tmp = VirtualAllocEx (hProcess, 0, 1024, 4096, 64)
CONTEXT.ContextFlags = 65543
ZwGetContextThread (hThread, CONTEXT)
addr = CONTEXT.Eip ' 保存原有EID,就是运行的位置
CONTEXT.Eip = tmp
Code = { 96, 232, 0, 0, 0, 0, 88, 131, 192, 19, 80, 184 } + 到字节集 (_取函数入口 (“kernel32.dll”, “LoadLibraryA”)) + { 255, 208, 97 } + { 104 } + 到字节集 (addr) + { 195 } + 到字节集 (dll)
WriteProcessMemory_Bin (hProcess, tmp, Code, 取字节集长度 (Code), 0)
ZwSetContextThread (hThread, CONTEXT)
Hi,欢迎访问爱享IT资料源码下载站