Freelibrary using remote thread
In the book Windows via C/C++, Part IV , Chapter 22 - Injecting a Dll Using Remote Thread开发者_运维百科.
In the function BOOL WINAPI EjectLibW(DWORD dwProcessId, PCWSTR pszLibFile)
, the code:
hThread = CreateRemoteThread(hProcess, NULL, 0,
pfnThreadRtn, me.modBaseAddr, 0, NULL);
My Question:
Why the 5th param
is not me.hModule
? the Freelibrary
func
need a param
of hModule
.
This is a typo, but still works because HINSTANCEs/HMODULEs are now simply a pointer to the address where the DLL is mapped in the process's VA space.
Also, please don't inject threads into arbitrary processes, it is very tricky to get right in the general case.
精彩评论