想将经常用到的功能函数写在一起,花时间精心维护,然后以后就用起来就舒服很多了

目前就写了进程调试权限,远程线程注入,远程线程释放这三个函数.还有很多功能,以后慢慢加

 // last code by gwsbhqt@163.com at 20150708

 #pragma once

 #ifndef ENHANCEFUNC_H

 #define ENHANCEFUNC_H

 #include <cstdio>

 #include <windows.h>

 using namespace std;

 BOOL EnableDebugPrivileges();

 HANDLE RemoteThreadInjection(HANDLE hProcess, LPCSTR lpLibFilePath, LPDWORD lpRemoteThreadId = NULL);

 BOOL RemoteThreadFreeing(HANDLE hProcess, LPCSTR lpLibFilePath, DWORD dwMilliseconds = INFINITE);

 #endif    //    def    ENHANCEFUNC_H

EnhanceFunc.h

 // last code by gwsbhqt@163.com at 20150708

 #include "EnhanceFunc.h"

 BOOL EnableDebugPrivileges()

 {

     HANDLE hToken;

     if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))

         return FALSE;

     LUID luid = {};

     if (!LookupPrivilegeValueA(NULL, "SeDebugPrivilege", &luid))

     {

         CloseHandle(hToken);

         return FALSE;

     }

     TOKEN_PRIVILEGES tp = {};

     tp.PrivilegeCount = ;

     tp.Privileges[].Luid = luid;

     tp.Privileges[].Attributes = SE_PRIVILEGE_ENABLED;

     if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL))

     {

         CloseHandle(hToken);

         return FALSE;

     }

     CloseHandle(hToken);

     return TRUE;

 }

 HANDLE RemoteThreadInjection(HANDLE hProcess, LPCSTR lpLibFilePath, LPDWORD lpRemoteThreadId)

 {

     int len = strlen(lpLibFilePath) + ;

     LPVOID lpVir = VirtualAllocEx(hProcess, NULL, len, MEM_COMMIT, PAGE_EXECUTE_READWRITE);

     if (NULL == lpVir)

         return ERROR;

     if (!WriteProcessMemory(hProcess, lpVir, lpLibFilePath, len, NULL))

     {

         VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);

         return ERROR;

     }

     HMODULE hModule = GetModuleHandleA("Kernel32.dll");

     if (NULL == hModule)

     {

         hModule = LoadLibraryA("Kernel32.dll");

         if (NULL == hModule)

         {

             VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);

             return ERROR;

         }

     }

     FARPROC fpProc = GetProcAddress(hModule, "LoadLibraryA");

     if (NULL == fpProc)

     {

         FreeLibrary(hModule);

         VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);

         return ERROR;

     }

     DWORD dwRemoteThreadId;

     HANDLE hRemoteThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)fpProc, lpVir, NULL, &dwRemoteThreadId);

     if (NULL == hRemoteThread)

     {

         FreeLibrary(hModule);

         VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);

         return ERROR;

     }

     if (NULL != lpRemoteThreadId)

         *lpRemoteThreadId = dwRemoteThreadId;

     FreeLibrary(hModule);

     VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);

     return hRemoteThread;

 }

 BOOL RemoteThreadFreeing(HANDLE hProcess, LPCSTR lpLibFilePath, DWORD dwMilliseconds)

 {

     int len = strlen(lpLibFilePath) + ;

     LPVOID lpVir = VirtualAllocEx(hProcess, NULL, len, MEM_COMMIT, PAGE_EXECUTE_READWRITE);

     if (NULL == lpVir)

         return FALSE;

     if (!WriteProcessMemory(hProcess, lpVir, lpLibFilePath, len, NULL))

     {

         VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);

         return FALSE;

     }

     HMODULE hModule = GetModuleHandleA("Kernel32.dll");

     if (NULL == hModule)

     {

         hModule = LoadLibraryA("Kernel32.dll");

         if (NULL == hModule)

         {

             VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);

             return FALSE;

         }

     }

     FARPROC fpProc = GetProcAddress(hModule, "GetModuleHandleA");

     if (NULL == fpProc)

     {

         FreeLibrary(hModule);

         VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);

         return FALSE;

     }

     HANDLE hRemoteThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)fpProc, lpVir, NULL, NULL);

     if (NULL == hRemoteThread)

     {

         FreeLibrary(hModule);

         VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);

         return FALSE;

     }

     if (WAIT_OBJECT_0 != WaitForSingleObject(hRemoteThread, dwMilliseconds))

     {

         CloseHandle(hRemoteThread);

         FreeLibrary(hModule);

         VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);

         return FALSE;

     }

     DWORD dwExitCode;

     if (!GetExitCodeThread(hRemoteThread, &dwExitCode))    //    dwExitCode is hRemoteLibModule

     {

         CloseHandle(hRemoteThread);

         FreeLibrary(hModule);

         VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);

         return FALSE;

     }

     CloseHandle(hRemoteThread);

     VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);

     //    CreateRemoteThread the second times

     fpProc = GetProcAddress(hModule, "FreeLibrary");

     if (NULL == fpProc)

     {

         FreeLibrary(hModule);

         return FALSE;

     }

     hRemoteThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)fpProc, (LPVOID)((HMODULE)dwExitCode), NULL, NULL);

     if (NULL == hRemoteThread)

     {

         FreeLibrary(hModule);

         return FALSE;

     }

     if (WAIT_OBJECT_0 != WaitForSingleObject(hRemoteThread, dwMilliseconds))

     {

         CloseHandle(hRemoteThread);

         FreeLibrary(hModule);

         return FALSE;

     }

     if (!GetExitCodeThread(hRemoteThread, &dwExitCode))    //    dwExitCode is the return value of Remote FreeLibrary

     {

         CloseHandle(hRemoteThread);

         FreeLibrary(hModule);

         return FALSE;

     }

     FreeLibrary(hModule);

     CloseHandle(hRemoteThread);

     return (BOOL)dwExitCode;

 }

EnhanceFunc.cpp

 #include <cstdio>

 #include <windows.h>

 #include "EnhanceFunc.h"

 using namespace std;

 int main()

 {

     char cTargetDllPath[MAX_PATH] = "C:\\DLL.dll";    //    suppose I have a dll file in this path

     printf("Enable Debug Privilege %s...\n", EnableDebugPrivileges() ? "Succeed" : "Faild");

     system("pause > nul");

     STARTUPINFOA si = {};

     si.cb = sizeof(si);

     PROCESS_INFORMATION pi = {};

     CreateProcessA(NULL, "C:\\Windows\\System32\\calc.exe", NULL, NULL, FALSE, NULL, NULL, NULL, &si, &pi);

     system("pause > nul");

     printf("DLL.dll Inject %s...\n", RemoteThreadInjection(pi.hProcess, cTargetDllPath) ? "Succeed" : "Faild");

     system("pause > nul");

     printf("DLL.dll Freeing %s...\n", RemoteThreadFreeing(pi.hProcess, cTargetDllPath) ? "Succeed" : "Faild");

     system("pause > nul");

     TerminateProcess(pi.hProcess, NULL);

     system("pause > nul && exit");

     return ;

 }

main.cpp

EnhanceFunc__增强函数集的更多相关文章

  1. C语言通用双向循环链表操作函数集

    说明 相比Linux内核链表宿主结构可有多个链表结构的优点,本函数集侧重封装性和易用性,而灵活性和效率有所降低.     可基于该函数集方便地构造栈或队列集.     本函数集暂未考虑并发保护. 一  ...

  2. Linux字符串函数集

    //Linux字符串函数集: 头文件:string.h 函数名: strstr 函数原型:extern char *strstr(char *str1, char *str2); 功能:找出str2字 ...

