部分安全代码

最新推荐文章于 2012-05-12 17:37:59 发布
最新推荐文章于 2012-05-12 17:37:59 发布
阅读量2.1k 收藏
点赞数
分类专栏: VC学习 Windows 系统应用 文章标签: winapi attributes file null struct security
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/yatere/article/details/7212030
版权 
// FPort.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"

BOOL GetProcessModule (DWORD dwPID, DWORD dwModuleID, 
 � � � �LPMODULEENTRY32 lpMe32, DWORD cbMe32) 
{ 
 � �BOOL � � � � �bRet � � � �= FALSE; 
 � �BOOL � � � � �bFound � � �= FALSE; 
 � �HANDLE � � � �hModuleSnap = NULL; 
 � �MODULEENTRY32 me32 � � � �= { 0 }; 

 � �hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID); 
 � �if (hModuleSnap == INVALID_HANDLE_VALUE) 
 � � � �return (FALSE); 

 � �me32.dwSize = sizeof(MODULEENTRY32); 

 � �if (Module32First(hModuleSnap, &me32)) 
 � �{ 
 � � � �do 
 � � � �{ 
 � � � � � �if (me32.th32ModuleID == dwModuleID) 
 � � � � � �{ 
 � � � � � � � �CopyMemory (lpMe32, &me32, cbMe32); 
 � � � � � � � �bFound = TRUE; 
 � � � � � �} 
 � � � �} 
 � � � �while (!bFound && Module32Next(hModuleSnap, &me32)); 
 �
 � � � �bRet = bFound;

 � �} 
 � �else 
 � � � �bRet = FALSE;
 
 � �CloseHandle (hModuleSnap); 
 
 � �return (bRet); 
}

PCHAR ProcessPidToName(HANDLE hProcessSnap, DWORD ProcessId, PCHAR ProcessName)
{ 
 PROCESSENTRY32 processEntry = { 0 };
 processEntry.dwSize = sizeof(PROCESSENTRY32); 

 lstrcpy(ProcessName, "???");
 
 if (!Process32First(hProcessSnap, &processEntry)) 
 { 
 �return ProcessName;
 �}
 
 do 
 { 
 �if (processEntry.th32ProcessID == ProcessId)
 �{ 
 � MODULEENTRY32 me32 � � � = { 0 }; 
 � GetProcessModule(processEntry.th32ProcessID, 
 � � 1, &me32, sizeof(MODULEENTRY32)); 
 � �
 � if (lstrlen(me32.szExePath) != 0)
 � { 
 � �lstrcpy(ProcessName, me32.szExePath);
 � �}
 � else
 � { 
 � �lstrcpy(ProcessName, processEntry.szExeFile);
 � �}
 � return ProcessName;
 � }
 �
 �} while(Process32Next(hProcessSnap, &processEntry));
 
 return ProcessName;
}

HANDLE OpenPhysicalMemory(HANDLE& hSection)
{ 
 � �NTSTATUS � � � � �status;
 � �UNICODE_STRING � �physmemString;
 � �OBJECT_ATTRIBUTES attributes;
 HANDLE � � � � � �hMemory;
 �
 � �RtlInitUnicodeString(&physmemString, L"\\Device\\PhysicalMemory"); 

 � �InitializeObjectAttributes(&attributes, &physmemString,
 �OBJ_CASE_INSENSITIVE, NULL, NULL); 

 � �status = ZwOpenSection(&hSection, SECTION_MAP_READ, &attributes ); 
 � 

 if (!NT_SUCCESS(status)) return NULL;

 � �hMemory = MapViewOfFile(hSection, FILE_MAP_READ,
 �0, 0x30000, 0x1000);
 
 � �if (GetLastError() != 0) return NULL; � � 
 
 � �return hMemory;
}

void AdjustDacl(HANDLE hProcess)
{ 
 SID world = { SID_REVISION,1, SECURITY_WORLD_SID_AUTHORITY, 0 }; 

