[讨论]regsavekey为啥我提权了还是不好用?
[讨论]regsavekey为啥我提权了还是不好用?信息来源:邪恶八进制信息安全团队([url=http://www.eviloctal.com/]www.eviloctal.com[/url])
议题作者:qxc0574
源代码如下,我使用asm写的,调用regsavekey不返回ERROR_SUCCESS..
哪位大侠帮帮我,我是照着邪八vc源码改写的(我的系统是xp sp2,未装杀毒软件,工具是masmplus):
复制内容到剪贴板
代码:
.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
include advapi32.inc
includelib user32.lib
includelib kernel32.lib
includelib advapi32.lib
.data?
szResult dd ?
.const
hBackUp db 'SeBackupPrivilege',0
szRegFile db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
szBackFile db 'D:\\1.hive',0
.code
_ProcPrivilege Proc
local hToken
local hTokenLiu:TOKEN_PRIVILEGES
invoke GetCurrentThread
invoke OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY or TOKEN_READ,hToken
invoke LookupPrivilegeValue,NULL,addr hBackUp,addr hTokenLiu.Privileges.Luid
mov hTokenLiu.PrivilegeCount,1
mov hTokenLiu.Privileges.Attributes,SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges,hToken,FALSE,addr hTokenLiu,NULL,NULL,NULL
invoke CloseHandle,hToken
ret
_ProcPrivilege endp
start:call _ProcPrivilege
invoke RegOpenKeyEx,HKEY_LOCAL_MACHINE,addr szRegFile,0,KEY_WRITE,addr szResult
invoke RegSaveKey,szResult,addr szBackFile,NULL
invoke RegCloseKey,szResult
invoke ExitProcess,NULL
end start
下面是vc的:
复制内容到剪贴板
代码:
#include <windows.h>
#include <stdio.h>
int EnablePrivilege(LPCTSTR lpszPrivilege,BOOL bEnable)
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
LUID luid;
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES |
TOKEN_QUERY | TOKEN_READ,&hToken))
return 1;
//if(!LookupPrivilegeValue(NULL, lpszPrivilege, &luid)) RegSaveKey跟进程权限有关系吗? [img]http://forum.eviloctal.com/images/smilies/yangcong/08.gif[/img]阿尔卑斯与八宝糖还有冷苹果
帖子67 精华[url=http://forum.eviloctal.com/digest.php?authorid=149442]0[/url] 积分293 阅读权限100 性别男 在线时间147 小时 注册时间2007-11-21 最后登录2008-7-23 [url=http://forum.eviloctal.com/space.php?action=viewpro&uid=149442]查看详细资料[/url]TOP [url=http://www.google.cn/search?q=软件外包&client=pub-0204114945524753&forid=1&prog=aff&ie=UTF-8&oe=UTF-8&cof=GALT%3A#008000;GL%3A1;DIV%3A336699;VLC%3A663399;AH%3Acenter;BGC%3AFFFFFF;LBGC%3A336699;ALC%3A0000FF;LC%3A0000FF;T%3A000000;GFNT%3A0000FF;GIMP%3A0000FF;FORID%3A1&hl=zh-CN]软件项目外包[/url]
[url=http://forum.eviloctal.com/space-uid-64507.html]asm[/url] [img]http://forum.eviloctal.com/customavatars/64507.jpg[/img]
运维管理组
[img]http://forum.eviloctal.com/images/default/star_level2.gif[/img][img]http://forum.eviloctal.com/images/default/star_level1.gif[/img][img]http://forum.eviloctal.com/images/default/star_level1.gif[/img][img]http://forum.eviloctal.com/images/default/star_level1.gif[/img] _EnablePrivilege proc szPriv:DWORD, bFlags:DWORD
LOCAL hToken
LOCAL tkp : TOKEN_PRIVILEGES
invoke GetCurrentProcess ;GetCurrentProcess获得当前进程的HANDLE
mov edx, eax
invoke OpenProcessToken, edx, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, addr hToken ;获取进程访问令牌
页:
[1]