void Backup() { HANDLE hSystemToken; //if (GetSystemToken(&hSystemToken)) { if (ImpersonateLoggedOnUser(hSystemToken)) { WINSTATIONUSERTOKEN WinStaUserToken = { 0 }; DWORD ccbInfo = NULL; WinStationQueryInformationW(SERVERNAME_CURRENT, LOGONID_CURRENT, WinStationUserToken, &WinStaUserToken, sizeof(WINSTATIONUSERTOKEN), &ccbInfo); HRESULT hr = GetLastError(); STARTUPINFOW StartupInfo = { 0 }; PROCESS_INFORMATION ProcessInfo = { 0 }; StartupInfo.lpDesktop = L"WinSta0\\Default"; wchar_t szCMDLine[] = L"cmd /c start cmd"; if (CreateProcessAsUserW(WinStaUserToken.UserToken, NULL, szCMDLine, NULL, NULL, FALSE, 0, NULL, NULL, &StartupInfo, &ProcessInfo)) { } RevertToSelf(); ReturnMessage(L"OK"); } CloseHandle(hSystemToken); } }
int _tmain(int argc, _TCHAR* argv[]) { if (!(SetCurrentProcessPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME, true) && SetCurrentProcessPrivilege(SE_INCREASE_QUOTA_NAME, true) && SetCurrentProcessPrivilege(SE_DEBUG_NAME, true))) { ReturnMessage(L"进程调试权限获取失败"); return -1; } PPEB PEB = NtCurrentTeb()->ProcessEnvironmentBlock; return 0; }
int WINAPI wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPTSTR lpCmdLine, int nCmdShow) { SetProcessDPIAware(); if (!SetCurrentProcessPrivilege(SE_DEBUG_NAME, true)) { ReturnMessage(L"进程调试权限获取失败"); return -1; } GetModuleFileNameW(NULL, szAppPath, 260); wcsrchr(szAppPath, L'\\')[0] = NULL; wcscpy_s(szShortCutListPath, 260, szAppPath); wcscat_s(szShortCutListPath, 260, L"\\ShortCutList.ini"); DialogBoxParamW(hInstance, MAKEINTRESOURCEW(IDD_NSudoDlg), NULL, NSudoDlgCallBack, 0L); return 0; }
void MessageRcv::ListenMessage(QTcpSocket *sock, Config *Conf, bool Debug) { static int state; static char chr, lastChr; static int nr; static qint32 nchar; /* counter for msg buffer (esc's removed) */ static char startCharacter=STX; /* ASCII STX characer */ static char endCharacter=ETX; /* ASCII ETX character */ static char escape=ESC; /* our escape character */ static qint32 inchar; /* counter for raw socket buffer (w/esc) */ QByteArray temp; // time_t LastBeat; Maybe in the future emit updatetxtbox(QString("Message Thread Started")); //NOT WORKING!! emit LastServerBeat(sock,Conf,Debug); //Beat our Heart Once state=SEARCHING_FOR_MESSAGE_START; /* we're initializing */ /* Start of New code Section DK 11/20/97 Multi-byte Read Set inchar to be nr-1, so that when inchar is incremented, they will be the same and a new read from socket will take place. Set chr to 0 to indicate a null character, since we haven't read any yet. Set nchar to 0 to begin building a new MsgBuffer (with escapes removed). */ inchar = -1; nr = 0; chr = 0; nchar = 0; /* added 980209:LDD */ /* End of New code Section */ /* Working loop: receive and process messages ********************************************/ /* We are either (0) initializing: searching for message start (1) expecting a message start: error if not (2) assembling a message. The variable "state' determines our mood */ while(1) { /* loop over bytes read from socket */ /* Get next char operation */ if (++inchar == nr) { temp.clear(); while (temp.size()==0){ /* Read from socket operation */ temp = sock->read(INBUFFERSIZE); } nr = temp.size(); inchar=0; /* End of Read from socket operation */ } lastChr=chr; chr=temp[inchar]; /* End of Get next char operation */ /* Initialization */ /******************/ if (state==SEARCHING_FOR_MESSAGE_START) { /* throw all away until we see a naked start character */ /* Do we have a real start character? *************************************/ if ( lastChr!