C# (CSharp) WindowsApi ProcessAPI.CreateRemoteThread示例

编程语言: C# (CSharp)

命名空间/包名称: WindowsApi

类/类型: ProcessAPI

方法/功能: CreateRemoteThread

hotexamples.com的示例: 2

C# (CSharp) WindowsApi ProcessAPI.CreateRemoteThread - 已找到2个示例。这些是从开源项目中提取的最受好评的WindowsApi.ProcessAPI.CreateRemoteThread现实C# (CSharp)示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

CloseHandle(5)

OpenProcess(3)

CreateRemoteThread(2)

GetModuleHandle(2)

GetProcAddress(2)

示例#1

显示文件

文件： RemoteExcuteAPI.cs 项目： ss22219/ClrInvoke

        public static bool ExcuteRemoteFunction(int processId, IntPtr lpFuncAddress, byte[] param)
        {
            var hndProc = ProcessAPI.OpenProcess(
                ProcessAPI.ProcessAccessFlags.CreateThread | ProcessAPI.ProcessAccessFlags.VirtualMemoryOperation |
                ProcessAPI.ProcessAccessFlags.VirtualMemoryRead | ProcessAPI.ProcessAccessFlags.VirtualMemoryWrite
                | ProcessAPI.ProcessAccessFlags.QueryInformation
                , true, processId);

            if (hndProc == IntPtr.Zero)
            {
                return(false);
            }

            var lpAddress = MemoryAPI.VirtualAllocEx(hndProc, (IntPtr)null, (IntPtr)param.Length, (0x1000 | 0x2000), 0X40);

            if (lpAddress == IntPtr.Zero)
            {
                ProcessAPI.CloseHandle(hndProc);
                return(false);
            }

            if (MemoryAPI.WriteProcessMemory(hndProc, lpAddress, param, (uint)param.Length, 0) == 0)
            {
                ProcessAPI.CloseHandle(hndProc);
                return(false);
            }

            if (ProcessAPI.CreateRemoteThread(hndProc, (IntPtr)null, IntPtr.Zero, lpFuncAddress, lpAddress, 0, (IntPtr)null) == IntPtr.Zero)
            {
                ProcessAPI.CloseHandle(hndProc);
                return(false);
            }
            return(true);
        }

示例#2

显示文件

文件： RemoteExcuteAPI.cs 项目： ss22219/CSharpHookCPlus

 /// <summary>
 /// 执行远程进程上的函数
 /// </summary>
 /// <typeparam name="T"></typeparam>
 /// <param name="hndProc">进程句柄</param>
 /// <param name="moduleName">模块名称</param>
 /// <param name="lpFuncAddress">远程函数地址</param>
 /// <param name="lpParamAddress">远程参数地址</param>
 /// <param name="param"></param>
 /// <returns></returns>
 public static bool ExcuteRemoteFunction(IntPtr hndProc, IntPtr lpFuncAddress, IntPtr lpParamAddress)
 {
     if (hndProc == IntPtr.Zero)
     {
         return(false);
     }
     if (lpFuncAddress == IntPtr.Zero)
     {
         return(false);
     }
     return(ProcessAPI.CreateRemoteThread(hndProc, (IntPtr)null, IntPtr.Zero, lpFuncAddress, lpParamAddress, 0, (IntPtr)null) != IntPtr.Zero);
 }