VS2010 线程流入 CreateRemoteThread(),出错，返回5

VS2010 线程注入 CreateRemoteThread(),出错，返回5
我已经使用管理员身份运行，之前运行正确，只是一到CreateRemoteThread就出错
代码如下

C/C++ code

#include&lt;iostream&gt;#include"windows.h"#include"tlhelp32.h"using namespace std; BOOL Prompt(){    HANDLE hToken;    if(!OpenProcessToken(::GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken))    {        cout&lt;&lt;"OpenProcessToken  error  the code is :"&lt;&lt;GetLastError()&lt;&lt;endl;        return FALSE;    }    TOKEN_PRIVILEGES tkp;    tkp.PrivilegeCount =1;    if(!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&tkp.Privileges [0].Luid ))    {        cout&lt;&lt;"LookPrivilegeValue  error the code is :"&lt;&lt;GetLastError()&lt;&lt;endl;        return FALSE;    }    if(!AdjustTokenPrivileges(hToken,false,&tkp,sizeof(tkp),NULL,0))    {        cout&lt;&lt;"AdjustPrivileges  error the code is:"&lt;&lt;GetLastError()&lt;&lt;endl;        return FALSE;    }    return true;}int main(){    //获得系统当前运行的程序,获得目标程序ID    DWORD ProcessId=0;    HANDLE hSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);    if(hSnap==NULL)    {        cout&lt;&lt;"CreateToolhelp32Snapshot  error the code is :"&lt;&lt;GetLastError()&lt;&lt;endl;        return 0;    }    BOOL mark=false;    PROCESSENTRY32 pro_info;    pro_info.dwSize =sizeof(pro_info);    mark=Process32First(hSnap,&pro_info);    while(mark)    {        if(pro_info.szExeFile [0]=='c'&&pro_info.szExeFile [1]=='a'&&pro_info.szExeFile [2]=='l'&&pro_info.szExeFile [3]=='c')        {            MessageBoxA(NULL,"find it!","warning ",0);            ProcessId=pro_info.th32ProcessID ;            break;        }        mark=Process32Next(hSnap,&pro_info);    }    if(Prompt())    {        cout&lt;&lt;"提升权限成功。。。"&lt;&lt;endl;    }    else        return 0;    if(ProcessId==0)    {        MessageBoxA(NULL,"没有找到计算器进程",NULL,0);        return -1;    }    //打开目标程序    HANDLE hPro;    hPro=OpenProcess(PROCESS_ALL_ACCESS,FALSE,ProcessId);    if(hPro==NULL)    {        int num=GetLastError();        char warn[100];        sprintf(warn,"%s,%d","OpenProcess",num);        MessageBoxA(NULL,warn,"warning ",0);        return -1;    }        PVOID addr;    addr=VirtualAllocEx(hPro,NULL,1024*4,MEM_COMMIT,PAGE_EXECUTE_READWRITE);    if(addr==NULL)    {        int num=GetLastError();        char warn[100];        sprintf(warn,"%s,%d","VirtualAlloc 出错",num);        MessageBoxA(NULL,warn,"warning ",0);        return -1;    }//    获得函数地址    PVOID Func_addr;    Func_addr=GetProcAddress(GetModuleHandle(TEXT("Kernel32")),"LoadLibraryA");    if(Func_addr==NULL)    {        int num=GetLastError();        char warn[100];        sprintf(warn,"%s,%d","GetProcAddress出错",num);        MessageBoxA(NULL,warn,"warning ",0);        return -1;    }    char DllName[]="en.dll";    if(!WriteProcessMemory(hPro,addr,DllName,strlen(DllName),0))    {        int num=GetLastError();        char warn[100];        sprintf(warn,"%s,%d","WriteProcessMemory出错",num);        MessageBoxA(NULL,warn,"warning ",0);        return -1;    }    //创建远程线程    DWORD ID;    HANDLE hThr;    hThr=CreateRemoteThread(hPro,NULL,0,(PTHREAD_START_ROUTINE)Func_addr,addr,0,&ID);    if(hThr==NULL)    {        int num=GetLastError();        char warn[100];        sprintf(warn,"%s,%d","远程进程创建失败",num);        MessageBoxA(NULL,warn,"warning ",0);        return 0;    }    else    {        MessageBoxA(NULL,"远程进程创建成功!","warning ",0);        int a;        cin&gt;&gt;a;    }}

------解决方案--------------------

char DllName[]="en.dll";的路径改成绝对路径实时啊。
[解决办法]

探讨
char DllName[]="en.dll";的路径改成绝对路径实时啊。

[解决办法]
errlookup: 5 拒绝访问

电脑上有没有装杀毒软件或者HIPS
[解决办法]
恭喜

VS2010 线程流入 CreateRemoteThread(

热点推荐