=escape && chr==startCharacter) { state=ASSEMBLING_MESSAGE; /*from now on, assemble message */ continue; } } /* Confirm message start */ /*************************/ if (state==EXPECTING_MESSAGE_START) { /* the next char had better be a start character - naked, that is */ /* Is it a naked start character? *********************************/ if ( chr==startCharacter && lastChr != escape) { /* This is it: message start!! */ nchar=0; /* start with firsts char position */ state=ASSEMBLING_MESSAGE; /* go into assembly mode */ continue; } else{ /* we're eating garbage */ emit updatetxtbox("import_generic: Unexpected character from client. Re-synching"); state=SEARCHING_FOR_MESSAGE_START; /* search for next start sequence */ MsgBuf.clear(); continue; } } /* In the throes of assembling a message */ if (state==ASSEMBLING_MESSAGE) { /* Is this the end? *******************/ if (chr==endCharacter){ /* naked end character: end of the message is at hand */ /* We have a complete message */ /*****************************/ MsgBuf[nchar]=0; /* terminate as a string */ if(MsgBuf.contains(Conf->getSendHSQ().toLocal8Bit())){ /* Server's heartbeat */ if(Debug) { emit updatetxtbox(QString("import_generic: Received heartbeat")); } // LastBeattime = time(0); /* note time of heartbeat */ state=EXPECTING_MESSAGE_START; /* reset for next message */ //THIS IS STILL NOT WORKING emit echo_Heartbeat(sock, Conf, Debug); } else { /* got a non-heartbeat message */ if(Debug) { emit updatetxtbox(QString("import_generic: Received non-heartbeat")); } //LastBeat = time(0); /* note time of heartbeat */ /* This is not a genuine heartbeat, but our major concern is that the * export module on the other end is still alive, and any message that * we receive should indicate life on the other side(in a non occult * kind of way). * */ emit ReturnMessage(MsgBuf.mid(9)); /* process the message via user-routine */ } state=EXPECTING_MESSAGE_START; MsgBuf.clear(); continue; } else { /* process the message byte we just read: we know it's not a naked end character*/ /********************************************************************************/ /* Escape sequence? */ if (chr==escape) { /* process the escape sequence */ /* Read from buffer * *******************/ /* Get next char operation */ if (++inchar == nr) { /* Read from socket operation */ temp.clear(); while (temp.size()==0){ /* Read from socket operation */ temp = sock->read(INBUFFERSIZE); } nr = temp.size(); inchar=0; /* End of Read from socket operation */ } lastChr=chr; chr=temp[inchar]; /* End of Get next char operation */ if( chr != startCharacter && chr != endCharacter && chr != escape) { /* bad news: unknown escape sequence */ emit updatetxtbox(QString("import_generic: Unknown escape sequence in message. Re-synching")); state=SEARCHING_FOR_MESSAGE_START; /* search for next start sequence */ MsgBuf.clear(); continue; } else { /* it's ok: it's a legit escape sequence, and we save the escaped byte */ MsgBuf.append(chr); if(nchar>2100) goto freak; /*save character */ continue; } } /* Naked start character? */ if (chr==startCharacter) { /* bad news: unescaped start character */ emit updatetxtbox(QString("import_generic: Unescaped start character in message. Re-synching")); state=SEARCHING_FOR_MESSAGE_START; /* search for next start sequence */ MsgBuf.clear(); continue; } /* So it's not a naked start, escape, or a naked end: Hey, it's just a normal byte */ MsgBuf.append(chr); if(nchar>2100) goto freak; /*save character */ continue; freak: { /* freakout: message won't fit */ emit updatetxtbox(QString("import_generic: receive buffer overflow")); state=SEARCHING_FOR_MESSAGE_START; /* initialize again */ MsgBuf.clear(); nchar=0; continue; } } /* end of not-an-endCharacter processing */ } /* end of state==ASSEMBLING_MESSAGE processing */ } /* end of loop over characters */ }
