小问题。。100分。。_VC/MFC_编程问答 jrs看球网直播吧_低调看直播体育app软件下载

关于网友提出的“ 小问题。。100分。。”问题疑问，本网通过在网上对“ 小问题。。100分。。”有关的相关答案进行了整理，供用户进行参考，详细问题解答如下：

问题： 小问题。。100分。。
描述:

谁能给我一个CreateRemoteThread的例子。谢谢。
顺便有讲解一下更好。因为我初次使用这个API就出错了。

解决方案1:

http://codeguru.earthweb.com/dll/LoadDll.shtml

解决方案2:

下载 detour lib ，里面有很完整的代码
/////////////////////////////////////////////////////////////// Injected Code.
//
#pragma check_stack(off)
#pragma pack(push, 8)
typedef HINSTANCE (WINAPI *PROCLOADLIBRARY)(PWCHAR);
typedef struct {
PROCLOADLIBRARY fnLoadLibrary;
WCHAR wzLibFile[MAX_PATH];
} INJLIBINFO, *PINJLIBINFO;
// Calls to the stack-checking routine must be disabled.
static DWORD WINAPI ThreadFunc(PINJLIBINFO pInjLibInfo) {
// There must be less than a page-worth of local
// variables used in this function.
HINSTANCE hinstLib;
// Call LoadLibrary(A/W) to load the DLL.
hinstLib = pInjLibInfo->fnLoadLibrary(pInjLibInfo->wzLibFile);
return((DWORD) hinstLib);
}
// This function marks the memory address after ThreadFunc.
// ThreadFuncCodeSizeInBytes = (PBYTE) AfterThreadFunc - (PBYTE) ThreadFunc.
static void AfterThreadFunc (void) {
}
#pragma pack(pop)
#pragma check_stack
////////////////////////////////////////////////////////////// Injection Code.
//
static BOOL InjectLibrary(HANDLE hProcess,
  PROCLOADLIBRARY pfLoadLibrary,
  PBYTE pbData,
  DWORD cbData)
{
BOOL fSucceeded = FALSE;
// Initialize the InjLibInfo structure here and then copy
// it to memory in the remote process.
INJLIBINFO InjLibInfo;
InjLibInfo.fnLoadLibrary = pfLoadLibrary;
// The address where code will be copied to in the remote process.
PDWORD pdwCodeRemote = NULL;
// Calculate the number of bytes in the ThreadFunc function.
const int cbCodeSize = ((LPBYTE) AfterThreadFunc - (LPBYTE) ThreadFunc);
// The address where InjLibInfo will be copied to in the remote process.
PINJLIBINFO pInjLibInfoRemote = NULL;
// The number of bytes written to the remote process.
DWORD dwNumBytesXferred = 0;
// The handle and Id of the thread executing the remote copy of ThreadFunc.
DWORD dwThreadId = 0;
const DWORD cbMemSize = cbCodeSize + sizeof(InjLibInfo) + 3;
HANDLE hThread = NULL;
DWORD dwOldProtect;
// Finish initializing the InjLibInfo structure by copying the
// desired DLL's pathname.
CopyMemory(InjLibInfo.wzLibFile, pbData, cbData);
// Allocate memory in the remote process's address space large
// enough to hold our ThreadFunc function and a InjLibInfo structure.
pdwCodeRemote = (PDWORD)VirtualAllocEx(hProcess, NULL, cbMemSize,
   MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (pdwCodeRemote == NULL) {
goto finish;
}
// Change the page protection of the allocated memory
// to executable, read, and write.
if (!VirtualProtectEx(hProcess, pdwCodeRemote, cbMemSize,
  PAGE_EXECUTE_READWRITE, &dwOldProtect)) {
goto finish;
}
// Write a copy of ThreadFunc to the remote process.
if (!WriteProcessMemory(hProcess, pdwCodeRemote,
(LPVOID) ThreadFunc, cbCodeSize, &dwNumBytesXferred)) {
goto finish;
}
// Write a copy of InjLibInfo to the remote process
// (the structure MUST start on an even 32-bit bourdary).
pInjLibInfoRemote = (PINJLIBINFO)(pdwCodeRemote + ((cbCodeSize + 4) & ~3));
// Put InjLibInfo in remote thread's memory block.
if (!WriteProcessMemory(hProcess, pInjLibInfoRemote,
&InjLibInfo, sizeof(InjLibInfo), &dwNumBytesXferred)) {
goto finish;
}
if ((hThread = CreateRemoteThread(hProcess, NULL, 0,
  (LPTHREAD_START_ROUTINE) pdwCodeRemote,
  pInjLibInfoRemote, 0, &dwThreadId)) == NULL) {
goto finish;
}
WaitForSingleObject(hThread, INFINITE);
fSucceeded = TRUE;
  finish:
if (hThread != NULL)
CloseHandle(hThread);
return fSucceeded;
}
//////////////////////////////////////////////////////////////////////////////
//
BOOL WINAPI ContinueProcessWithDllA(HANDLE hProcess, LPCSTR lpDllName)
{
if (lpDllName) {
HINSTANCE hKrnl = GetModuleHandleA("Kernel32");
PROCLOADLIBRARY pfLoadLibrary
= (PROCLOADLIBRARY)GetProcAddress(hKrnl, "LoadLibraryA");
if (!InjectLibrary(hProcess, pfLoadLibrary,
   (PBYTE)lpDllName, strlen(lpDllName) + 1)) {
return FALSE;
}
}
return TRUE;
}