ÇÁ·Î±×·¡¹Ö

 3206, 7/161 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   h@cking2013
   ºí·ç½ºÅ©¸° ¼Ò½º

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_programming&no=6450 [º¹»ç]


¾È³çÇϼ¼¿ä.
ÀÎÅͳݿ¡¼­ ºí·ç½ºÅ©¸°À» ¶ç¿ì´Â ¼Ò½º¸¦ ¿ì¿¬È÷ ¹ß°ßÇÏ¿´½À´Ï´Ù.

#include <windows.h>

typedef VOID ( _stdcall *RtlSetProcessIsCritical ) (
               IN BOOLEAN        NewValue,
               OUT PBOOLEAN OldValue,
               IN BOOLEAN      IsWinlogon );

BOOL EnablePriv(LPCSTR lpszPriv)
{
    HANDLE hToken;
    LUID luid;
    TOKEN_PRIVILEGES tkprivs;
    ZeroMemory(&tkprivs, sizeof(tkprivs));

    if(!OpenProcessToken(GetCurrentProcess(), (TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY), &hToken))
        return FALSE;

    if(!LookupPrivilegeValue(NULL, lpszPriv, &luid)){
        CloseHandle(hToken); return FALSE;
    }

    tkprivs.PrivilegeCount = 1;
    tkprivs.Privileges[0].Luid = luid;
    tkprivs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

    BOOL bRet = AdjustTokenPrivileges(hToken, FALSE, &tkprivs, sizeof(tkprivs), NULL, NULL);
    CloseHandle(hToken);
    return bRet;
}

BOOL ProtectProcess()
{
   HANDLE hDLL;
   RtlSetProcessIsCritical fSetCritical;

   hDLL = LoadLibraryA("ntdll.dll");
   if ( hDLL != NULL )
   {
         EnablePriv(SE_DEBUG_NAME);
        (fSetCritical) = (RtlSetProcessIsCritical) GetProcAddress( (HINSTANCE)hDLL, "RtlSetProcessIsCritical" );
          if(!fSetCritical) return 0;
          fSetCritical(1,0,0);
    return 1;
   } else
          return 0;
}

int main (void)
{
ProtectProcess();
return 1;
}

¾î¶² ¿ø¸®Àΰ¡¿ä?

  Hit : 6577     Date : 2014/03/23 03:12



    
MainThread hDLLÀ̶ó´Â DLLÆÄÀÏÀ» ÅëÇØ RtlSetProcessIsCriticalÇÔ¼ö¸¦ ¾ò¾î¿À°í ÀÖ½À´Ï´Ù.
- RtlSetProcessIsCritical´Â ÀÓ°èÇÁ·Î¼¼½º¸¦ »ý¼ºÇϱâ À§ÇÑ ÇÔ¼öÀÔ´Ï´Ù.
- ÀÓ°èÇÁ·Î¼¼½º(Critical Process)´Â Á¾·áµÇÁö ¾Ê´Â Áï, ºí·ç½ºÅ©¸°À» À¯¹ß½ÃÅ°´Â ÇÁ·Î¼¼½ºÀÔ´Ï´Ù.

GetProcAddress¿¡ ´ëÇØ ÀÚ¼¼È÷ ¾Ë°í ½ÍÀ¸½Ã´Ù¸é MSDNÀ» Âü°íÇØ º¸¼¼¿ä
From MainThread
2014/05/24  
h@cking2013 °¨»çÇÕ´Ï´Ù! 2014/07/30  
±èº´±Ç ¿¾³¯¿¡ ¾î¶² ºÐÀÌ ³×ÀÌÆ®¿ÂÀ¸·Î ºí·ç½ºÅ©¸° È­¸é¿¡ ¶ç¿öºÁ¶ó°í ÇÏ´øµ¥...
±â¾ïÀÌ ³ª³×¿ä. ÁÁÀº Á¤º¸ °¨»çÇØ¿ä... ¤»¤»
2015/02/01  
±èº´±Ç 6³âÀº µÈ °Å¶óµµ ±â¾ïÀÌ ³ª±ä ³³´Ï´Ù ¤»¤»¤»¤» 2015/02/01  
somass °¨»çÇÕ´Ï´Ù 2022/09/16  
3086   ¾î¼Àºí¸®¾î Áú¹®Á» µå¸±²¾¿ä[6]     woonkeekim
06/29 3500
3085   c¾ð¾î µ¥ÀÌÅÍÇü Áú¹®[4]     wjsgywns10
06/19 3396
3084   À¥¼­¹ö ·Î±× User Agent[1]     meis1541
06/16 3383
3083   C++ Áú¹®µå¸³´Ï´Ù![1]     È£¹Ú
06/16 3112
3082   ÆÄÀ̽ã Áú¹®ÀÌ¿ä!     jang0263
06/15 3964
3081   ½ÎÀÌŬ·´¿¡¼­ ³×À̹öÄ«Æä·Î ¿È°Ü¾ßÇϴµ¥ ±ÛÀ» ¿È°Ü¾ßÇÕ´Ï´Ù     jj4st13
06/14 3431
3080   ÄÚµåºí·° Çѱ۱úÁü Çö»ó µµ¿ÍÁÖ¼¼¿ä[1]     ifocean
06/12 7611
3079   C++ ÇÁ·Î±×·¡¹Ö Áú¹®µå¸³´Ï´Ù!![3]     È£¹Ú
06/12 3087
3078   2¹ø¤Š ÇÁ·Î±×·¡¹Ö Àε¥¿ä ¤Ð¤Ð[1]     ¸¸µçÀÌ
06/09 6737
3077   ÀÚ¹Ù Áú¹®ÀÔ´Ï´Ù.¤Ì¤Ì     cherish_247
06/04 3339
3076   (¹Ýº¹¹®)c¾ð¾î ¹®ÀÚÀÎÁö ¼ýÀÚÀÎÁö È®ÀÎ ÇÏ´Â °Å ¾î¶»°Ô ¸¸µå³ª¿ä ?[17]     stingygirl
06/02 23741
3075   win 32 api ·Î ¹ÂÁ÷Ç÷¹ÀÌ¾î ¸¸µé±â     khfs200
05/25 6012
3074   c# ¹è¿­¼±¾ð ÀÌ·¸°Ô ÇÏ´Â °Å ¸Â³ª¿ä??     gksmf9315
05/20 3886
3073   µð¹ö±ë ÀßÇϽô ºÐµé ºÎŹµå¸³´Ï´Ù.     MainThread
05/19 3117
3072   C¾ð¾î ÇÁ·Î±×·¡¹Ö µµ¿ÍÁÖ¼¼¿ä ¤Ð¤Ð¤Ð[2]     gxcolin
05/17 7335
3071   c++ ¿¡·¯[1]     zx4564
05/06 3755
3070   ÆÄÀ̽ã urllib¸ðµâ Áú¹®Àִµ¥¿ä      yuhioh8
04/21 3738
3069   getchÇÔ¼ö Áú¹®ÀÔ´Ï´Ù.[4]     mystell
04/11 4767
3068   c¾ð¾î óÀ½À¸·Î Çغ¸´Âµ¥.. ¿À·ù°¡ 1°³ ¶ß³×¿ä.. ¹¹°¡ Ʋ¸°°ÅÁÒ?!?? ¤Ð[2]     dpyeong
04/05 6252
3067   C¾ð¾î¸¦ ¹è¿öº¸·Á Çϴµ¥ visual studio ±î´Â°Ô Àß ¾ÈµÇ³×¿ä[4]     ¿ìµ¿
03/31 3719
[1][2][3][4][5][6] 7 [8][9][10]..[161]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org