 LPTSTR ptstrName � = (LPTSTR)&world;
 EXPLICIT_ACCESS ea = { STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, SET_ACCESS, NO_INHERITANCE,
 �{ 0, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_USER, ptstrName } };
 
 ACL * pdacl = 0;
 if (SetEntriesInAcl(1, &ea, 0, &pdacl) != ERROR_SUCCESS)
 { 
 �printf( "SetEntriesInAcl Error:%d", GetLastError());
 �}

 if (SetSecurityInfo(hProcess, SE_KERNEL_OBJECT,
 � DACL_SECURITY_INFORMATION, 0, 0, pdacl, 0) != ERROR_SUCCESS)
 { 
 �printf( "SetSecurityInfo Error:%d", GetLastError());
 �}

 LocalFree(pdacl);
}

HANDLE OpenDeviceTcpUdp(WCHAR * deviceName)
{ 
 � �UNICODE_STRING � �physmemString;
 � �OBJECT_ATTRIBUTES attributes;
 � �IO_STATUS_BLOCK � iosb;
 � �HANDLE � � � � � �hDeviceHandle;
 
 � �RtlInitUnicodeString(&physmemString, deviceName); � �

 � �if (GetLastError() != 0) return NULL;

 � �InitializeObjectAttributes(&attributes, &physmemString,
 �OBJ_CASE_INSENSITIVE, 0, NULL);

 � �NTSTATUS status = ZwOpenFile(&hDeviceHandle, 0x100000, &attributes, &iosb, 3, 0);

 � �if (!NT_SUCCESS(status)) return NULL;

 return hDeviceHandle;
}

PULONG GetHandleList()
{ 
 � �ULONG �cbBuffer = 0x1000; � � � � � � � 
 � �PULONG pBuffer �= new ULONG[cbBuffer]; 
 � �NTSTATUS Status;
 
 � �do
 { 
 � � � �Status = ZwQuerySystemInformation(
 � SystemHandleInformation,
 � pBuffer,
 � cbBuffer * sizeof(ULONG), 
 � NULL
 � );
 �
 � � � �if (Status == STATUS_INFO_LENGTH_MISMATCH)
 � � � �{ 
 � � � � � �delete [] pBuffer;
 � � � � � �pBuffer = new ULONG[cbBuffer *= 2];
 � � � �}
 � � � �else if (!NT_SUCCESS(Status))
 � � � �{ 
 � � � � � �delete [] pBuffer;
 � � � � � �return NULL;
 � � � �}
 �}while (Status == STATUS_INFO_LENGTH_MISMATCH);

 � �return pBuffer;
}

PVOID GetTcpUdpObject(PULONG pBuffer, HANDLE hHandle, DWORD ProcessId)
{ 
 int nCount = *pBuffer;
 � �PSYSTEM_HANDLE_INFORMATION pProcesses = (PSYSTEM_HANDLE_INFORMATION)(pBuffer + 1);
 
 � �for (int i = 0; i < nCount; i++)
 � �{ 
 � � � �if (pProcesses->ProcessId == ProcessId && pProcesses->Handle == (int)hHandle)
 � � � �{ 
 � � � � � return (PVOID)pProcesses;
 � }
 �pProcesses++;
 �}
 return NULL;
}

BOOL GetPTE(PVOID objAddress, HANDLE hMapPhysicalMemory, HANDLE hSection, PTE& pte)
{ 
 DWORD dwPhysMemBuf = (DWORD)hMapPhysicalMemory, dwAddress = (DWORD)objAddress;
 � �LPVOID pNewMapPhy �= NULL;
 DWORD dwNewAddress = *((LPDWORD)(dwPhysMemBuf + (dwAddress >> 0x16) * 4));
 
 if ((dwNewAddress & 0x000000ff) < 0x01)
 { 
 �return FALSE;
 �}
 if ((dwNewAddress & 0x000000ff) < 0x80)
 { 
 �pNewMapPhy = MapViewOfFile(hSection, 4, 0, dwNewAddress & 0xFFFFF000, 0x1000);
 �dwNewAddress = (dwAddress >> 0x0c) & 0x3ff; 
 �dwNewAddress = *((LPDWORD)((DWORD)pNewMapPhy + 4 * dwNewAddress)) & 0xFFFFF000;
 �UnmapViewOfFile(pNewMapPhy);
 �pNewMapPhy = NULL;
 �}
 else
 { 
 �dwNewAddress = (dwNewAddress & 0xFFFFF000) + (dwAddress & 0x003ff000);
 �}

 pNewMapPhy = MapViewOfFile(hSection, FILE_MAP_READ,
 �0, dwNewAddress, 0x1000);

 if (pNewMapPhy == NULL) 
 { 
 �long lError = GetLastError();
 �return FALSE;
 �}
 else
 { 
 �memcpy(&pte, (char *)pNewMapPhy + (dwAddress & 0x00000FFF), sizeof(PTE));
 �}

 UnmapViewOfFile(pNewMapPhy);
 return TRUE;
}

BOOL RaisePrivleges( HANDLE hToken, char *pPriv )
{ 
 TOKEN_PRIVILEGES tkp; 

 tkp.PrivilegeCount � � � � � � �= 1;
 tkp.Privileges[0].Attributes � �= SE_PRIVILEGE_ENABLED;
 tkp.Privileges[0].Luid.HighPart = 0;
 tkp.Privileges[0].Luid.LowPart �= 0;

 if (!LookupPrivilegeValue(NULL, pPriv, &tkp.Privileges[0].Luid))
 { 
 �printf("LookupPrivilegeValue Error:%d\n", GetLastError()); 
 �return FALSE; 
 �}

 int iRet = AdjustTokenPrivileges(hToken, FALSE, &tkp, 0x10, (PTOKEN_PRIVILEGES)NULL, 0);
 if (iRet == NULL)
 { 
 �printf( "AdjustTokenPrivileges Error:%d\n", GetLastError());
 �return TRUE;
 �}
 else 
 { 
 �iRet = GetLastError();

 �switch (iRet)
 �{ 
 �case ERROR_NOT_ALL_ASSIGNED: 
 � { 
 � �printf("AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED\n" );
 � �return FALSE;
 � �}
 �case ERROR_SUCCESS: � � � 
 � { 
 � �return TRUE;
 � �}
 �default: � �
 � { 
 � �printf("AdjustTokenPrivileges Unknow Error:%d\n", iRet);
 � �return FALSE;
 � �}
 � }
 �}
}

int main(int argc, char* argv[])
{ 
 HANDLE hToken;
 HANDLE hTcpHandle;
 HANDLE hUdpHandle;
 HANDLE hSection;

 � �printf("---[ FPort, by Phiger �]---\n");
 � �printf("---[ Date : 2003-12-30 ]---\n\n");
 
 HANDLE hMapPhysicalMemory = OpenPhysicalMemory(hSection);

 HANDLE hCurrentProc = GetCurrentProcess();
 
 if (!OpenProcessToken(hCurrentProc,
 �TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
 �&hToken))
 { 
 �printf( "OpenProcessToken Error:%d\n", GetLastError());
 �}
 else
 { 
 �if (!RaisePrivleges(hToken, (char*)SE_DEBUG_NAME))
 � printf( "SetPrivlegesSE_DEBUG_NAME Error:%d\n", GetLastError());
 �} 
 
 if (hToken) CloseHandle(hToken); 
 
 hTcpHandle = OpenDeviceTcpUdp(L"\\Device\\TCP");
 hUdpHandle = OpenDeviceTcpUdp(L"\\Device\\UDP");

 � �PULONG pBuffer = GetHandleList();

 if (pBuffer == NULL) return 0;

 PSYSTEM_HANDLE_INFORMATION objTcpAddress = NULL;
 PSYSTEM_HANDLE_INFORMATION objUdpAddress = NULL;

 objTcpAddress = (PSYSTEM_HANDLE_INFORMATION)GetTcpUdpObject(pBuffer, hTcpHandle, GetCurrentProcessId());

