ÇÁ·Î±×·¡¹Ö

 3204, 18/161 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   h@cking2013
   ºí·ç½ºÅ©¸° ¼Ò½º

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_programming&no=6450 [º¹»ç]


¾È³çÇϼ¼¿ä.
ÀÎÅͳݿ¡¼­ ºí·ç½ºÅ©¸°À» ¶ç¿ì´Â ¼Ò½º¸¦ ¿ì¿¬È÷ ¹ß°ßÇÏ¿´½À´Ï´Ù.

#include <windows.h>

typedef VOID ( _stdcall *RtlSetProcessIsCritical ) (
               IN BOOLEAN        NewValue,
               OUT PBOOLEAN OldValue,
               IN BOOLEAN      IsWinlogon );

BOOL EnablePriv(LPCSTR lpszPriv)
{
    HANDLE hToken;
    LUID luid;
    TOKEN_PRIVILEGES tkprivs;
    ZeroMemory(&tkprivs, sizeof(tkprivs));

    if(!OpenProcessToken(GetCurrentProcess(), (TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY), &hToken))
        return FALSE;

    if(!LookupPrivilegeValue(NULL, lpszPriv, &luid)){
        CloseHandle(hToken); return FALSE;
    }

    tkprivs.PrivilegeCount = 1;
    tkprivs.Privileges[0].Luid = luid;
    tkprivs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

    BOOL bRet = AdjustTokenPrivileges(hToken, FALSE, &tkprivs, sizeof(tkprivs), NULL, NULL);
    CloseHandle(hToken);
    return bRet;
}

BOOL ProtectProcess()
{
   HANDLE hDLL;
   RtlSetProcessIsCritical fSetCritical;

   hDLL = LoadLibraryA("ntdll.dll");
   if ( hDLL != NULL )
   {
         EnablePriv(SE_DEBUG_NAME);
        (fSetCritical) = (RtlSetProcessIsCritical) GetProcAddress( (HINSTANCE)hDLL, "RtlSetProcessIsCritical" );
          if(!fSetCritical) return 0;
          fSetCritical(1,0,0);
    return 1;
   } else
          return 0;
}

int main (void)
{
ProtectProcess();
return 1;
}

¾î¶² ¿ø¸®Àΰ¡¿ä?
  Hit : 6682     Date : 2014/03/23 03:12


    
MainThread hDLLÀ̶ó´Â DLLÆÄÀÏÀ» ÅëÇØ RtlSetProcessIsCriticalÇÔ¼ö¸¦ ¾ò¾î¿À°í ÀÖ½À´Ï´Ù.
- RtlSetProcessIsCritical´Â ÀÓ°èÇÁ·Î¼¼½º¸¦ »ý¼ºÇϱâ À§ÇÑ ÇÔ¼öÀÔ´Ï´Ù.
- ÀÓ°èÇÁ·Î¼¼½º(Critical Process)´Â Á¾·áµÇÁö ¾Ê´Â Áï, ºí·ç½ºÅ©¸°À» À¯¹ß½ÃÅ°´Â ÇÁ·Î¼¼½ºÀÔ´Ï´Ù.

