我在玩游戏的时候 金山游侠,变速齿轮 操作不了游戏 这也是权限不够
自己写个Dll setwindowshook让他载入dll 在dll中执行一个函数(PID=0)
BOOL EnableProcPrivilege(DWORD PID)
{
HANDLE hProc, hToken;
BOOL bRetVal;
bRetVal = EnablePrivilege(SE_DEBUG_NAME);
if(bRetVal == FALSE)
return FALSE;
if(PID == 0)
return TRUE;
hProc = ::OpenProcess(PROCESS_ALL_ACCESS, TRUE, PID);
if(hProc == NULL)
return FALSE;
bRetVal = OpenProcessToken(hProc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
if(bRetVal == FALSE)
{
CloseHandle(hProc);
return FALSE;
}
bRetVal = EnablePrivilege(SE_DEBUG_NAME, TRUE, hToken);
CloseHandle(hToken);
CloseHandle(hProc);
if(bRetVal == FALSE)
return FALSE;
return TRUE;
}BOOL EnablePrivilege(TCHAR * name, BOOL fEnable = TRUE, HANDLE hToken = NULL)
{
BOOL bRetVal;
int nError;
HANDLE hNewToken = NULL;
TOKEN_PRIVILEGES priv = { 1, {0, 0, fEnable ? SE_PRIVILEGE_ENABLED : 0} };
LookupPrivilegeValue(0, name, &priv.Privileges[0].Luid);
if(hToken == NULL)
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hNewToken);
else
hNewToken = hToken;
bRetVal = AdjustTokenPrivileges(hNewToken, FALSE, &priv, sizeof(priv), 0, 0);
if(bRetVal == FALSE)
{
nError = ::GetLastError();
if(hToken == NULL) CloseHandle(hNewToken);
::SetLastError(nError);
return FALSE;
}
if(hToken == NULL) CloseHandle(hNewToken);
return TRUE;
}
你可以参考
自己写个Dll setwindowshook让他载入dll 在dll中执行一个函数(PID=0)
BOOL EnableProcPrivilege(DWORD PID)
{
HANDLE hProc, hToken;
BOOL bRetVal;
bRetVal = EnablePrivilege(SE_DEBUG_NAME);
if(bRetVal == FALSE)
return FALSE;
if(PID == 0)
return TRUE;
hProc = ::OpenProcess(PROCESS_ALL_ACCESS, TRUE, PID);
if(hProc == NULL)
return FALSE;
bRetVal = OpenProcessToken(hProc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
if(bRetVal == FALSE)
{
CloseHandle(hProc);
return FALSE;
}
bRetVal = EnablePrivilege(SE_DEBUG_NAME, TRUE, hToken);
CloseHandle(hToken);
CloseHandle(hProc);
if(bRetVal == FALSE)
return FALSE;
return TRUE;
}BOOL EnablePrivilege(TCHAR * name, BOOL fEnable = TRUE, HANDLE hToken = NULL)
{
BOOL bRetVal;
int nError;
HANDLE hNewToken = NULL;
TOKEN_PRIVILEGES priv = { 1, {0, 0, fEnable ? SE_PRIVILEGE_ENABLED : 0} };
LookupPrivilegeValue(0, name, &priv.Privileges[0].Luid);
if(hToken == NULL)
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hNewToken);
else
hNewToken = hToken;
bRetVal = AdjustTokenPrivileges(hNewToken, FALSE, &priv, sizeof(priv), 0, 0);
if(bRetVal == FALSE)
{
nError = ::GetLastError();
if(hToken == NULL) CloseHandle(hNewToken);
::SetLastError(nError);
return FALSE;
}
if(hToken == NULL) CloseHandle(hNewToken);
return TRUE;
}
你可以参考
扫描器(例如金山游侠)打开不了 游戏进程 也就是 OpenProcess 这一步失败的啊
HANDLE hToken=NULL;
if ( OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken) )
{
LookupPrivilegeValue( NULL,SE_DEBUG_NAME,&tkp.Privileges[0].Luid );//修改进程权限
tkp.PrivilegeCount=1;
tkp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges( hToken,FALSE,&tkp,sizeof tkp,NULL,NULL );//通知系统修改进程权限
}
CloseHandle(hToken);这是提升权限的代码
基于你的思路A
在 目的进程中开启远程线程 “using createremotethread()”
执行上述代码即可