码迷,mamicode.com
首页 > 其他好文 > 详细

by测试题-未完

时间:2015-01-24 14:22:04      阅读:190      评论:0      收藏:0      [点我收藏+]

标签:

// GetFilePathByPid.cpp : Defines the entry point for the console application.

// 

#include "stdafx.h"

                                                                                                                                                                                 

int main()

{

       BOOL b = FALSE;

    HANDLE hnd = NULL;

    PROCESSENTRY32 pe = {0};

       DWORD dwPid2Inject = 0;

       //char szRawFilePath[MAX_PATH] = {0};

       WCHAR *szRawFilePath ;

       WCHAR *szFile2Inject = L"notepad.exe";

 

    //得到进程快照

    hnd=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);

    pe.dwSize=sizeof(pe);

    b=Process32First(hnd, &pe);

 

       // 获取指定文件的进程信息PROCESSENTRY32

    while(b)

    {

        if(wcscmp(szFile2Inject, pe.szExeFile)==0)

              {

                     dwPid2Inject = pe.th32ParentProcessID;

                     szRawFilePath = pe.szExeFile;

                     //printf("%s\n", pe.szExeFile);

 

            break;

              }

        b=Process32Next(hnd,&pe);

    }

      

       TCHAR strTmpPID[128] = {0};

       TCHAR strImagePath[MAX_PATH] = {0};

      

       wsprintf(strTmpPID, TEXT("%4d"), pe.th32ProcessID);

 

       // 获取进程对应的文件的绝对路径名

       HINSTANCE hProc = (HINSTANCE)OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,

                                                                                   FALSE,

                                                                                  pe.th32ProcessID);

 

       GetModuleFileNameEx(hProc, NULL, strImagePath, MAX_PATH - 1);

       //printf("%s\n", strImagePath);

       CloseHandle(hProc);

 

      

       HANDLE hFile = INVALID_HANDLE_VALUE;                          // 文件内核对象句柄

       HANDLE hMapFile = INVALID_HANDLE_VALUE;;               // 文件映射对象句柄

       LPVOID lpMapAddr ;                                                          // 映射基地址

      

       //strImagePath = L"C:\\Program Files\\rl\\Rolan.exe";

       //ZeroMemory(strImagePath, MAX_PATH);

       //memcpy(strImagePath, L"C:\\Program Files\\rl\\Rolan.exe", sizeof(L"C:\\Program Files\\rl\\Rolan.exe"));

 

       // 打开内存映射文件

       hFile =

       CreateFile (

              strImagePath,

              GENERIC_READ,

              FILE_SHARE_READ, 

              NULL,

              OPEN_EXISTING,

              FILE_ATTRIBUTE_NORMAL ,

              NULL

              );

       if ( hFile == INVALID_HANDLE_VALUE )

       {

              DWORD dwRet = GetLastError();

              printf("Fail to create the exactly pe file @ %X.\n%s\n", dwRet, strImagePath);

              return FALSE;

       }

 

       hMapFile = CreateFileMapping ( hFile, NULL, PAGE_READONLY, 0, 0, NULL      ) ;

       if ( hMapFile == NULL )

       {

              CloseHandle ( hFile ) ;

              return FALSE;

       }

 

       lpMapAddr = (PBYTE)MapViewOfFile ( hMapFile, FILE_MAP_READ, 0, 0, 0 ) ;

       if ( lpMapAddr == NULL )

       {

              DWORD dwErrorCode = GetLastError () ;

              CloseHandle ( hMapFile ) ;

              CloseHandle ( hFile ) ;

              return FALSE;

       }

 

       // 读取PE结构中的导入表和导出表

       PIMAGE_DOS_HEADER pDosHeader = NULL;

       PIMAGE_NT_HEADERS pNtHeader = NULL;

       PIMAGE_OPTIONAL_HEADER pOptHeader = NULL;

 

       char *pExptBaseRva ;

       char *pImptBaseRva ;

       char *pExptBase ;

       char *pImptBase ;

 

       DWORD dwExptSize = 0;

       DWORD dwImptSize = 0;

 

       /*ZeroMemory(pExptBaseRva, 1024);

       ZeroMemory(pImptBaseRva, 1024);

       ZeroMemory(pExptBase, 1024);

       ZeroMemory(pImptBase, 1024);*/

 

       pDosHeader = (PIMAGE_DOS_HEADER)lpMapAddr;

       pNtHeader = (PIMAGE_NT_HEADERS)((DWORD)lpMapAddr + pDosHeader->e_lfanew);

       pOptHeader = (PIMAGE_OPTIONAL_HEADER)(&(pNtHeader->OptionalHeader));

 

 

       pExptBaseRva = (char*)pOptHeader->DataDirectory[0].VirtualAddress;

       dwExptSize = pOptHeader->DataDirectory->Size;

       pExptBase = (char *)ImageRvaToVa(pNtHeader, lpMapAddr, pOptHeader->DataDirectory[0].VirtualAddress, NULL);

 

       pImptBaseRva = (char*)pOptHeader->DataDirectory[1].VirtualAddress;

       dwImptSize = pOptHeader->DataDirectory->Size;

       pImptBase = (char *)ImageRvaToVa(pNtHeader, lpMapAddr, pOptHeader->DataDirectory[1].VirtualAddress, NULL);

 

       //复制到正在运行的程序中去

       unsigned int nAddr2Fix = 0x40000;

       pDosHeader = (PIMAGE_DOS_HEADER) nAddr2Fix;

       ////printf("%s\n", pDosHeader->e_magic);

       MessageBox(NULL, (WCHAR *)pDosHeader->e_magic, (WCHAR *)pDosHeader->e_magic, MB_OK);

       //printf("...........................................................\n");

       pNtHeader = (PIMAGE_NT_HEADERS)(pDosHeader + pDosHeader->e_lfanew);

       //printf("%08X\n", pNtHeader->FileHeader.Machine);

       return 0;

}

 

by测试题-未完

标签:

原文地址:http://www.cnblogs.com/le0Bl0g/p/4245840.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!