x32下的DLL隐藏(2)
发布时间:2021-01-07 01:11 所属栏目:52 来源:网络整理
导读:检测: MEMORY_BASIC_INFORMATION mbi_thunk; PVOID AllocationBase = NULL; TCHAR FilePath[MAX_PATH]; for (LPSTR Addr = (LPSTR)0x00000000; ::VirtualQueryEx(hProcess,Addr,mbi_thunk,sizeof(mbi_thunk)); Addr
检测: MEMORY_BASIC_INFORMATION mbi_thunk; PVOID AllocationBase = NULL; TCHAR FilePath[MAX_PATH]; for (LPSTR Addr = (LPSTR)0x00000000; ::VirtualQueryEx(hProcess,Addr,&mbi_thunk,sizeof(mbi_thunk)); Addr = LPSTR(mbi_thunk.BaseAddress) + mbi_thunk.RegionSize) { if ((mbi_thunk.AllocationBase > AllocationBase) && (GetMappedFileName(hProcess,mbi_thunk.BaseAddress,FilePath,_countof(FilePath)) > 0)) { AllocationBase = mbi_thunk.AllocationBase; KdPrint((_T("MODULE:%x,%s\r\n"),AllocationBase,FilePath)); } } (编辑:ASP站长网) |
相关内容
网友评论
推荐文章
热点阅读