-
-
-
[原创]DuplicateHandle初级使用
- 1天前 303
-
int main()
{
printf("我是B,能够获取游戏A进程句柄\r\n");
printf("B MyHandle= %d \r\n", GetCurrentProcessId());
//游戏A PID=8564
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, false, 8564);
printf("游戏A handle= %d \r\n", handle);
DWORD dwAddress = 0x00406DA8;
DWORD dwOut = 0;
ReadProcessMemory(handle, (LPVOID)dwAddress, (LPVOID)&dwOut, sizeof(dwOut), NULL);
printf("游戏A 子弹数量= %d \r\n", dwOut);
system("pause");
return 0;
}
int main()
{
printf("我是进程C,可以操作进程B,无法直接操作游戏A\r\n");
//已知B获取A的句柄
HANDLE copyhandle = (HANDLE)76;
//C能够打开B,获取B的进程句柄
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, false, 3708);
//存放拷贝出来的新句柄
HANDLE newhandle;
//进程拷贝
DuplicateHandle(
handle, //C打开B的进程句柄
copyhandle, //A的进程句柄
GetCurrentProcess(), //本身
&newhandle, //拷贝新的句柄,属于A
0, FALSE, DUPLICATE_SAME_ACCESS); //权限DUPLICATE_SAME_ACCESS
printf("获取A newhandle= %d \r\n", handle);
DWORD dwAddress = 0x00406DA8;
DWORD dwOut = 0;
//A的进程句柄newhandle
ReadProcessMemory(newhandle, (LPVOID)dwAddress, (LPVOID)&dwOut, sizeof(dwOut), NULL);
printf("游戏A 子弹数量= %d \r\n", dwOut);
system("pause");
return 0;
}
DuplicateHandle的详细使用,请参考MSDN!!!
文章来源: https://bbs.pediy.com/thread-260948.htm
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh