找了一些資料 權限提升並將DLL 插入系統進程 但是系統進程就是沒被插入 權限提升過程中也都沒生生錯誤 這是為何阿 ? 代碼如下://權限提升
LUID luid;
char privilegename[100]=SE_DEBUG_NAME;
if(!LookupPrivilegeValue(NULL,privilegename,&luid))
{
printf("\nLookupPrivilegeValue error:%d", GetLastError() );
return FALSE;
}
HANDLE hToken;
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
{
printf("\nOpenProcessToken error:%d", GetLastError() );
return FALSE;
}TOKEN_PRIVILEGES Tkp;
Tkp.PrivilegeCount=1;
Tkp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
Tkp.Privileges[0].Luid=luid;
DWORD dwRet;
if(!AdjustTokenPrivileges(hToken,FALSE,&Tkp,sizeof(TOKEN_PRIVILEGES),NULL,&dwRet))
{
printf("\nAdjustTokenPrivileges error:%d", GetLastError() );
return FALSE;
}
CloseHandle(hToken);
//遠程插入DLL
char lpName[]="winlogon.exe" ;
PROCESSENTRY32 pe;
pe.dwSize = sizeof ( PROCESSENTRY32 );
for(BOOL fOk=Process32First(hSnapshot,&pe);fOk;fOk=Process32Next(hSnapshot,&pe))
{
if( !strcmp(pe.szExeFile,lpName) )
{
HANDLE hRemoteProcess=OpenProcess(PROCESS_ALL_ACCESS,false,pe.th32ProcessID ) ;
if(hRemoteProcess==NULL)
{
printf("OpenProcess:%d\n",GetLastError());
return 0;
}
LPVOID pszInspectDllRemote = VirtualAllocEx ( hRemoteProcess,
NULL, sizeof("hook.dll")+1 , MEM_COMMIT, PAGE_READWRITE ) ;
if(pszInspectDllRemote==NULL)
{
printf("VirtualAllocEx:%d\n",GetLastError());
return 0;
}
WriteProcessMemory(hRemoteProcess,pszInspectDllRemote,
(LPVOID)"kook.dll",sizeof("hook.dll")+1, NULL);
if(pszInspectDllRemote==NULL)
{
printf("WriteProcessMemory:%d\n",GetLastError());
return 0;
}
HANDLE hInspectRemoteThread = CreateRemoteThread ( hRemoteProcess, NULL,0,
(LPTHREAD_START_ROUTINE)LoadLibraryA, pszInspectDllRemote, 0, NULL ) ;
if(hInspectRemoteThread==NULL)
{
printf("CreateRemoteThread:%d\n",GetLastError());
return 0;
}-------------------------------------------------------------------------------
拜託高手看一下 , 是哪個環節出了差錯~~小弟在此感激不盡 , 謝謝!!
LUID luid;
char privilegename[100]=SE_DEBUG_NAME;
if(!LookupPrivilegeValue(NULL,privilegename,&luid))
{
printf("\nLookupPrivilegeValue error:%d", GetLastError() );
return FALSE;
}
HANDLE hToken;
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
{
printf("\nOpenProcessToken error:%d", GetLastError() );
return FALSE;
}TOKEN_PRIVILEGES Tkp;
Tkp.PrivilegeCount=1;
Tkp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
Tkp.Privileges[0].Luid=luid;
DWORD dwRet;
if(!AdjustTokenPrivileges(hToken,FALSE,&Tkp,sizeof(TOKEN_PRIVILEGES),NULL,&dwRet))
{
printf("\nAdjustTokenPrivileges error:%d", GetLastError() );
return FALSE;
}
CloseHandle(hToken);
//遠程插入DLL
char lpName[]="winlogon.exe" ;
PROCESSENTRY32 pe;
pe.dwSize = sizeof ( PROCESSENTRY32 );
for(BOOL fOk=Process32First(hSnapshot,&pe);fOk;fOk=Process32Next(hSnapshot,&pe))
{
if( !strcmp(pe.szExeFile,lpName) )
{
HANDLE hRemoteProcess=OpenProcess(PROCESS_ALL_ACCESS,false,pe.th32ProcessID ) ;
if(hRemoteProcess==NULL)
{
printf("OpenProcess:%d\n",GetLastError());
return 0;
}
LPVOID pszInspectDllRemote = VirtualAllocEx ( hRemoteProcess,
NULL, sizeof("hook.dll")+1 , MEM_COMMIT, PAGE_READWRITE ) ;
if(pszInspectDllRemote==NULL)
{
printf("VirtualAllocEx:%d\n",GetLastError());
return 0;
}
WriteProcessMemory(hRemoteProcess,pszInspectDllRemote,
(LPVOID)"kook.dll",sizeof("hook.dll")+1, NULL);
if(pszInspectDllRemote==NULL)
{
printf("WriteProcessMemory:%d\n",GetLastError());
return 0;
}
HANDLE hInspectRemoteThread = CreateRemoteThread ( hRemoteProcess, NULL,0,
(LPTHREAD_START_ROUTINE)LoadLibraryA, pszInspectDllRemote, 0, NULL ) ;
if(hInspectRemoteThread==NULL)
{
printf("CreateRemoteThread:%d\n",GetLastError());
return 0;
}-------------------------------------------------------------------------------
拜託高手看一下 , 是哪個環節出了差錯~~小弟在此感激不盡 , 謝謝!!
我受够了这种DLL!