fix: Improve creating registry and injecting shellcode
This commit is contained in:
yuanyuanxiang
@@ -156,59 +156,7 @@ DWORD WaitForMultipleHandlesEx(
|
||||
|
||||
#if _CONSOLE
|
||||
|
||||
//<2F><><EFBFBD><EFBFBD>Ȩ<EFBFBD><C8A8>
|
||||
void DebugPrivilege()
|
||||
{
|
||||
HANDLE hToken = NULL;
|
||||
//<2F><EFBFBD>ǰ<EFBFBD><C7B0><EFBFBD>̵ķ<CCB5><C4B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
int hRet = OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken);
|
||||
|
||||
if (hRet)
|
||||
{
|
||||
TOKEN_PRIVILEGES tp;
|
||||
tp.PrivilegeCount = 1;
|
||||
//ȡ<><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ȩ<EFBFBD><EFBFBD>LUID
|
||||
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
|
||||
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƶ<EFBFBD>Ȩ<EFBFBD><C8A8>
|
||||
AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
|
||||
|
||||
CloseHandle(hToken);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief <20><><EFBFBD>ñ<EFBFBD><C3B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
* @param[in] *sPath ע<><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7>
|
||||
* @param[in] *sNmae ע<><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
* @return <20><><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
* @details Win7 64λ<34><CEBB><EFBFBD><EFBFBD><EFBFBD>ϲ<EFBFBD><CFB2>Խ<EFBFBD><D4BD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD>ڣ<EFBFBD>\n
|
||||
* HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
|
||||
* @note <20>״<EFBFBD><D7B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD>Թ<EFBFBD><D4B9><EFBFBD>ԱȨ<D4B1><C8A8><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD><D0A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>д<EFBFBD>뿪<EFBFBD><EBBFAA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
*/
|
||||
BOOL SetSelfStart(const char* sPath, const char* sNmae)
|
||||
{
|
||||
DebugPrivilege();
|
||||
|
||||
// д<><D0B4><EFBFBD><EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>·<EFBFBD><C2B7>
|
||||
#define REGEDIT_PATH "Software\\Microsoft\\Windows\\CurrentVersion\\Run\\"
|
||||
|
||||
// <20><>ע<EFBFBD><D7A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д<EFBFBD><D0B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
|
||||
HKEY hKey = NULL;
|
||||
LONG lRet = RegOpenKeyExA(HKEY_LOCAL_MACHINE, REGEDIT_PATH, 0, KEY_ALL_ACCESS, &hKey);
|
||||
|
||||
// <20>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7>ɹ<EFBFBD>
|
||||
if (lRet != ERROR_SUCCESS)
|
||||
return FALSE;
|
||||
|
||||
lRet = RegSetValueExA(hKey, sNmae, 0, REG_SZ, (const BYTE*)sPath, strlen(sPath) + 1);
|
||||
|
||||
// <20>ر<EFBFBD>ע<EFBFBD><D7A2><EFBFBD><EFBFBD>
|
||||
RegCloseKey(hKey);
|
||||
|
||||
// <20>ж<EFBFBD><D0B6>Ƿ<EFBFBD><C7B7>ɹ<EFBFBD>
|
||||
return lRet == ERROR_SUCCESS;
|
||||
}
|
||||
#include "auto_start.h"
|
||||
|
||||
// <20><><EFBFBD>ؿ<EFBFBD><D8BF><EFBFBD>̨
|
||||
// <20>ο<EFBFBD><CEBF><EFBFBD>https://blog.csdn.net/lijia11080117/article/details/44916647
|
||||
|
||||
Reference in New Issue
Block a user