#pragma once#include #include #include "stdio.h"//线程参数结构体定义typedef struct _RemoteParam { char szMsg[12]; //MessageBox函数中显示的字符提示 DWORD dwMessageBox;//MessageBox函数的入口地址} RemoteParam, * PRemoteParam;//定义MessageBox类型的函数指针typedef int (__stdcall * PFN_MESSAGEBOX)(HWND, LPCTSTR, LPCTSTR, DWORD);

//线程函数定义DWORD __stdcall threadProc(LPVOID lParam){ //只要使用api必须拦截 !!!!!!!! RemoteParam* pRP = (RemoteParam*)lParam; PFN_MESSAGEBOX pfnMessageBox; pfnMessageBox = (PFN_MESSAGEBOX)pRP->dwMessageBox; //就是这句有错！！！！！！！！！ pfnMessageBox(NULL, pRP->szMsg, pRP->szMsg, 0); return 0;}//提升进程访问权限bool enableDebugPriv(){ HANDLE hToken; LUID sedebugnameValue; TOKEN_PRIVILEGES tkp; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { return false; } if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue)) { CloseHandle(hToken); return false; } tkp.PrivilegeCount = 1; tkp.Privileges[0].Luid = sedebugnameValue; tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL)) { CloseHandle(hToken); return false; } return true;}

//根据进程名称得到进程ID,如果有多个运行实例的话，返回第一个枚举到的进程的IDDWORD processNameToId(LPCTSTR lpszProcessName){ HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); PROCESSENTRY32 pe; pe.dwSize = sizeof(PROCESSENTRY32); if (!Process32First(hSnapshot, &pe)) { MessageBox(NULL, "The frist entry of the process list has not been copyied to the buffer", "Notice", MB_ICONINFORMATION | MB_OK); return 0; } while (Process32Next(hSnapshot, &pe)) { if (!strcmp(lpszProcessName, pe.szExeFile)) { return pe.th32ProcessID; } } return 0;}int main(int argc, char* argv[]){ //定义线程体的大小 const DWORD dwThreadSize = 4096; DWORD dwWriteBytes; //提升进程访问权限 enableDebugPriv(); //等待输入进程名称，注意大小写匹配 char szExeName[MAX_PATH] = { 0 };// cout<< "Please input the name of target process !" <> szExeName;// cout<不过有个困扰我的问题：就是在前面加上 #include using namespace std;然后在主程序里输入进程名时不用scanf,而用cin,程序执行完就会弹出非法操作对话筐我百思不得其解，望高手指点迷津。。。。。。。这个程序在网上也能找到，献丑了