[创建线程]
HANDLE CreateThread(
LPSECURITY_ATTRIBUTES lpThreadAttributes; // NULL
DWORD dwStackSize, // 0
LPTHREAD_START_ROUTINE lpStartAddress, // ....
LPVOID lpParameter, // ....
DWORD dwCreationFlags, // 0
LPDWORD lpThreadId // NULL
);
HANDLE CreateRemoteThread(
HANDLE hProcess, // ....
LPSECURITY_ATTRIBUTES lpThreadAttributes; // NULL
DWORD dwStackSize, // 0
LPTHREAD_START_ROUTINE lpStartAddress, // ....
LPVOID lpParameter, // ....
DWORD dwCreationFlags, // 0
LPDWORD lpThreadId // NULL
);
// 从某种意义上说
CreateThread(...)
{
CreateRemoteThread(GetCurrentProcess(), ...);
}
[事件同步处理]
WaitForSingleObject(
HANDLE hHandle,
DWORD dwTimeOut // INFINITE
);
WaitForMultipleObject(
DWORD nCount,
CONST HANDLE * lpHandle,
BOOL fWaitAll,
DWORD dwTimeOut
);
CRTICAL_SECTION m_cs;
InitializeCriticalSection(&m_cs);
DeleteCriticalSection(&m_cs);
EnterCriticalSection(&m_cs);
LeaveCriticalSection(&m_cs);
[DLL 的动态加载和卸载]
HANDLE LoadLibrary( LPCTSTR lpFileName );
FARPROC GetProcAddress(
HMODULE hModule,
LPCTSTR lpProcName
);
BOOL FreeLibrary( HMODULE hModule );
[(远程)目标进程内存空间的操作:分配内存空间和向内存空间写入数据]
LPVOID VirtualAllocEx(
HANDLE hProcess, // 目标进程
LPVOID lpAddress, // 开始地址 NULL
SIZE_T dwSize, // 分配大小
DWORD flAllocationType, // 申请内存的状态类型 MEM_COMMIT
DWORD flProtect // 申请内存的内存属性 PAGE_READWRITE
);
WriteProcessMemory(
HANDLE hProcess, // 目标进程句柄
LPVOID lpBaseAddress, // 写入内存的起始地址
LPVOID lpBuffer, // 内容缓冲区(源地址)
DWORD nSize // 写入内容的长度
);
时间: 2024-10-24 03:42:53