MicroAleX 发表于 2009-8-12 00:30:30

baocun

// Loader.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"
#include <windows.h>

int _tmain(int argc, _TCHAR* argv[])
{
    PROCESS_INFORMATION procinfo = {0};
    STARTUPINFO startup = {0};
    BOOL bRet;

    startup.cb = sizeof(startup);
    bRet = CreateProcess(_T("C:\\windows\\system32\\calc.exe"), NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &startup, &procinfo);
    if (!bRet)
    {
      MessageBox(NULL, _T("Error"), NULL, MB_OK);
      return -1;
    }
//   BYTE a = {0x3d, 0x5b};
//   DWORD dwOld = 0;
//   VirtualProtectEx(procinfo.hProcess, (LPVOID)0x01000002, 2, PAGE_EXECUTE_READWRITE, &dwOld);
//   WriteProcessMemory(procinfo.hProcess, (LPVOID)0x01000002, a, 2, NULL);
//   VirtualProtectEx(procinfo.hProcess, (LPVOID)0x01000002, 2, dwOld, &dwOld);
    MessageBox(NULL, _T("OK"), NULL, MB_OK);
    ResumeThread(procinfo.hThread);
    CloseHandle(procinfo.hProcess);
    CloseHandle(procinfo.hThread);
    return 0;
}

[ 本帖最后由 MicroAleX 于 2009-8-12 00:32 编辑 ]

MicroAleX 发表于 2009-8-12 00:38:52

WinExec("cmd.exe /c taskkill /f /im:notepad.exe", SW_HIDE);

WinExec("ntsd.exe -c q -pn notepad.exe ", SW_HIDE);
页: [1]
查看完整版本: baocun