EnhanceFunc__增强函数集
想将经常用到的功能函数写在一起,花时间精心维护,然后以后就用起来就舒服很多了
目前就写了进程调试权限,远程线程注入,远程线程释放这三个函数.还有很多功能,以后慢慢加
// last code by gwsbhqt@163.com at 20150708 #pragma once #ifndef ENHANCEFUNC_H
#define ENHANCEFUNC_H #include <cstdio>
#include <windows.h> using namespace std; BOOL EnableDebugPrivileges(); HANDLE RemoteThreadInjection(HANDLE hProcess, LPCSTR lpLibFilePath, LPDWORD lpRemoteThreadId = NULL);
BOOL RemoteThreadFreeing(HANDLE hProcess, LPCSTR lpLibFilePath, DWORD dwMilliseconds = INFINITE); #endif // def ENHANCEFUNC_H
EnhanceFunc.h
// last code by gwsbhqt@163.com at 20150708 #include "EnhanceFunc.h" BOOL EnableDebugPrivileges()
{
HANDLE hToken;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
return FALSE; LUID luid = {};
if (!LookupPrivilegeValueA(NULL, "SeDebugPrivilege", &luid))
{
CloseHandle(hToken);
return FALSE;
} TOKEN_PRIVILEGES tp = {};
tp.PrivilegeCount = ;
tp.Privileges[].Luid = luid;
tp.Privileges[].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL))
{
CloseHandle(hToken);
return FALSE;
} CloseHandle(hToken);
return TRUE;
} HANDLE RemoteThreadInjection(HANDLE hProcess, LPCSTR lpLibFilePath, LPDWORD lpRemoteThreadId)
{
int len = strlen(lpLibFilePath) + ; LPVOID lpVir = VirtualAllocEx(hProcess, NULL, len, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (NULL == lpVir)
return ERROR; if (!WriteProcessMemory(hProcess, lpVir, lpLibFilePath, len, NULL))
{
VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);
return ERROR;
} HMODULE hModule = GetModuleHandleA("Kernel32.dll");
if (NULL == hModule)
{
hModule = LoadLibraryA("Kernel32.dll");
if (NULL == hModule)
{
VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);
return ERROR;
}
} FARPROC fpProc = GetProcAddress(hModule, "LoadLibraryA");
if (NULL == fpProc)
{
FreeLibrary(hModule);
VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);
return ERROR;
} DWORD dwRemoteThreadId;
HANDLE hRemoteThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)fpProc, lpVir, NULL, &dwRemoteThreadId);
if (NULL == hRemoteThread)
{
FreeLibrary(hModule);
VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);
return ERROR;
} if (NULL != lpRemoteThreadId)
*lpRemoteThreadId = dwRemoteThreadId; FreeLibrary(hModule);
VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);
return hRemoteThread;
} BOOL RemoteThreadFreeing(HANDLE hProcess, LPCSTR lpLibFilePath, DWORD dwMilliseconds)
{
int len = strlen(lpLibFilePath) + ; LPVOID lpVir = VirtualAllocEx(hProcess, NULL, len, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (NULL == lpVir)
return FALSE; if (!WriteProcessMemory(hProcess, lpVir, lpLibFilePath, len, NULL))
{
VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);
return FALSE;
} HMODULE hModule = GetModuleHandleA("Kernel32.dll");
if (NULL == hModule)
{
hModule = LoadLibraryA("Kernel32.dll");
if (NULL == hModule)
{
VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);
return FALSE;
}
} FARPROC fpProc = GetProcAddress(hModule, "GetModuleHandleA");
if (NULL == fpProc)
{
FreeLibrary(hModule);
VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);
return FALSE;
} HANDLE hRemoteThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)fpProc, lpVir, NULL, NULL);
if (NULL == hRemoteThread)
{
FreeLibrary(hModule);
VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);
return FALSE;
} if (WAIT_OBJECT_0 != WaitForSingleObject(hRemoteThread, dwMilliseconds))
{
CloseHandle(hRemoteThread);
FreeLibrary(hModule);
VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);
return FALSE;
} DWORD dwExitCode;
if (!GetExitCodeThread(hRemoteThread, &dwExitCode)) // dwExitCode is hRemoteLibModule
{
CloseHandle(hRemoteThread);
FreeLibrary(hModule);
VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE);
return FALSE;
} CloseHandle(hRemoteThread);
VirtualFreeEx(hProcess, lpVir, len, MEM_RELEASE); // CreateRemoteThread the second times fpProc = GetProcAddress(hModule, "FreeLibrary");
if (NULL == fpProc)
{
FreeLibrary(hModule);
return FALSE;
} hRemoteThread = CreateRemoteThread(hProcess, NULL, NULL, (LPTHREAD_START_ROUTINE)fpProc, (LPVOID)((HMODULE)dwExitCode), NULL, NULL);
if (NULL == hRemoteThread)
{
FreeLibrary(hModule);
return FALSE;
} if (WAIT_OBJECT_0 != WaitForSingleObject(hRemoteThread, dwMilliseconds))
{
CloseHandle(hRemoteThread);
FreeLibrary(hModule);
return FALSE;
} if (!GetExitCodeThread(hRemoteThread, &dwExitCode)) // dwExitCode is the return value of Remote FreeLibrary
{
CloseHandle(hRemoteThread);
FreeLibrary(hModule);
return FALSE;
} FreeLibrary(hModule);
CloseHandle(hRemoteThread);
return (BOOL)dwExitCode;
}
EnhanceFunc.cpp
#include <cstdio>
#include <windows.h> #include "EnhanceFunc.h" using namespace std; int main()
{
char cTargetDllPath[MAX_PATH] = "C:\\DLL.dll"; // suppose I have a dll file in this path printf("Enable Debug Privilege %s...\n", EnableDebugPrivileges() ? "Succeed" : "Faild"); system("pause > nul"); STARTUPINFOA si = {};
si.cb = sizeof(si);
PROCESS_INFORMATION pi = {};
CreateProcessA(NULL, "C:\\Windows\\System32\\calc.exe", NULL, NULL, FALSE, NULL, NULL, NULL, &si, &pi); system("pause > nul"); printf("DLL.dll Inject %s...\n", RemoteThreadInjection(pi.hProcess, cTargetDllPath) ? "Succeed" : "Faild"); system("pause > nul"); printf("DLL.dll Freeing %s...\n", RemoteThreadFreeing(pi.hProcess, cTargetDllPath) ? "Succeed" : "Faild"); system("pause > nul"); TerminateProcess(pi.hProcess, NULL); system("pause > nul && exit");
return ;
}
main.cpp
EnhanceFunc__增强函数集的更多相关文章
- C语言通用双向循环链表操作函数集
说明 相比Linux内核链表宿主结构可有多个链表结构的优点,本函数集侧重封装性和易用性,而灵活性和效率有所降低. 可基于该函数集方便地构造栈或队列集. 本函数集暂未考虑并发保护. 一 ...
