69,371
社区成员
发帖
与我相关
我的任务
分享
bool AdjustPrivileges() {
HANDLE hToken;
TOKEN_PRIVILEGES tp;
TOKEN_PRIVILEGES oldtp;
DWORD dwSize=sizeof(TOKEN_PRIVILEGES);
LUID luid;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
if (GetLastError()==ERROR_CALL_NOT_IMPLEMENTED) return true;
else return false;
}
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) {
CloseHandle(hToken);
return false;
}
ZeroMemory(&tp, sizeof(tp));
tp.PrivilegeCount=1;
tp.Privileges[0].Luid=luid;
tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
/* Adjust Token Privileges */
if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), &oldtp, &dwSize)) {
CloseHandle(hToken);
return false;
}
// close handles
CloseHandle(hToken);
return true;
}
BOOL HackWriteProcessMemory(HANDLE hProc, void * pDest, void * pSource, DWORD nSize, DWORD * pWritten) {
MEMORY_BASIC_INFORMATION mbi;
if (!WriteProcessMemory(hProc,pDest,pSource,nSize,pWritten)) {
VirtualQueryEx(hProc,pDest, & mbi, sizeof(mbi));
#ifdef _DEBUG
printf("Info:addr=%08x,size=%08x,allocprot=%08x,currprot=%08x\n",mbi.BaseAddress,mbi.RegionSize,mbi.AllocationProtect,mbi.Protect);
#endif
if (VirtualProtectEx(hProc,mbi.BaseAddress, mbi.RegionSize, PAGE_READWRITE, & mbi.Protect)) {
if (!WriteProcessMemory(hProc,pDest,pSource,nSize,pWritten)) {
#ifdef _DEBUG
printf("Error:VirtualProtectEx succ,but WriteProcessMemory GetLastError=%d\n",GetLastError());
#endif
return FALSE;
} else {
return TRUE;
}
} else {
#ifdef _DEBUG
printf("Error:VirtualProtectEx GetLastError=%d\n",GetLastError());
#endif
return FALSE;
}
}
return TRUE;
}
char *str="0022114E";
int addr;
sscanf(str,"%x",&addr);
printf("%02x",((unsigned char *)addr)[0]);
推荐使用WinHex软件查看硬盘或文件或内存中的原始字节内容。