 PTE pteTCPCur;
 if (!GetPTE(objTcpAddress->Object, hMapPhysicalMemory, hSection, pteTCPCur))
 { 
 �return 0;
 �}

 objUdpAddress = (PSYSTEM_HANDLE_INFORMATION)GetTcpUdpObject(pBuffer, hUdpHandle, GetCurrentProcessId());
 
 PTE pteUDPCur;
 if (!GetPTE(objUdpAddress->Object, hMapPhysicalMemory, hSection, pteUDPCur))
 { 
 �return 0;
 �}

 OVERLAPPED � �Overlap;

 HANDLE hEvent = CreateEvent(0, 1, 0, 0);
 
 Overlap.Internal � � = 0;
 Overlap.InternalHigh = 0;
 Overlap.Offset � � � = 0;
 Overlap.OffsetHigh � = 0;
 Overlap.hEvent � � � = hEvent;

 HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
 if (hProcessSnap == INVALID_HANDLE_VALUE) 
 { 
 �printf("Failed to take process snapshot. Process names will not be shown.\n\n");
 �} 

 int nCount = *pBuffer;
 � �PSYSTEM_HANDLE_INFORMATION pProcesses = (PSYSTEM_HANDLE_INFORMATION)(pBuffer + 1);

 � �for (int i = 0; i < nCount; i++)
 � �{ 
 �if (pProcesses->ObjectTypeNumber == objTcpAddress->ObjectTypeNumber)
 �{ 
 � PTE pte;
 � if (!GetPTE(pProcesses->Object, hMapPhysicalMemory, hSection, pte))
 � { 
 � �pProcesses++;
 � �continue;
 � �}

 � if ((pte.NoCache == 1 || pte.NoCache == 2) &&
 � �(pteTCPCur.WriteTable == pte.WriteTable))
 � { 
 � �HANDLE hProc = NULL, DupHandle=NULL;
 � �int �i = 0, portflag = 0;
 � �u_short openport;
 � �
 � �hProc = OpenProcess(PROCESS_DUP_HANDLE,
 � � 0,
 � � pProcesses->ProcessId);

 � �if (hProc)
 � �{ 
 � � DuplicateHandle(hProc,
 � � �(HANDLE)pProcesses->Handle,
 � � �GetCurrentProcess(),
 � � �&DupHandle,
 � � �0,
 � � �FALSE,
 � � �2);

 � � CloseHandle(hProc);

 � � if (DupHandle)
 � � { 
 � � �TDI_CONNECTION_INFO � �TdiConnInfo={ 0 };
 � � �TDI_CONNECTION_INFORMATION TdiConnInformation = { 0 };
 � � �DWORD dwRetu=0; � �
 � � �
 � � �if (pte.NoCache == 0x02)
 � � �{ 
 � � � TdiConnInformation.RemoteAddressLength = 4; 
 � � � if (DeviceIoControl(
 � � � �DupHandle,
 � � � �0x210012,
 � � � �&TdiConnInformation,
 � � � �sizeof(TdiConnInformation),
 � � � �&TdiConnInfo,
 � � � �sizeof(TdiConnInfo),
 � � � �NULL,
 � � � �&Overlap))
 � � � { �
 � � � �char szProcName[256];
 � � � �openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus);
 � � � �if (openport != 0)
 � � � �{ 
 � � � � printf("TCP �PID = %4d PORT = %6d %s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName));
 � � � � }
 � � � �}
 � � � else
 � � � { 
 � � � �long lError = GetLastError();
 � � � �}
 � � � }
 � � �else if (pte.NoCache == 0x01)
 � � �{ 
 � � � TdiConnInformation.RemoteAddressLength = 3; 
 � � � if (DeviceIoControl(DupHandle, 0x210012,
 � � � �&TdiConnInformation, sizeof(TdiConnInformation),
 � � � �&TdiConnInfo, sizeof(TdiConnInfo),
 � � � �NULL, &Overlap))
 � � � { 
 � � � �char szProcName[256];
 � � � �openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus);
 � � � �if (openport != 0)
 � � � �{ 
 � � � � printf("TCP �PID = %4d PORT = %6d �%s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName));
 � � � � }
 � � � �}
 � � � else
 � � � { 
 � � � �long lError = GetLastError();
 � � � �}
 � � � }
 � � �CloseHandle(DupHandle);
 � � �}
 � � }
 � �}
 � }
 �pProcesses++;
 �}

