}


void _tmain(int argc, TCHAR *argv[]) 
{
    TCHAR                   szPath[MAX_PATH] = {0,};
    STARTUPINFO				si = {sizeof(STARTUPINFO),};
    PROCESS_INFORMATION		pi = {0,};
    CONTEXT                 ctx = {0,};

    _tprintf(L"This is a parent process!\n");

    if( !GetModuleFileName(NULL, szPath, sizeof(TCHAR) * MAX_PATH) )
    {
        printf("GetModuleFileName() failed! [%d]\n", GetLastError());
        return;
    }

    // Create Child Process
    if( !<span style="color:#ff0000;">CreateProcess</span>(
            szPath,
            NULL,
            NULL,
            NULL,
            FALSE,
           <span style="color:#ff0000;"> CREATE_SUSPENDED,</span>
            NULL,
            NULL,
            &si,
            &pi) )
    {
        printf("CreateProcess() failed! [%d]\n", GetLastError());
        return;
    }

    // Change EIP
    ctx.ContextFlags = CONTEXT_FULL;
    if( !<span style="color:#ff0000;">GetThreadContext</span>(pi.hThread, &ctx) )
    {
        printf("GetThreadContext() failed! [%d]\n", GetLastError());
        return;
    }

    ctx.Eip = (DWORD)ChildProc;

    if( !<span style="color:#ff0000;">SetThreadContext</span>(pi.hThread, &ctx) )
    {
        printf("SetThreadContext() failed! [%d]\n", GetLastError());
        return;
    }

    // Resume Main Thread
    if( -1 == <span style="color:#ff0000;">ResumeThread</span>(pi.hThread) )
    {
        printf("ResumeThread() failed! [%d]\n", GetLastError());
        return;
    }

    WaitForSingleObject(pi.hProcess, INFINITE);

    CloseHandle(pi.hProcess);
    CloseHandle(pi.hThread);
}

你可能感兴趣的:(进程自我创建---挂起进程方法)