GetProcAddress¿¡ ´ëÇØ ÀÚ¼¼È÷ ¾Ë°í ½ÍÀ¸½Ã´Ù¸é MSDNÀ» Âü°íÇØ º¸¼¼¿ä
From MainThread		 2014/05/24  
h@cking2013 °¨»çÇÕ´Ï´Ù! 2014/07/30  
±èº´±Ç ¿¾³¯¿¡ ¾î¶² ºÐÀÌ ³×ÀÌÆ®¿ÂÀ¸·Î ºí·ç½ºÅ©¸° È­¸é¿¡ ¶ç¿öºÁ¶ó°í ÇÏ´øµ¥...
±â¾ïÀÌ ³ª³×¿ä. ÁÁÀº Á¤º¸ °¨»çÇØ¿ä... ¤»¤»		 2015/02/01  
±èº´±Ç 6³âÀº µÈ °Å¶óµµ ±â¾ïÀÌ ³ª±ä ³³´Ï´Ù ¤»¤»¤»¤» 2015/02/01  
somass °¨»çÇÕ´Ï´Ù 2022/09/16  
2864   ºñÁÖ¾ó 6.0 exeÆÄÀÏ ¾ÆÀÌÄÜ ¾î¶»°Ô ³Ö´Â°Ç°¡¿ä?[2]     shdac
 01/04 3777
2863   ºñÁî³×¸£ ¾ÏÈ£ÄÚµù..Çؼ®Á»..¤Ì¤Ð.¤Ì ºÎŹµå¸³´Ï´Ù..¤Ð.¤Ð ÁøÂ¥ ¸ð¸£°Ù³×¿ä..     shtjdanr
 10/11 7570
2862   ºñÁê¾ó½ºÆ©µð¿À¸¦ »ç¿ëÇÒ¶§ ³ª¿À´Â È®Àå¿¡ ´ëÇؼ­ ±Ã±ÝÇÑ°Ô ÀÖ½À´Ï´Ù..^^[1]     liveai
 10/23 2413
2861   ºñÁê¾óc++¿¡¼­..[2]     ¹é·æÃâÇØ
 03/30 2954
2860   ºñÁê¾óC++ ÇÁ·Î±×·¥ ±âÃÊÀûÀÎ Áú¹®ÀÔ´Ï´Ù![8]     lllxyxylll
 07/14 2396
2859   ºñÁê¾ó ½ºÆ©µð¿À ¸»°í ´Ù¸¥ °Í?[3]     todaywin2
 04/19 4088
2858   ºñÁê¾ó ½ºÆ©µð¿À ÄÄÆÄÀÏ/µð¹ö±ë °ü·Ã ºÎŹµå¸±²²¿ä[2]     salis
 02/20 2982
2857   ºñÁê¾ó ½ºÆ©µð¿À 2008 express editionÀ» ´Ù¿î ¹Þ¾Ò´Âµ¥¿ä[2]     gkswls123
 05/01 4553
2856   ºñÁê¾ó ½ºÆ©µð¿À 2005[5]     tmddyd1095
 03/24 2974
2855   ºñÁê¾ó º£ÀÌÁ÷ Áú¹®ÀÌ¿ä~     SnarlWolf
 04/04 2296
2854   ºñÁê¾ó º£ÀÌÁ÷ 6.0À¸·Î ¼ÒÄÏ ÇÁ·Î±×·¡¹Ö Áú¹®ÀÌ¿ä.[2]     kiskind
 10/01 3033
2853   ºí·Î±× È«º¸ÇÒ¶§¾²´Â ¸ÞŸÅ×±× µµ¿ÍÁÖ¼¼¿ä.[2]     o0ok2o0
 09/26 2579
  ºí·ç½ºÅ©¸° ¼Ò½º[5]     h@cking2013
 03/23 6681
2851   ºÎÆÃÀ» c ¾ð¾î·Î Â¥¿©Áø °ÍÀÔ´Ï´Ù.. Áú¹®¿ä....[3]     superio1999
 04/06 3937
2850   ºÎŹµå¸±°Ô¿ä ¤Ð¤Ð[4]     namja333
 07/31 2442
2849   ºê¶ó¿ìÀú¿¡¼­(ÀÎÅͳÝÀͽºÇ÷η¯) ¼Ò½ºº¸±â°¡¾ÈµÈ´Ù°í°¡Á¤ÇÒ¶§[12]     mudaebbo
 02/10 2965
2848   ¹Ø¿¡ ¾î¶²´ÔÀÌ ÇѰǵ¥,, ºÐ¼®Á»ÇØÁÖ¼¼¿ä[2]     JJang777
 01/06 3659
2847   ¹» °øºÎÇØ¾ß µÉÁö ¸ð¸£°Ù¾î¿ä...¤Ð¤Ì[5]     soul214
 12/28 2633
2846   ¹¹ºÎÅÍ ¹è¿ö¾ß µÉÁö?[1]     momma1004
 08/10 2900
2845   ¹¹°¡ ¿¡·¯ÀΰÇÁö[2]     goeun30
 06/26 3256
[1]..[11][12][13][14][15][16][17] 18 [19][20]..[161]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org