Delphi-PRAXiS - Einzelnen Beitrag anzeigen

**Zacherl**

Hey,

ich versuche verzweifelt mittelst NtCreateThread einen Thread zu erzeugen. Glaube ich mache irgendwas beim Allozieren des Stacks falsch, denn beide NtAllocateVirtualMemory Funktionen und danach auch die NtCreateThread Funktion schlagen fehl.

zusammenfalten · markieren

Delphi-Quellcode:

			function ThreadProc(P: Pointer): Cardinal; stdcall;

begin

  MessageBox(0, 'Thread', 'Info', MB_SYSTEMMODAL);

end;

procedure DoCreateThread;

const

  THREAD_TERMINATE                 = $0001; 

  THREAD_SUSPEND_RESUME            = $0002; 

  THREAD_GET_CONTEXT               = $0008; 

  THREAD_SET_CONTEXT               = $0010; 

  THREAD_SET_INFORMATION           = $0020; 

  THREAD_QUERY_INFORMATION         = $0040; 

  THREAD_SET_THREAD_TOKEN          = $0080; 

  THREAD_IMPERSONATE               = $0100; 

  THREAD_DIRECT_IMPERSONATION      = $0200; 

  THREAD_SET_LIMITED_INFORMATION   = $0400; 

  THREAD_QUERY_LIMITED_INFORMATION = $0800; 

  THREAD_ALL_ACCESS                = STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or $03FF;

var

  ThreadHandle: Cardinal;

  DesiredAccess: Cardinal;

  ObjectAttributes: OBJECT_ATTRIBUTES;

  ProcessHandle: Cardinal;

  ClientID: CLIENT_ID;

  ThreadContext: CONTEXT;

  UserStack: USER_STACK;

  CreateSuspended: Boolean;

  P: Pointer;

begin

  DesiredAccess := THREAD_ALL_ACCESS;

  ObjectAttributes.Length := SizeOf(OBJECT_ATTRIBUTES);

  ObjectAttributes.RootDirectory := 0;

  ObjectAttributes.ObjectName := nil;

  ObjectAttributes.Attributes := 0;

  ObjectAttributes.SecurityDescriptor := nil;

  ObjectAttributes.SecurityQualityOfService := nil;

  ProcessHandle := GetCurrentProcess;

  FillChar(ThreadContext, SizeOf(CONTEXT), 0);

  ThreadContext.Eip := Longint(@ThreadProc);

 {

  userstack.FixedStackBase        // StackCommit

  userstack.FixedStackLimit       // StackReserve

  userstack.ExpandableStackBase   // StackBase

  userstack.ExpandableStackLimit  // StackLimit

  userstack.ExpandableStackBottom // StackAllocate

                                                   }

  UserStack.FixedStackLimit := Pointer($1000000);

  UserStack.FixedStackBase := Pointer($1000000);

  if not NT_SUCCESS(NtAllocateVirtualMemory(ProcessHandle,

    @UserStack.ExpandableStackBottom, 0, UserStack.FixedStackLimit,

    MEM_RESERVE, PAGE_READWRITE)) then

  begin

    MessageBox(0, 'NtAllocateVirtualMemory1 failed', '', 0);

  end;

  UserStack.ExpandableStackBase := Pointer(Cardinal(UserStack.ExpandableStackBottom)

    + Cardinal(UserStack.FixedStackLimit));

  UserStack.ExpandableStackLimit := Pointer(Cardinal(UserStack.ExpandableStackBase)

    - Cardinal(UserStack.FixedStackBase));

  if not NT_SUCCESS(NtAllocateVirtualMemory(ProcessHandle,

    UserStack.ExpandableStackLimit, 0, UserStack.FixedStackBase,

    MEM_RESERVE, PAGE_READWRITE)) then

  begin

    MessageBox(0, 'NtAllocateVirtualMemory2 failed', '', 0);

  end;

  if not NT_SUCCESS(NtCreateThread(@ThreadHandle, DesiredAccess, @ObjectAttributes,

    ProcessHandle, @ClientID, @ThreadContext, @UserStack, CreateSuspended)) then

  begin

    MessageBox(0, 'NtCreateThread failed', '', 0);

  end;

end;

Weiß da jemand weiter?

Gruß

Einzelnen Beitrag anzeigen

NtCreateThread verwenden