21,458
社区成员
发帖
与我相关
我的任务
分享
Tokenhookin proc
LOCAL @stToken:TOKEN_PRIVILEGES
invoke GetCurrentProcess
test eax,eax
jz @F
mov hProcess,eax
invoke OpenProcessToken,hProcess,TOKEN_ADJUST_PRIVILEGES or TOKEN_ALL_ACCESS or TOKEN_WRITE or TOKEN_READ,addr hToken
test eax,eax
jz @F
push 1
pop @stToken.PrivilegeCount
push SE_PRIVILEGE_ENABLED
pop @stToken.Privileges.Attributes
invoke LookupPrivilegeValue,0,addr szT_ld,addr @stToken.Privileges.Luid
test eax,eax
jz @F
invoke AdjustTokenPrivileges,hToken,0,addr @stToken,0,0,addr nowTokenlen
test eax,eax
jz @F
invoke LookupPrivilegeValue,0,addr szT_Dg,addr @stToken.Privileges.Luid
test eax,eax
jz @F
invoke AdjustTokenPrivileges,hToken,0,addr @stToken,0,0,addr nowTokenlen
test eax,eax
jz @F
invoke hookin
ret
@@: invoke MessageBox,hWinMain,addr szErrorToken,0,MB_OK
ret
Tokenhookin endp
SE_DEBUG_NAME0 db 'SeDebugPrivilege',0
_EnableDebugPrivilege proc _isEnable
local htoken:HANDLE
local uid:LUID
local tp:TOKEN_PRIVILEGES
local isSuccess
mov isSuccess,FALSE
invoke GetCurrentProcess
lea ebx,htoken
invoke OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES,\
ebx
invoke LookupPrivilegeValue,NULL,addr SE_DEBUG_NAME0,\
addr uid
mov tp.PrivilegeCount,1
push uid.LowPart
pop tp.Privileges[0].Luid.LowPart
push uid.HighPart
pop tp.Privileges[0].Luid.HighPart
.if _isEnable
mov tp.Privileges[0].Attributes,\
SE_PRIVILEGE_ENABLED
.else
mov tp.Privileges[0].Attributes,0
.endif
invoke AdjustTokenPrivileges,htoken,FALSE,addr tp,\
sizeof tp,NULL,NULL
invoke GetLastError
.if eax == ERROR_SUCCESS
mov isSuccess,TRUE
.endif
invoke CloseHandle,htoken
mov eax,isSuccess
ret
_EnableDebugPrivilege endp