CreateRemoteThread和Int32 [英] CreateRemoteThread and Int32

问题描述

嗨！
如何使用Int32参数调用远程线程?
例如，我在远程过程中具有一些本机功能:
void __cdecl Execute(int a)
{
wss1<<(int)a;
MessageBox(NULL，wss1.str().c_str()，NULL，MB_OK);
}

我需要调用此函数.

我的工作:
//声明struct
[StructLayout(LayoutKind.Sequential，Pack = 1，CharSet = CharSet.Ansi)]
构造YourStruct
{
[MarshalAs(UnmanagedType.I4，SizeConst = 4)]
公共Int32 a;
}
//调用我的func
公共IntPtr RunRemoteFunc(IntPtr FuncPtr)
{
IntPtr bytesout;
YourStruct YS = new YourStruct();
YS.a = 777;

int LenWrite = 4;
IntPtr Mem = Marshal.AllocHGlobal(LenWrite);
元帅.StructureToPtr(YS，Mem，true);

IntPtr AllocMem =(IntPtr)NativeMethods.VirtualAllocEx(hProcess，(IntPtr)null，(uint)LenWrite，0x1000，0x40); //分配倒WriteProcessMemory

NativeMethods.WriteProcessMemory(hProcess，AllocMem，Mem，(UIntPtr)Mem.ToInt32()，out bytesout);

IntPtr hThread =(IntPtr)NativeMethods.CreateRemoteThread(hProcess，(IntPtr)null，0，(UIntPtr)FuncPtr.ToInt32()，AllocMem，0，out bytesout);

如果(hThread == IntPtr.Zero)
{
MessageBox.Show("hThread [1]错误！\ n");
返回IntPtr.Zero;
}

int结果= NativeMethods.WaitForSingleObject(hThread，0xFFFFFFFF);
if(结果== 0x00000080L ||结果== 0x00000102L/* ||结果== 0xFFFFFFFF */)
{
MessageBox.Show("hThread [2]错误！\ n");
如果(hThread！= null)
{NativeMethods.CloseHandle(hThread); }
返回IntPtr.Zero;
}

IntPtr Res = IntPtr.0;
bool isSuccess = NativeMethods.GetExitCodeThread(hThread，out Res);

NativeMethods.VirtualFreeEx(hProcess，AllocMem，(UIntPtr)0，0x8000);
如果(hThread！= null)
{NativeMethods.CloseHandle(hThread); }
返回Res;
}

但是结果不是"777"！
请帮帮我...

Hi!
How to call a remote thread with Int32 parameter?
For example I have some native function in remote process:
void __cdecl Execute(int a)
{
wss1<<(int)a;
MessageBox(NULL, wss1.str().c_str() , NULL, MB_OK);
}

And I need to call this function.

What I do:
//declare struct
[StructLayout(LayoutKind.Sequential, Pack = 1, CharSet = CharSet.Ansi)]
struct YourStruct
{
[MarshalAs( UnmanagedType.I4, SizeConst=4)]
public Int32 a;
}
//call my func
public IntPtr RunRemoteFunc(IntPtr FuncPtr)
{
IntPtr bytesout;
YourStruct YS = new YourStruct();
YS.a = 777;

int LenWrite = 4;
IntPtr Mem = Marshal.AllocHGlobal(LenWrite);
Marshal.StructureToPtr(YS,Mem,true);

IntPtr AllocMem = (IntPtr)NativeMethods.VirtualAllocEx(hProcess, (IntPtr)null, (uint)LenWrite, 0x1000, 0x40); //allocation pour WriteProcessMemory

NativeMethods.WriteProcessMemory(hProcess, AllocMem,Mem, (UIntPtr)Mem.ToInt32(), out bytesout);

IntPtr hThread = (IntPtr)NativeMethods.CreateRemoteThread(hProcess, (IntPtr)null, 0,(UIntPtr)FuncPtr.ToInt32(), AllocMem, 0, out bytesout);

if (hThread == IntPtr.Zero)
{
MessageBox.Show(" hThread [ 1 ] Error! \n ");
return IntPtr.Zero;
}

int Result = NativeMethods.WaitForSingleObject(hThread, 0xFFFFFFFF);
if (Result == 0x00000080L || Result == 0x00000102L /*|| Result == 0xFFFFFFFF*/)
{
MessageBox.Show(" hThread [ 2 ] Error! \n ");
if (hThread != null)
{ NativeMethods.CloseHandle(hThread); }
return IntPtr.Zero;
}

IntPtr Res = IntPtr.Zero;
bool isSuccess = NativeMethods.GetExitCodeThread(hThread, out Res);

NativeMethods.VirtualFreeEx(hProcess, AllocMem, (UIntPtr)0, 0x8000);
if (hThread != null)
{ NativeMethods.CloseHandle(hThread); }
return Res;
}

But result is not ''777''!
Please, help me...

推荐答案

选中此

这篇关于CreateRemoteThread和Int32的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！