提升进程Debug权限的原因就不说了,常规提升操作的方法是OpenProcessToken、LookupPrivilegevalue、AdjustTokenPrivileges,本文的方法一也不例外,方法二是使用微软未公开的API函数RtlAdjustPrivilege,相对代码要简洁的多。两种方法在Vista和XP下测试通过。
(声明:魏滔序原创,转贴请注明出处。)
方法一:
;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Win32汇编实现提升进程Debug权限( 1 )
; Programmed by 魏滔序
; WebSite: http: // www.chenoe.com
; Blog: http: // blog.csdn.net / Modest
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
. 486 ; create 32 bit code
.model flat, stdcall ; 32 bit memory model
option casemap :none ; case sensitive
include windows.inc
include kernel32.inc
include advapi32.inc
includelib kernel32.lib
includelib advapi32.lib
; Win32汇编实现提升进程Debug权限( 1 )
; Programmed by 魏滔序
; WebSite: http: // www.chenoe.com
; Blog: http: // blog.csdn.net / Modest
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
. 486 ; create 32 bit code
.model flat, stdcall ; 32 bit memory model
option casemap :none ; case sensitive
include windows.inc
include kernel32.inc
include advapi32.inc
includelib kernel32.lib
includelib advapi32.lib