 nCount = *pBuffer;
 � �pProcesses = (PSYSTEM_HANDLE_INFORMATION)(pBuffer + 1);
 
 � �for (i = 0; i < nCount; i++)
 � �{ 
 �if (pProcesses->ObjectTypeNumber == objUdpAddress->ObjectTypeNumber)
 �{ 
 � PTE pte;
 � if (!GetPTE(pProcesses->Object, hMapPhysicalMemory, hSection, pte))
 � { 
 � �pProcesses++;
 � �continue;
 � �}
 � 
 � if ((pte.NoCache == 1 || pte.NoCache == 2) &&
 � �(pteUDPCur.WriteTable == pte.WriteTable))
 � { 
 � �HANDLE hProc = NULL, DupHandle=NULL;
 � �int �i = 0, portflag = 0;
 � �u_short openport;
 � �
 � �hProc = OpenProcess(PROCESS_DUP_HANDLE,
 � � 0,
 � � pProcesses->ProcessId);
 � �
 � �if (hProc)
 � �{ 
 � � DuplicateHandle(hProc,
 � � �(HANDLE)pProcesses->Handle,
 � � �GetCurrentProcess(),
 � � �&DupHandle,
 � � �0,
 � � �FALSE,
 � � �2);
 � � 
 � � CloseHandle(hProc);
 � � 
 � � if (DupHandle)
 � � { 
 � � �TDI_CONNECTION_INFO � �TdiConnInfo={ 0 };
 � � �TDI_CONNECTION_INFORMATION TdiConnInformation = { 0 };
 � � �DWORD dwRetu=0; � �
 � � �
 � � �if (pte.NoCache == 0x02)
 � � �{ 
 � � � TdiConnInformation.RemoteAddressLength = 4; 
 � � � if (DeviceIoControl(
 � � � �DupHandle,
 � � � �0x210012,
 � � � �&TdiConnInformation,
 � � � �sizeof(TdiConnInformation),
 � � � �&TdiConnInfo,
 � � � �sizeof(TdiConnInfo),
 � � � �NULL,
 � � � �&Overlap))
 � � � { 
 � � � �char szProcName[256]; � � � �
 � � � �openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus);
 � � � �if (openport != 0)
 � � � �{ 
 � � � � printf("UDP �PID = %4d PORT = %6d �%s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName));
 � � � � }
 � � � �}
 � � � else
 � � � { 
 � � � �long lError = GetLastError();
 � � � �}
 � � � }
 � � �else if (pte.NoCache == 0x01)
 � � �{ 
 � � � TdiConnInformation.RemoteAddressLength = 3; 
 � � � if (DeviceIoControl(DupHandle, 0x210012,
 � � � �&TdiConnInformation, sizeof(TdiConnInformation),
 � � � �&TdiConnInfo, sizeof(TdiConnInfo),
 � � � �NULL, &Overlap))
 � � � { 
 � � � �char szProcName[256];
 � � � �openport = ntohs((u_short)TdiConnInfo.ReceivedTsdus);
 � � � �if (openport != 0)
 � � � �{ 
 � � � � printf("UDP �PID = %4d PORT = %6d �%s\n", pProcesses->ProcessId, openport, ProcessPidToName(hProcessSnap, pProcesses->ProcessId, szProcName));
 � � � � }
 � � � �}
 � � � else
 � � � { 
 � � � �long lError = GetLastError();
 � � � �}
 � � � }
 � � �CloseHandle(DupHandle);
 � � �}
 � � }
 � �}
 � }
 �pProcesses++;
 �}

