资源简介
遍历进程干掉互斥体
代码片段和文件信息
// mutexC.cpp : 定义控制台应用程序的入口点。
//
#include “stdafx.h“
#include
#include
#include
#include
#define STATUS_SUCCESS 0x00UL
#define STATUS_INFO_LENGTH_MISMATCH 0xC0000004
#define SystemHandleInformation 16
#define SE_DEBUG_PRIVILEGE 0x14
typedef enum _object_INFORMATION_CLASSEX {
ObjBasicInformation = 0
ObjNameInformation
ObjTypeInformation
} object_INFORMATION_CLASSEX;
typedef enum _PROCESSINFOCLASSEX
{
ProcessHandleInformation=20
}PROCESSINFOCLASSEX;
typedef struct _SYSTEM_HANDLE
{
ULONG ProcessId;
BYTE objectTypeNumber;
BYTE Flags;
USHORT Handle;
PVOID object;
ACCESS_MASK GrantAccess;
}SYSTEM_HANDLE;
typedef struct _SYSTEM_HANDLE_INFORMATION
{
DWORD HandleCount;
SYSTEM_HANDLE Handles[1];
}SYSTEM_HANDLE_INFORMATION;
typedef struct _object_NAME_INFORMATION
{
UNICODE_STRING objectName;
}object_NAME_INFORMATION;
typedef NTSTATUS (WINAPI *ZwQueryInformationProcessProc)(HANDLEPROCESSINFOCLASSEXLPVOIDDWORDPDWORD);
ZwQueryInformationProcessProc ZwQueryInformationProcess;
typedef NTSTATUS (WINAPI *ZwQuerySystemInformationProc)(DWORDPVOIDDWORDDWORD*);
ZwQuerySystemInformationProc ZwQuerySystemInformation;
typedef NTSTATUS (WINAPI *ZwQueryobjectProc)(HANDLEobject_INFORMATION_CLASSEXPVOIDULONGPULONG);
ZwQueryobjectProc ZwQueryobject;
typedef NTSTATUS (WINAPI *RtlAdjustPrivilegeProc)(DWORDBOOLBOOLPDWORD);
RtlAdjustPrivilegeProc RtlAdjustPrivilege;
typedef DWORD (WINAPI *ZwSuspendProcessProc)(HANDLE);
ZwSuspendProcessProc ZwSuspendProcess;
typedef DWORD (WINAPI *ZwResumeProcessProc)(HANDLE);
ZwResumeProcessProc ZwResumeProcess;
BOOL ElevatePrivileges()
{
HANDLE hToken;
TOKEN_PRIVILEGES tkp;
tkp.PrivilegeCount = 1;
if(!OpenProcessToken(GetCurrentProcess()TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY&hToken))
return FALSE;
LookupPrivilegeValue(NULLSE_DEBUG_NAME&tkp.Privileges[0].Luid);
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(!AdjustTokenPrivileges(hTokenFALSE&tkpsizeof(TOKEN_PRIVILEGES)NULLNULL))
{
return FALSE;
}
return TRUE;
}
BOOL GetUnDocumentAPI()
{
ZwSuspendProcess = (ZwSuspendProcessProc)
GetProcAddress(GetModuleHandle(L“ntdll.dll“)“ZwSuspendProcess“);
ZwQuerySystemInformation = (ZwQuerySystemInformationProc)
GetProcAddress(GetModuleHandle(L“ntdll.dll“)“ZwQuerySystemInformation“);
ZwQueryobject = (ZwQueryobjectProc)
GetProcAddress(GetModuleHandle(L“ntdll.dll“)“ZwQueryobject“);
ZwResumeProcess = (ZwResumeProcessProc)
GetProcAddress(GetModuleHandle(L“ntdll.dll“)“ZwResumeProcess“);
ZwQueryInformationProcess = (ZwQueryInformationProcessProc)
GetProcAddress(GetModuleHandle(L“ntdll.dll“)“ZwQueryInformationProcess“);
if((ZwSuspendProcess==NULL)||\
(ZwQuerySystemInformation==NULL)||\
(ZwQueryobject==NULL)||\
(ZwResumeProcess==NULL)||\
(ZwQueryInformationProcess==NULL))
return FALSE;
return TRUE;
}
属性 大小 日期 时间 名称
----------- --------- ---------- ----- ----
文件 6034 2016-07-23 17:18 mutexC.cpp
川公网安备 51152502000135号
评论
共有 条评论