更新时间:2023-01-27 15:14:33
未经检验的,一个可能的方法:
Untested, a possible approach:
创建与使用GetThreadStartInformation()找到缓冲区的地址,然后使用GetCurrentDirectory来填充它的DllMain的DLL。这应该是确定的,因为这两方面的功能都在kernel32中,这始终是present。你需要有一定的结构有返回成功/失败。
Create a DLL with a DllMain that uses GetThreadStartInformation() to find the address of the buffer, and then uses GetCurrentDirectory to populate it. This should be OK, because both of those functions are in kernel32, which is always present. You will need to have some structure there to return success/failure.
广泛的草图:细节保留为锻炼; Tibial!风险:分配内存的CMD.EXE的地址空间,改变其状态。必须小心以称为DllMain中的功能。
Broad sketch: Details left as an excercise! Risks: Allocates memory in the cmd.exe address space, changes its state. Care must be taken with the functions called in DllMain.