  3. 使用Word API打开Word文档 ASP.NET编程中常用到的27个函数集

    使用Word API(非Openxml)打开Word文档简单示例(必须安装Word) 首先需要引入参照Microsoft.Office.Interop.Word 代码示例如下: public void ...

  4. makefile 函数集

    1 if 函数 语法 $(if CONDITION,THEN-PART[,ELSE-PART]) 功能 第一个参数"CONDITION",在函数执行时忽略其前导和结尾空字符,如果包 ...

  5. javascript string 函数集

    JavaScript_String对象说明 string中文为"字符串"的意思,String继承自Object对象,此对象提供字符串的查找操作等函数 JavaScript字符串类型 ...

  6. [转]js中获取时间的函数集

    $(function(){ var mydate = new Date(); var t=mydate.toLocaleString(); $("#time").text(t); ...

  7. PHP 通用检测函数集

    // ※CheckMoney($C_Money) 检查数据是否是99999.99格式 // ※CheckEmailAddr($C_mailaddr) 判断是否为有效邮件地址 // ※CheckWebA ...

  8. php常用函数集

    网络请求: /** * 发起HTTPS请求 */ function curl_post($url,$data=null,$header=null,$post=0) { //初始化curl $ch = ...

  9. JS判断字符串是否为空、过滤空格、查找字符串位置等函数集

    这是一个由网上收集的JS代码段,用于判断指定字符串是否为空,过滤字符串中某字符两边的空格.查找指定字符串开始的位置.使用IsFloat函数判断一 个字符串是否由数字(int or long or fl ...

随机推荐

  1. hbase-2.0.4集群部署

    hbase-2.0.4集群部署 1. 集群节点规划: rzx1 HMaster,HRegionServer rzx2 HRegionServer rzx3 HRegionServer 前提:搭建好ha ...

  2. 遍历实例化swiper

    var list = $('.p04-s2 li'); list.each(function (index) { new Swiper ($(this).find('.swiper-container ...

  3. 深入理解MAGENTO – 第八章 – 深入MAGENTO的系统配置

    (以下是原文) Last time we talked about Magento’s System Configuration system. If you missed it, you’ll wa ...

  4. Vue学习笔记【15】——Vue实例的生命周期

    生命周期与生命周期钩子 什么是生命周期:从Vue实例创建.运行.到销毁期间,总是伴随着各种各样的事件,这些事件,统称为生命周期! 生命周期钩子:就是生命周期事件的别名而已: 生命周期钩子 = 生命周期 ...

  5. 【网络】Ping 的TTL理解

    一.含义 “TTL”是生存时间(Time To Live)的意思 关于时间与跳的讨论, https://www.zhihu.com/question/61007907 一开始理解为time to le ...

  6. elementUI表格行的点击事件,点击表格,拿到当前行的数据

    1.绑定事件 2.定义事件 3.点击表格某行的时候,拿到数据]

  7. 详解Windows注册表分析取证

    大多数都知道windows系统中有个叫注册表的东西,但却很少有人会去深入的了解它的作用以及如何对它进行操作.然而对于计算机取证人员来说注册表无疑是块巨大的宝藏.通过注册表取证人员能分析出系统发生了什么 ...

  8. systemctl命令配置系统服务

    1.systemd的配置文件目录 systemd将daemon执行的脚本视作服务单位(unit),服务依据功能区分时,分为不同的类型(type). 常见的systemd服务类型如下表: 后缀名称    ...

  9. HDU 6667 Roundgod and Milk Tea (思维)

    2019 杭电多校 8 1011 题目链接:HDU 6667 比赛链接:2019 Multi-University Training Contest 8 Problem Description Rou ...

  10. 2.执行计划(explain)分析

    1.使用场景 获取执行计划命令:在select 命令前加上explain 或 desc explain select 或 desc select 1.语句执行之前 :防患于未然 2.出现慢语句时 :亡 ...