如何提升SeDebug权限?
答案:3 悬赏:70 手机版
解决时间 2021-01-27 16:30
- 提问者网友:蔚蓝的太阳
- 2021-01-26 19:21
如何将进程提升为Debug权限?
最佳答案
- 五星知识达人网友:夜余生
- 2021-01-26 20:57
1、关于提升权限的方法,在MSDN里面有一个好例子:
#include <windows.h>
#include <stdio.h>
#pragma comment(lib, "cmcfg32.lib")
BOOL SetPrivilege(
HANDLE hToken, // access token handle
LPCTSTR lpszPrivilege, // name of privilege to enable/disable
BOOL bEnablePrivilege // to enable or disable privilege
)
{
TOKEN_PRIVILEGES tp;
LUID luid;
if ( !LookupPrivilegeValue(
NULL, // lookup privilege on local system
lpszPrivilege, // privilege to lookup
&luid ) ) // receives LUID of privilege
{
printf("LookupPrivilegeValue error: %u\n", GetLastError() );
return FALSE;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege)
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
tp.Privileges[0].Attributes = 0;
// Enable the privilege or disable all privileges.
if ( !AdjustTokenPrivileges(
hToken,
FALSE,
&tp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES) NULL,
(PDWORD) NULL) )
{
printf("AdjustTokenPrivileges error: %u\n", GetLastError() );
return FALSE;
}
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
printf("The token does not have the specified privilege. \n");
return FALSE;
}
return TRUE;
}
2、经过分析之后,于是写出开关Debug权限的函数:
BOOL CWarKeyDlg::EnableDebugPrivilege(BOOL bEnableDebugPrivilege)
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
LUID luid;
if(!::OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
{
::MessageBox(this->GetSafeHwnd(), GET_TOKEN_ERROR, MSG_BOX_TITLE, MB_OK);
return FALSE;
}
if(!::LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
{
::MessageBox(this->GetSafeHwnd(), GET_PRIVILEGE_VALUE_ERROR, MSG_BOX_TITLE, MB_OK);
::CloseHandle(hToken);
return FALSE;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if(bEnableDebugPrivilege)
{
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
}
else
{
tp.Privileges[0].Attributes = 0;
}
if(!::AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL))
{
::MessageBox(this->GetSafeHwnd(), ADJUST_PRIVILEGE_ERROR, MSG_BOX_TITLE, MB_OK);
::CloseHandle(hToken);
return FALSE;
}
::CloseHandle(hToken);
if(::GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
::MessageBox(this->GetSafeHwnd(), ENABLE_DEBUG_ERROR, MSG_BOX_TITLE, MB_OK);
return FALSE;
}
return TRUE;
}
利用这个函数给自己的WarKey开启Debug权限,再访问魔兽进程的内存时,就可以读出其中的数据了。
#include <windows.h>
#include <stdio.h>
#pragma comment(lib, "cmcfg32.lib")
BOOL SetPrivilege(
HANDLE hToken, // access token handle
LPCTSTR lpszPrivilege, // name of privilege to enable/disable
BOOL bEnablePrivilege // to enable or disable privilege
)
{
TOKEN_PRIVILEGES tp;
LUID luid;
if ( !LookupPrivilegeValue(
NULL, // lookup privilege on local system
lpszPrivilege, // privilege to lookup
&luid ) ) // receives LUID of privilege
{
printf("LookupPrivilegeValue error: %u\n", GetLastError() );
return FALSE;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege)
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
tp.Privileges[0].Attributes = 0;
// Enable the privilege or disable all privileges.
if ( !AdjustTokenPrivileges(
hToken,
FALSE,
&tp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES) NULL,
(PDWORD) NULL) )
{
printf("AdjustTokenPrivileges error: %u\n", GetLastError() );
return FALSE;
}
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
printf("The token does not have the specified privilege. \n");
return FALSE;
}
return TRUE;
}
2、经过分析之后,于是写出开关Debug权限的函数:
BOOL CWarKeyDlg::EnableDebugPrivilege(BOOL bEnableDebugPrivilege)
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
LUID luid;
if(!::OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
{
::MessageBox(this->GetSafeHwnd(), GET_TOKEN_ERROR, MSG_BOX_TITLE, MB_OK);
return FALSE;
}
if(!::LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
{
::MessageBox(this->GetSafeHwnd(), GET_PRIVILEGE_VALUE_ERROR, MSG_BOX_TITLE, MB_OK);
::CloseHandle(hToken);
return FALSE;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if(bEnableDebugPrivilege)
{
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
}
else
{
tp.Privileges[0].Attributes = 0;
}
if(!::AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL))
{
::MessageBox(this->GetSafeHwnd(), ADJUST_PRIVILEGE_ERROR, MSG_BOX_TITLE, MB_OK);
::CloseHandle(hToken);
return FALSE;
}
::CloseHandle(hToken);
if(::GetLastError() == ERROR_NOT_ALL_ASSIGNED)
{
::MessageBox(this->GetSafeHwnd(), ENABLE_DEBUG_ERROR, MSG_BOX_TITLE, MB_OK);
return FALSE;
}
return TRUE;
}
利用这个函数给自己的WarKey开启Debug权限,再访问魔兽进程的内存时,就可以读出其中的数据了。
全部回答
- 1楼网友:逐風
- 2021-01-26 21:54
void EnableDebugPrivilege()
{
HANDLE hToken;
LUID seDebugNameValue;
TOKEN_PRIVILEGES tkp;
if ( !OpenProcessToken( GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) return;
if ( !LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &seDebugNameValue) )
{ CloseHandle( hToken ); return; }
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = seDebugNameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if ( !AdjustTokenPrivileges( hToken, false, &tkp, sizeof(tkp), NULL, NULL))
{ CloseHandle( hToken ); return; }
}
提升提升···升至SeDebugPrivilege
- 2楼网友:胯下狙击手
- 2021-01-26 21:26
至于用到的api和常量 自己查看vbapi浏览器吧
public sub enabledebugprivilege() '提升进程权限到sedebugprivilege dim hprocess as long, htoken as long, ptokenprivilege as token_privileges hprocess = getcurrentprocess() assert openprocesstoken(hprocess, &h28, htoken) = 1 assert lookupprivilegevalue(0, "sedebugprivilege", varptr(ptokenprivilege) + 4) = 1 with ptokenprivilege .count = 1 .attributes = 2 end with assert adjusttokenprivileges(htoken, 0, ptokenprivilege, 16) = 1 assert closehandle(htoken) = 1 end sub
我要举报
如以上问答信息为低俗、色情、不良、暴力、侵权、涉及违法等信息,可以点下面链接进行举报!
大家都在看
推荐资讯