_EnableDebugPriv proc uses ebx
LOCAL @hToken
LOCAL @tkp:TOKEN_PRIVILEGES
szText szPrivilegeName, 'SeDebugPrivilege'
LEA ebx, @hToken
invoke GetCurrentProcess
invoke OpenProcessToken, eax, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, ebx
invoke LookupPrivilegeValue, NULL, addr szPrivilegeName, addr @tkp.Privileges[0].Luid
mov @tkp.PrivilegeCount, 1
mov @tkp.Privileges[0].Attributes, SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges, @hToken, FALSE, addr @tkp, sizeof TOKEN_PRIVILEGES, NULL, NULL
invoke CloseHandle, @hToken
ret
_EnableDebugPriv endp
_UpdateMemory proc
invoke _EnableDebugPriv
invoke FindWindow, offset szTargetClassName, offset szTargetWindowTitle
.if eax == NULL ;没有找到
invoke MessageBox, 0, offset szNotFound, offset szCaption, MB_OK or MB_ICONWARNING
invoke ExitProcess, 0
.endif
mov hWinTarget, eax
invoke GetWindowThreadProcessId, hWinTarget, offset hProcessId
; szText szFormatProcessId, 'the Tartget Process ID is : %d '
; invoke wsprintf, offset cBuf, addr szFormatProcessId, hProcessId
; invoke MessageBox, 0, offset cBuf, offset szCaption, MB_OK or MB_ICONWARNING
invoke OpenProcess, PROCESS_ALL_ACCESS, FALSE, hProcessId
.if !eax
invoke GetLastError
szText szFormatOpenProcess, 'Error of OpenProcess is : %d'
invoke wsprintf, offset cBuf, addr szFormatOpenProcess, eax
invoke MessageBox, 0, offset cBuf, offset szCaption, MB_OK or MB_ICONWARNING
invoke ExitProcess, 0
.endif
mov hTargetProc, eax
invoke WriteProcessMemory, hTargetProc, baseAddr, offset dwTime, sizeof dwTime, offset dwBytes
.if !eax
invoke GetLastError
szText szWriteMemory, 'Error of WriteProcessMemory is %d :'
invoke wsprintf, offset cBuf, addr szWriteMemory, eax
invoke MessageBox, 0, offset cBuf, offset szCaption, MB_OK or MB_ICONWARNING
invoke ExitProcess, 0
.endif
ret
_UpdateMemory endp
( 粤ICP备18085999号-1 | 粤公网安备 44051102000585号)
狗仔卡
发表于 2012-6-15 12:43:43
置顶卡
千斤顶
显身卡
楼主