 CloseHandle(hEvent);
 CloseHandle(hProcessSnap);
 
 return 0;
}



// stdafx.h : include file for standard system include files,
// �or project specific include files that are used frequently, but
// � � �are changed infrequently
//

#if !defined(AFX_STDAFX_H__6F819B7D_2C3D_455B_98D9_9241FEB36F13__INCLUDED_)
#define AFX_STDAFX_H__6F819B7D_2C3D_455B_98D9_9241FEB36F13__INCLUDED_

#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000

#define _WIN32_WINNT 0x0500

#pragma comment(lib, "ntdll.lib")

#include <windows.h>
#include <ntsecapi.h>

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <tchar.h>
#include <malloc.h>
#include <Aclapi.h>
#include <Tlhelp32.h>
#include <iprtrmib.h>
#include <Iphlpapi.h>

#pragma warning(disable: 4786)
#pragma warning(disable: 4530)
#include <string>
#include <map>
using namespace std;

#define _CRTDBG_MAP_ALLOC
#include <crtdbg.h>

#define NTAPI __stdcall

typedef LONG NTSTATUS;
typedef LONG KPRIORITY;

#define SECTION_QUERY � � � 0x0001
#define SECTION_MAP_WRITE � 0x0002
#define SECTION_MAP_READ � �0x0004
#define SECTION_MAP_EXECUTE 0x0008
#define SECTION_EXTEND_SIZE 0x0010

#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)

#define STATUS_INFO_LENGTH_MISMATCH � � �((NTSTATUS)0xC0000004L)

#define OBJ_INHERIT � � � � � � 0x00000002L
#define OBJ_PERMANENT � � � � � 0x00000010L
#define OBJ_EXCLUSIVE � � � � � 0x00000020L
#define OBJ_CASE_INSENSITIVE � �0x00000040L
#define OBJ_OPENIF � � � � � � �0x00000080L
#define OBJ_OPENLINK � � � � � �0x00000100L
#define OBJ_KERNEL_HANDLE � � � 0x00000200L
#define OBJ_VALID_ATTRIBUTES � �0x000003F2L

#define SystemHandleInformation 16

#define FILE_DIRECTORY_FILE � � � � � � � � � � 0x00000001
#define FILE_WRITE_THROUGH � � � � � � � � � � �0x00000002
#define FILE_SEQUENTIAL_ONLY � � � � � � � � � �0x00000004
#define FILE_NO_INTERMEDIATE_BUFFERING � � � � �0x00000008
#define FILE_SYNCHRONOUS_IO_ALERT � � � � � � � 0x00000010
#define FILE_SYNCHRONOUS_IO_NONALERT � � � � � �0x00000020
#define FILE_NON_DIRECTORY_FILE � � � � � � � � 0x00000040
#define FILE_CREATE_TREE_CONNECTION � � � � � � 0x00000080
#define FILE_COMPLETE_IF_OPLOCKED � � � � � � � 0x00000100
#define FILE_NO_EA_KNOWLEDGE � � � � � � � � � �0x00000200
#define FILE_OPEN_FOR_RECOVERY � � � � � � � � �0x00000400
#define FILE_RANDOM_ACCESS � � � � � � � � � � �0x00000800
#define FILE_DELETE_ON_CLOSE � � � � � � � � � �0x00001000
#define FILE_OPEN_BY_FILE_ID � � � � � � � � � �0x00002000
#define FILE_OPEN_FOR_BACKUP_INTENT � � � � � � 0x00004000
#define FILE_NO_COMPRESSION � � � � � � � � � � 0x00008000
#define FILE_RESERVE_OPFILTER � � � � � � � � � 0x00100000
#define FILE_OPEN_REPARSE_POINT � � � � � � � � 0x00200000
#define FILE_OPEN_NO_RECALL � � � � � � � � � � 0x00400000
#define FILE_OPEN_FOR_FREE_SPACE_QUERY � � � � �0x00800000
#define FILE_COPY_STRUCTURED_STORAGE � � � � � �0x00000041
#define FILE_STRUCTURED_STORAGE � � � � � � � � 0x00000441
#define FILE_VALID_OPTION_FLAGS � � � � � � � � 0x00ffffff
#define FILE_VALID_PIPE_OPTION_FLAGS � � � � � �0x00000032
#define FILE_VALID_MAILSLOT_OPTION_FLAGS � � � �0x00000032
#define FILE_VALID_SET_FLAGS � � � � � � � � � �0x00000036

