2024年1月24日发(作者:)
//ThreadProc()BYTE g_InjectionCode[] ={ 0x55, 0x8B, 0xEC, 0x8B, 0x75, 0x08, 0x68, 0x6C, 0x6C, 0x00,0x00, 0x68, 0x33, 0x32, 0x2E, 0x64, 0x68, 0x75, 0x73, 0x65,0x72, 0x54, 0xFF, 0x16, 0x68, 0x6F, 0x78, 0x41, 0x00, 0x68,0x61, 0x67, 0x65, 0x42, 0x68, 0x4D, 0x65, 0x73, 0x73, 0x54,0x50, 0xFF, 0x56, 0x04, 0x6A, 0x00, 0xE8, 0x0C, 0x00, 0x00,0x00, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x43, 0x6F,0x72, 0x65, 0x00, 0xE8, 0x14, 0x00, 0x00, 0x00, 0x77, 0x77,0x77, 0x2E, 0x72, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x63,0x6F, 0x72, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x00, 0x6A, 0x00,0xFF, 0xD0, 0x33, 0xC0, 0x8B, 0xE5, 0x5D, 0xC3
};
//提权函数BOOL SetPrivilege(LPCTSTR lpszPrivilege, BOOL bEnablePrivilege){TOKEN_PRIVILEGES tp;HANDLE hToken;LUID luid;
if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken)){printf("OpenProcessToken error: %un", GetLastError());return FALSE;}
if (!LookupPrivilegeValue(NULL, // lookup privilege on local system
lpszPrivilege, // privilege to lookup&luid)) // receives LUID of privilege{printf("LookupPrivilegeValue error: %un", GetLastError());return FALSE;}
egeCount = 1;eges[0].Luid = luid;if (bEnablePrivilege)eges[0].Attributes = SE_PRIVILEGE_ENABLED;eges[0].Attributes = 0;
// Enable the privilege or disable all (!AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),(PTOKEN_PRIVILEGES)NULL,(PDWORD)NULL)){printf("AdjustTokenPrivileges error: %un", GetLastError());return FALSE;}
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED){printf("The token does not have the specified privilege. n");return FALSE;}
return TRUE;}
发布评论