Реферат: Перехват API-функций в Windows NT2000XP

PROCESS_VM_OPERATION, FALSE, pid);

if(hProcess == NULL)

{

MessageBoxA(NULL, "You have not enough rights to attach dlls",

"Error!", 0);

return FALSE;

}

//зарезервировать память в процессе

p_code = (BYTE*)VirtualAllocEx(hProcess, 0, sizeof(INJECTORCODE),

MEM_COMMIT, PAGE_EXECUTE_READWRITE);

if(p_code==NULL)

{

MessageBox(NULL, "Unable to alloc memory in remote process",

"Error!", 0);

return FALSE;

}

//инициализировать машинный код

cmds.instr_push_loadlibrary_arg = 0x68; //машинный код инструкции push

cmds.loadlibrary_arg = (DWORD)((BYTE*)p_code

+ offsetof(INJECTORCODE, libraryname));

cmds.instr_call_loadlibrary = 0x15ff; //машинныйкодинструкции call

cmds.adr_from_call_loadlibrary =

(DWORD)(p_code + offsetof(INJECTORCODE, addr_loadlibrary));

cmds.instr_push_exitthread_arg = 0x68;

cmds.exitthread_arg = 0;

cmds.instr_call_exitthread = 0x15ff;

cmds.adr_from_call_exitthread =

(DWORD)(p_code + offsetof(INJECTORCODE, addr_exitthread));

cmds.addr_loadlibrary =