Leaked source code of windows server 2003
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#define STACKSIZE 32768
typedef BOOL (* LPDEBUG_BREAK_PROCESS_ROUTINE) ( HANDLE Process );
VOIDDebugPriv( VOID ){ HANDLE Token ; UCHAR Buf[ sizeof( TOKEN_PRIVILEGES ) + sizeof( LUID_AND_ATTRIBUTES ) ]; PTOKEN_PRIVILEGES Privs ;
if (OpenProcessToken( GetCurrentProcess(), MAXIMUM_ALLOWED, &Token )) { Privs = (PTOKEN_PRIVILEGES) Buf ;
Privs->PrivilegeCount = 1 ; Privs->Privileges[0].Luid.LowPart = 20L ; Privs->Privileges[0].Luid.HighPart = 0 ; Privs->Privileges[0].Attributes = SE_PRIVILEGE_ENABLED ;
AdjustTokenPrivileges( Token, FALSE, Privs, 0, NULL, NULL );
CloseHandle( Token ); }}
int__cdeclmain( int argc, char **argv ){ LPTHREAD_START_ROUTINE DbgBreakPoint; LPDEBUG_BREAK_PROCESS_ROUTINE DebugBreakProcessRoutine; HANDLE ntdll, kernel32; ULONG ProcessId; ULONG ThreadId; HANDLE Process; HANDLE Thread;
if (argc != 2) { usage: fprintf(stderr, "usage: breakin <pid>\n"); exit(1); }
ProcessId = atoi(argv[1]);
if (ProcessId == 0) { goto usage; }
DebugPriv();
Process = OpenProcess( PROCESS_ALL_ACCESS, FALSE, ProcessId ); if (Process) {
kernel32 = GetModuleHandle("kernel32.dll");
if (kernel32) {
DebugBreakProcessRoutine = (LPDEBUG_BREAK_PROCESS_ROUTINE)GetProcAddress(kernel32, "DebugBreakProcess");
if (DebugBreakProcessRoutine) {
if (!(*DebugBreakProcessRoutine)(Process)) {
printf("DebugBreakProcess failed %d\n", GetLastError()); }
CloseHandle(Process);
return 0; } } ntdll = GetModuleHandle("ntdll.dll");
if (ntdll) {
DbgBreakPoint = (LPTHREAD_START_ROUTINE)GetProcAddress(ntdll, "DbgBreakPoint");
if (DbgBreakPoint) {
Thread = CreateRemoteThread( Process, NULL, STACKSIZE, DbgBreakPoint, NULL, 0, &ThreadId ); if (Thread){ CloseHandle(Thread); } } }
CloseHandle(Process);
} else {
printf("Open process failed %d\n", GetLastError()); }
return 0;}
|
