WriteProcessMemory不成功
BOOL ret = WriteProcessMemory(hProcess,(char *)GetModuleHandle(0) + buff,&b,4,0);
if(ret==0)
{
MessageBox(0,"...",0,0);
}
这个 GetModuleHandle(0) + buff 是程序中导入表的 FirstThunk 部分,
为什么这个部分的内存没办法写入数据?而其他地方的都可以。比如 GetModuleHandle(0) + 0xEF0 就没问题。
我试过用 VirtualProtect 来改变这个内存的属性也失败了。
BOOL rtn = VirtualProtect((char *)GetModuleHandle(0) + buf,4,PAGE_EXECUTE_READWRITE,&old);
if(rtn==0)
{
MessageBox(0,"...",0,0);
}
这部分的内存应该怎么修改?
[解决办法]
- C/C++ code
bool AdjustPrivileges() { HANDLE hToken; TOKEN_PRIVILEGES tp; TOKEN_PRIVILEGES oldtp; DWORD dwSize=sizeof(TOKEN_PRIVILEGES); LUID luid; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { if (GetLastError()==ERROR_CALL_NOT_IMPLEMENTED) return true; else return false; } if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) { CloseHandle(hToken); return false; } ZeroMemory(&tp, sizeof(tp)); tp.PrivilegeCount=1; tp.Privileges[0].Luid=luid; tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; /* Adjust Token Privileges */ if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), &oldtp, &dwSize)) { CloseHandle(hToken); return false; } // close handles CloseHandle(hToken); return true;}BOOL HackWriteProcessMemory(HANDLE hProc, void * pDest, void * pSource, DWORD nSize, DWORD * pWritten) { MEMORY_BASIC_INFORMATION mbi; if (!WriteProcessMemory(hProc,pDest,pSource,nSize,pWritten)) { VirtualQueryEx(hProc,pDest, & mbi, sizeof(mbi)); #ifdef _DEBUG printf("Info:addr=%08x,size=%08x,allocprot=%08x,currprot=%08x\n",mbi.BaseAddress,mbi.RegionSize,mbi.AllocationProtect,mbi.Protect); #endif if (VirtualProtectEx(hProc,mbi.BaseAddress, mbi.RegionSize, PAGE_READWRITE, & mbi.Protect)) { if (!WriteProcessMemory(hProc,pDest,pSource,nSize,pWritten)) { #ifdef _DEBUG printf("Error:VirtualProtectEx succ,but WriteProcessMemory GetLastError=%d\n",GetLastError()); #endif return FALSE; } else { return TRUE; } } else { #ifdef _DEBUG printf("Error:VirtualProtectEx GetLastError=%d\n",GetLastError()); #endif return FALSE; } } return TRUE;}