這種方法不易察覺,其實還能做出很多其他的型別,這裡只是學習··································
context.eip = (dword)(((pshell_code)buffer)->szinstruction);
改為context.eax = (dword)(((pshell_code)buffer)->szinstruction);
執行緒在ring3的第一行**時,eax存放的是執行緒函式起始位址
這個應該更穩妥的,主線程暫停在ntdll空間,由ntdll->exe入口點 中間還幹了事,
學習於
自己修改了下結構········································
主cpp exeofshellcodedllinject **:
#include "stdafx.h"
#include typedef struct tempdata
;char shellcode = ;
//pushad
//push 0x12345678
//mov eax,0x12345678
//call eax
//popad
//jmp 0*********
struct tempdata g_data = ;
int _tmain(int argc, _tchar* argv)
; process_information pi = ;
context context;
//生成暫停exe去做事情
if (!createprocess(szexepath,null,null,null,false,create_suspended,null,null,&si,&pi))
//設定 context_integer 才能得到暫存器值
context.contextflags = context_integer;
getthreadcontext(pi.hthread,&context);
lpvoid lpdata = virtualallocex(pi.hprocess,null,sizeof(g_data)+1,mem_commit | mem_reserve,page_execute_readwrite);
if (lpdata == null)
*(dword*)(g_data.szshllcode+0x2) = (dword)lpdata;
*(dword*)(g_data.szshllcode + 0x7) = (dword)loadlibrarya;
*(dword*)(g_data.szshllcode + 15) = (dword)(context.eax - (dword)((char*)lpdata + sizeof(max_path)+ 14) -5 );
//這裡面的14為 g_data.szshllcode 起始到最後乙個需要修改處的長度
if (!writeprocessmemory(pi.hprocess,lpdata,&g_data,sizeof(g_data),null))
context.eax = (dword)(((tempdata*)lpdata)->szshllcode);
resumethread(pi.hthread);
return 0;
}
將 ordinarymsg.exe shellcodedllinject.dll 和主exe放在同一目錄下可以執行成功
ordinarymsg.exe **:
#include "stdafx.h"
#include #pragma comment( linker, "/subsystem:windows /entry:maincrtstartup" )
int main(int argc, _tchar* argv)
shellcodedllinject.dll **:
#include "stdafx.h"
bool apientry dllmain( hmodule hmodule,
dword ul_reason_for_call,
lpvoid lpreserved
)return true;
}
最後效果為;
手把手教你將pyqt程式打包成exe 1
ps pyqt 5.13.1 以下的請更新,否則打包後可能會出現缺少pyqt的dll等問題 更新包 模組 的命令 更新到指定版本 pip install pyqt5 5.13.1更新到最新版本 pip install upgrade pyqt5在更新pyqt5後,可能出現與pyqt其他相關包不相容的...
通過CreateProcess呼叫exe或cmd
include include intmain intargc,char argv process informationpi si.dwflags startf useshowwindow 指定wshowwindow成員有效 si.wshowwindow true 此成員設為true的話則顯示新建...
qt呼叫外部exe
startdetached啟動的libfx.exe跟你的程序沒關係,你的程式關了它還可以繼續執行 qstring strfile tr e f libfx.exe qprocess pprocess new qprocess this pprocess startdetached strfile s...