工具函数(代码块的大小,代码块起始地址,提升进程权限)
Posted 朝闻道
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了工具函数(代码块的大小,代码块起始地址,提升进程权限)相关的知识,希望对你有一定的参考价值。
一些在编程中经常要用到的功能编写成函数,方便使用.
- #include <windows.h>
- //系统类型
- typedef enum SystemType
- {
- WINDOWS_2000 = 1, //5.0
- WINDOWS_XP, //5.1
- WINDOWS__SERVER_2003, //5.2
- WINDOWS__SERVER_2003_R2, //5.2
- WINDOWS_VISTA, //6.0
- WINDOWS__SERVER_2008, //6.0
- WINDOWS__SERVER_2008_R2, //6.1
- WINDOWS_7, //6.1
- WINDOWS_SERVER_2012,//6.2
- WINDOWS_8//6.2
- }ST;
- /*******获取系统类型*******/
- ST GetSystemType()
- {
- OSVERSIONINFO osvi;
- ST st;
- ZeroMemory(&osvi, sizeof(OSVERSIONINFO));
- osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
- GetVersionEx(&osvi);
- if (osvi.dwMajorVersion==5)
- {
- if (osvi.dwMinorVersion==0)
- {
- st = WINDOWS_2000; //5.0
- }
- else if (osvi.dwMinorVersion==1)
- {
- st = WINDOWS_XP; //5.1
- }
- else if (osvi.dwMinorVersion==2)
- {
- st = WINDOWS__SERVER_2003; //5.2
- }
- }
- else if(osvi.dwMajorVersion==6)
- {
- if (osvi.dwMinorVersion==0)
- {
- st = WINDOWS_VISTA; //6.0
- }
- else if (osvi.dwMinorVersion==1)
- {
- st = WINDOWS_7; //6.1
- }
- else if (osvi.dwMinorVersion==2)
- {
- st = WINDOWS_8; //6.2
- }
- }
- return st;
- }
- /*找到代码块的大小*/
- DWORD GetCodeSize(HANDLE hModule)
- {
- if (!hModule) return 0;
- unsigned int nSize = 0;
- unsigned int v1;
- DWORD result;
- DWORD p = (DWORD)hModule;
- if ( *(WORD *)p == 0x5A4D && (v1 = p + *(DWORD *)(p + 0x3c), *(WORD *)v1 == 0x4550) )
- result = *(DWORD *)(v1 + 0x1c);
- else
- result = 0;
- return result;
- }
- /*找到代码块起始地址*/
- DWORD GetCodeStart(HANDLE hModule)
- {
- if (!hModule) return 0;
- unsigned int nSize = 0;
- unsigned int v1;
- DWORD result;
- DWORD p = (DWORD)hModule;
- if ( *(WORD *)p == 0x5A4D && (v1 = p + *(DWORD *)(p + 0x3c), *(WORD *)v1 == 0x4550) )
- result = *(DWORD *)(v1 + 0x2c);
- else
- result = 0;
- return (DWORD)hModule + result;
- }
- /*搜索代码特征,找到挂钩地址*/
- BYTE* SearchOpcode(BYTE* pOpcodeBytes, unsigned int nOpcodeLen, const char* pLibName)
- {
- BYTE * pCode = pOpcodeBytes;
- int nCodeLen = nOpcodeLen;
- HANDLE hModule;
- hModule = GetModuleHandleA(pLibName);
- DWORD dwCodeSize = GetCodeSize(hModule);
- DWORD dwCodeStart = GetCodeStart(hModule);
- for (DWORD i = 0; i<dwCodeSize; i++)
- {
- BYTE* p = (BYTE*)dwCodeStart+i;
- int j;
- for (j=0; j<nCodeLen; j++)
- {
- if (*(p+j)==pCode[j])
- continue;
- else
- break;
- }
- if (j==nCodeLen)
- return p;
- else
- continue;
- }
- return NULL;
- }
- BOOL Is64Bit_OS()
- {
- BOOL bRetVal = FALSE;
- IsWow64Process(NULL, &bRetVal);
- return bRetVal;
- }
单字节转多字节:
- BOOL ThreadCheckFileTrust(CHAR* lpfileName)
- {
- if (lpFileName == NULL)
- {
- return TRUE;
- }
- HCATADMIN hCatAdmin = NULL;
- DWORD dwNum = MultiByteToWideChar(CP_ACP,0,lpFileName,-1,NULL,0);
- wchar_t* pcwszFile = new wchar_t[dwNum];
- if (!pcwszFile)
- {
- return FALSE;
- }
- MultiByteToWideChar(CP_ACP,0,lpFileName,-1,pcwszFile,dwNum);
- BOOL bRet = ThreadCheckFileTrustW(pcwszFile);
- delete pcwszFile;
- return bRet;
- }
根据进程名称枚举进程:
- static DWORD GetProcessID(wchar_t *ProcessName) //获得进程PID
- {
- PROCESSENTRY32 pe32;
- pe32.dwSize=sizeof(pe32);
- //获得系统内所有进程快照
- HANDLE hProcessSnap=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
- if(hProcessSnap==INVALID_HANDLE_VALUE)
- {
- OutputDebugStringA("CreateToolhelp32Snapshot error");
- return 0;
- }
- //枚举列表中的第一个进程
- BOOL bProcess=Process32First(hProcessSnap,&pe32);
- while(bProcess)
- {
- //比较找到的进程名和我们要查找的进程名,一样则返回进程id
- if(wcscmp(wcsupr(pe32.szExeFile),wcsupr(ProcessName))==0)
- return pe32.th32ProcessID;
- //继续查找
- bProcess=Process32Next(hProcessSnap,&pe32);
- }
- CloseHandle(hProcessSnap);
- return 0;
- }
提升进程权限:
- static int EnableDebugPriv(const char * name) //提升进程为DEBUG权限--"SeDebugPrivilege"
- {
- HANDLE hToken;
- TOKEN_PRIVILEGES tp;
- LUID luid;
- if(!OpenProcessToken(GetCurrentProcess(),
- TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,
- &hToken) )
- {
- printf("OpenProcessToken error\n");
- return 1;
- }
- if(!LookupPrivilegeValueA(NULL,name,&luid))
- {
- printf("LookupPrivilege error!\n");
- }
- tp.PrivilegeCount = 1;
- tp.Privileges[0].Attributes =SE_PRIVILEGE_ENABLED;
- tp.Privileges[0].Luid = luid;
- if(!AdjustTokenPrivileges(hToken,0,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL) )
- {
- printf("AdjustTokenPrivileges error!\n");
- return 1;
- }
- return 0;
- }
http://blog.csdn.net/chence19871/article/details/37881101
以上是关于工具函数(代码块的大小,代码块起始地址,提升进程权限)的主要内容,如果未能解决你的问题,请参考以下文章