zoukankan      html  css  js  c++  java
  • Ring3层代码提权

    BOOL EnableDebugPri64()
    {
        typedef long (__fastcall *pfnRtlAdjustPrivilege64)(ULONG,ULONG,ULONG,PVOID);
        pfnRtlAdjustPrivilege64 RtlAdjustPrivilege;
    
        DWORD                  dwRetVal    = 0;
        LPTHREAD_START_ROUTINE FuncAddress = NULL;
    #ifdef _UNICODE
        FuncAddress = (PTHREAD_START_ROUTINE)::GetProcAddress(::GetModuleHandle(_T("Kernel32")), "LoadLibraryW");
    #else
        FuncAddress = (PTHREAD_START_ROUTINE)::GetProcAddress(::GetModuleHandle(_T("Kernel32")), "LoadLibraryA");
    #endif
    
        if (FuncAddress==NULL)
        {
            return FALSE;
        }
    
    
        RtlAdjustPrivilege=(pfnRtlAdjustPrivilege64)GetProcAddress((HMODULE)(FuncAddress(L"ntdll.dll")),"RtlAdjustPrivilege");
    
        if (RtlAdjustPrivilege==NULL)
        {
            return FALSE;
        }
        RtlAdjustPrivilege(20,1,0,&dwRetVal);
    }
    BOOL EnableDebugPri32()
    {
    
        HANDLE hToken;
        TOKEN_PRIVILEGES pTP;
        LUID uID;
    
        if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
        {
            printf("OpenProcessToken is Error
    ");
    
            return FALSE;
        }
    
        if (!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&uID))
        {
            printf("LookupPrivilegeValue is Error
    ");
    
            return FALSE;
        }
    
    
        pTP.PrivilegeCount = 1;
        pTP.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
        pTP.Privileges[0].Luid = uID;
    
    
        //在这里我们进行调整权限
        if (!AdjustTokenPrivileges(hToken,false,&pTP,sizeof(TOKEN_PRIVILEGES),NULL,NULL))
        {
            printf("AdjuestTokenPrivileges is Error
    ");
            return  FALSE;
        }
    
    
        return TRUE;
    
    }
  • 相关阅读:
    虚拟PC上网设置
    打造无线AP
    ftp密码修改
    桌面
    红蜘蛛
    C++ Zip压缩解压缩[支持递归压缩]
    C++通过访问注册表获取已安装软件信息列表
    IOS Simulator Create Keyboard Shortcut
    简单的silverlight切图程序
    silverlight 反射调用WebService
  • 原文地址:https://www.cnblogs.com/yifi/p/6527700.html
Copyright © 2011-2022 走看看