mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
82 lines
2.0 KiB
82 lines
2.0 KiB
#include <windows.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
#define STACKSIZE 32768
|
|
|
|
void DebugPriv(void)
|
|
{
|
|
PTOKEN_PRIVILEGES pp;
|
|
PTOKEN_PRIVILEGES ppNew;
|
|
HANDLE hToken;
|
|
UCHAR ucPriv[sizeof(TOKEN_PRIVILEGES) + sizeof(LUID_AND_ATTRIBUTES)];
|
|
UCHAR ucPrivNew[sizeof(ucPriv)];
|
|
DWORD cb;
|
|
|
|
if (OpenProcessToken(GetCurrentProcess(), MAXIMUM_ALLOWED, &hToken))
|
|
{
|
|
pp = (PTOKEN_PRIVILEGES)ucPriv;
|
|
|
|
pp->PrivilegeCount = 1;
|
|
pp->Privileges[0].Luid.LowPart = 20L;
|
|
pp->Privileges[0].Luid.HighPart = 0;
|
|
pp->Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
|
|
|
ppNew = (PTOKEN_PRIVILEGES)ucPrivNew ;
|
|
|
|
AdjustTokenPrivileges(hToken, FALSE, pp, sizeof(ucPrivNew), ppNew, &cb);
|
|
|
|
CloseHandle(hToken);
|
|
}
|
|
}
|
|
|
|
|
|
int __cdecl main(int argc, char **argv)
|
|
{
|
|
LPTHREAD_START_ROUTINE pfnDBP = NULL;
|
|
HMODULE hmodntdll;
|
|
HANDLE hProcess;
|
|
HANDLE hThread;
|
|
ULONG ProcessId;
|
|
ULONG ThreadId;
|
|
|
|
if (argc < 2 || argc > 3)
|
|
{
|
|
fprintf(stderr, "usage: nukeapp <pid> [-breakin]\n");
|
|
return 1;
|
|
}
|
|
|
|
ProcessId = atoi(argv[1]);
|
|
|
|
if (ProcessId == 0)
|
|
{
|
|
fprintf(stderr, "usage: nukeapp <pid> [-breakin]\n");
|
|
return 1;
|
|
}
|
|
|
|
DebugPriv();
|
|
|
|
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessId);
|
|
if (hProcess != NULL)
|
|
{
|
|
hmodntdll = GetModuleHandle("ntdll.dll");
|
|
if (hmodntdll != NULL)
|
|
{
|
|
if (argc == 3 && _strcmpi(argv[2], "-breakin") == 0)
|
|
pfnDBP = (LPTHREAD_START_ROUTINE)GetProcAddress(hmodntdll, "DbgBreakPoint");
|
|
|
|
hThread = CreateRemoteThread(hProcess, NULL, STACKSIZE, pfnDBP, NULL, 0, &ThreadId);
|
|
if (hThread == NULL)
|
|
fprintf(stderr, "Unable to create remote thread.\n");
|
|
|
|
}
|
|
}
|
|
else
|
|
{
|
|
fprintf(stderr, "Unable to open process.\n");
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|