- Linux字符串函数集
//Linux字符串函数集: 头文件:string.h 函数名: strstr 函数原型:extern char *strstr(char *str1, char *str2); 功能:找出str2字 ...
- 使用Word API打开Word文档 ASP.NET编程中常用到的27个函数集
使用Word API(非Openxml)打开Word文档简单示例(必须安装Word) 首先需要引入参照Microsoft.Office.Interop.Word 代码示例如下: public void ...
- makefile 函数集
1 if 函数 语法 $(if CONDITION,THEN-PART[,ELSE-PART]) 功能 第一个参数"CONDITION",在函数执行时忽略其前导和结尾空字符,如果包 ...
- javascript string 函数集
JavaScript_String对象说明 string中文为"字符串"的意思,String继承自Object对象,此对象提供字符串的查找操作等函数 JavaScript字符串类型 ...
- [转]js中获取时间的函数集
$(function(){ var mydate = new Date(); var t=mydate.toLocaleString(); $("#time").text(t); ...
- PHP 通用检测函数集
// ※CheckMoney($C_Money) 检查数据是否是99999.99格式 // ※CheckEmailAddr($C_mailaddr) 判断是否为有效邮件地址 // ※CheckWebA ...
- php常用函数集
网络请求: /** * 发起HTTPS请求 */ function curl_post($url,$data=null,$header=null,$post=0) { //初始化curl $ch = ...
- JS判断字符串是否为空、过滤空格、查找字符串位置等函数集
这是一个由网上收集的JS代码段,用于判断指定字符串是否为空,过滤字符串中某字符两边的空格.查找指定字符串开始的位置.使用IsFloat函数判断一 个字符串是否由数字(int or long or fl ...
随机推荐
- Boost Download
{ //https://www.boost.org/users/history/version_1_71_0.html }
- SQL SELECT TOP, LIMIT, ROWNUM
SQL SELECT TOP, LIMIT, ROWNUM SQL SELECT TOP 子句 SELECT TOP 子句用于指定要返回的记录数量. SELECT TOP子句在包含数千条记录的大型表上 ...
- Gym 100431E Word Cover 题解:KMP上跑dp
题意: 给你一个串,问你他的每个前缀的最小重复单元,其中单元是可以重叠的,最后按顺序输出即可.比如样例中abaabaa的最小重复单元为abaa,所以相应输出为4. 样例: input : abaaba ...
- tarjan求强连通+缩点——cf1248E
这题好像是DEF里最水的,, /* 建图:如果a认识b,那么从a->b连一条边,将点分成两个集合A,B,没有从A->B的边 求出强连通分量,再造一张新图,新图中任取一个的出度为0的点作为集 ...
- java——String类,时间类,格式化
日期类 格式化
- git stash 保存和恢复进度
1. stash当前修改 git stash会把所有未提交的修改(包括暂存的和非暂存的)都保存起来,用于后续恢复当前工作目录. 比如下面的中间状态,通过git stash命令推送一个新的储藏,当前的工 ...
- [NOIP模拟测试9]题(Problem) 题解 (组合数全家桶+dp)
达哥送分给我我都不要,感觉自己挺牛批. $type=0:$ 跟visit那题类似,枚举横向移动的步数直接推公式: $ans=\sum C_n^i \times C_i^{\frac{i}{2}} \t ...
- STM32嵌入式开发学习笔记(六):串口通信(上)
本文我们将了解STM32与外部设备通过串口通信的方式. 所谓串口通信,其实是一个类似于计算机网络的概念,它有物理层,比如规定用什么线通信,几伏特算高电平,几伏特算低电平.传输层,通信前要发RTS,CT ...
- 力扣算法题—150. Evaluate Reverse Polish Notation
Evaluate the value of an arithmetic expression in Reverse Polish Notation. Valid operators are +, ...
- 【AI图像识别一】人脸识别测试探索
****************************************************************************** 本文主要介绍AI能力平台的人脸识别技术的测 ...