INT_PTR CALLBACK NSudoDlgCallBack(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam) { HWND hUserName = GetDlgItem(hDlg, IDC_UserName); HWND hTokenPrivilege = GetDlgItem(hDlg, IDC_TokenPrivilege); HWND hMandatoryLabel = GetDlgItem(hDlg, IDC_MandatoryLabel); HWND hszPath = GetDlgItem(hDlg, IDC_szPath); wchar_t szCMDLine[260], szUser[260], szPrivilege[260], szMandatory[260], szBuffer[260]; switch (message) { case WM_INITDIALOG: // Show NSudo Logo SendMessageW( GetDlgItem(hDlg, IDC_NSudoLogo), STM_SETIMAGE, IMAGE_ICON, LPARAM(LoadImageW(GetModuleHandleW(NULL), MAKEINTRESOURCE(IDI_NSUDO), IMAGE_ICON, 0, 0, LR_COPYFROMRESOURCE))); //Show Warning Icon SendMessageW( GetDlgItem(hDlg, IDC_Icon), STM_SETIMAGE, IMAGE_ICON, LPARAM(LoadIconW(NULL, IDI_WARNING))); SendMessageW(hUserName, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_TI); SendMessageW(hUserName, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_Sys); SendMessageW(hUserName, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_CP); SendMessageW(hUserName, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_CU); SendMessageW(hUserName, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_CPD); SendMessageW(hUserName, CB_SETCURSEL, 4, 0); //设置默认项"TrustedInstaller" SendMessageW(hTokenPrivilege, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_Default); SendMessageW(hTokenPrivilege, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_EnableAll); SendMessageW(hTokenPrivilege, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_DisableAll); SendMessageW(hTokenPrivilege, CB_SETCURSEL, 2, 0); //设置默认项"默认" SendMessageW(hMandatoryLabel, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_Low); SendMessageW(hMandatoryLabel, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_Medium); SendMessageW(hMandatoryLabel, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_High); SendMessageW(hMandatoryLabel, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_System); SendMessageW(hMandatoryLabel, CB_INSERTSTRING, 0, (LPARAM)NSudo_Text_Default); SendMessageW(hMandatoryLabel, CB_SETCURSEL, 0, 0); //设置默认项"默认" { wchar_t szItem[260], szBuffer[32768]; DWORD dwLength = GetPrivateProfileSectionNamesW(szBuffer, 32768, szShortCutListPath); for (DWORD i = 0, j = 0; i < dwLength; i++,j++) { if (szBuffer[i] != NULL) { szItem[j] = szBuffer[i]; } else { szItem[j] = NULL; SendMessageW(hszPath, CB_INSERTSTRING, 0, (LPARAM)szItem); j=-1; } } } return (INT_PTR)TRUE; case WM_COMMAND: switch (LOWORD(wParam)) { case IDC_Run: GetDlgItemTextW(hDlg, IDC_UserName, szUser, sizeof(szUser)); GetDlgItemTextW(hDlg, IDC_TokenPrivilege, szPrivilege, sizeof(szPrivilege)); GetDlgItemTextW(hDlg, IDC_MandatoryLabel, szMandatory, sizeof(szMandatory)); GetDlgItemTextW(hDlg, IDC_szPath, szCMDLine, sizeof(szCMDLine)); NSudo_Run(hDlg,szUser, szPrivilege, szMandatory, szCMDLine); break; case IDC_About: ReturnMessage( L"NSudo 3.1 Debug (Build 950)\n" L"\xA9 2015 NSudo Team. All rights reserved.\n\n" L"捐赠支付宝账号: [email protected]\n\n" L"感谢cjy__05,mhxkx,NotePad,tangmigoId,wondersnefu,xy137425740,月光光的大力支持(按照英文字母或拼音首字母排序)\n\n"); break; case IDC_Browse: wcscpy_s(szBuffer, 260, L""); NSudoBrowseDialog(hDlg, szBuffer); SetDlgItemTextW(hDlg, IDC_szPath, szBuffer); break; } break; case WM_SYSCOMMAND: switch (LOWORD(wParam)) { case SC_CLOSE: PostQuitMessage(0); break; } break; } return 0; }