#define InitializeObjectAttributes( p, n, a, r, s ) { \
(p)->Length = sizeof( OBJECT_ATTRIBUTES ); � � � � �\
(p)->RootDirectory = r; � � � � � � � � � � � � � � \
(p)->Attributes = a; � � � � � � � � � � � � � � � �\
(p)->ObjectName = n; � � � � � � � � � � � � � � � �\
(p)->SecurityDescriptor = s; � � � � � � � � � � � �\
(p)->SecurityQualityOfService = NULL; � � � � � � � \
}

typedef struct { 
 � ULONG Present;
 � ULONG WriteTable;
 � ULONG User;
 � ULONG WriteThru;
 � ULONG NoCache;
 � ULONG Accessed;
 � ULONG Dirty;
 � ULONG PageSize;
 � ULONG Global;
 � ULONG Available;
 � ULONG Pfn;
} PTE, *PPTE;

typedef struct _IO_STATUS_BLOCK { 
union { 
NTSTATUS Status;
PVOID Pointer;
};

ULONG_PTR Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;

#if defined(_WIN64)
typedef struct _IO_STATUS_BLOCK32 { 
NTSTATUS Status;
ULONG Information;
} IO_STATUS_BLOCK32, *PIO_STATUS_BLOCK32;
#endif

typedef struct _SYSTEM_HANDLE_INFORMATION { //Information Class 16
ULONG ProcessId;
UCHAR ObjectTypeNumber;
UCHAR Flags; � � � � � � � � � � //0x01 =PROTECT_FROM_CLOSE,0x02 =INHERIT
USHORT Handle;
PVOID Object;
ACCESS_MASK GrantedAccess;
}SYSTEM_HANDLE_INFORMATION,*PSYSTEM_HANDLE_INFORMATION;

typedef struct _TDI_CONNECTION_INFO { 
 � ULONG � � � � �State; 
 � ULONG � � � � �Event; 
 � ULONG � � � � �TransmittedTsdus; 
 � ULONG � � � � �ReceivedTsdus; 
 � ULONG � � � � �TransmissionErrors; 
 � ULONG � � � � �ReceiveErrors; 
 � LARGE_INTEGER �Throughput; 
 � LARGE_INTEGER �Delay; 
 � ULONG � � � � �SendBufferSize; 
 � ULONG � � � � �ReceiveBufferSize; 
 � BOOLEAN � � � �Unreliable; 
} TDI_CONNECTION_INFO, *PTDI_CONNECTION_INFO; 

typedef struct _TDI_CONNECTION_INFORMATION { 
 � LONG � UserDataLength; 
 � PVOID �UserData; 
 � LONG � OptionsLength; 
 � PVOID �Options; 
 � LONG � RemoteAddressLength; 
 � PVOID �RemoteAddress; 
} TDI_CONNECTION_INFORMATION, *PTDI_CONNECTION_INFORMATION; 

#define SECTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\
SECTION_MAP_WRITE | � � �\
SECTION_MAP_READ | � � � \
SECTION_MAP_EXECUTE | � �\
SECTION_EXTEND_SIZE)

typedef struct _OBJECT_ATTRIBUTES { 
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor; � � � �// Points to type SECURITY_DESCRIPTOR
PVOID SecurityQualityOfService; �// Points to type SECURITY_QUALITY_OF_SERVICE
} OBJECT_ATTRIBUTES;

typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;

extern "C"
NTSYSAPI
NTSTATUS
NTAPI
ZwOpenSection(
 OUT PHANDLE sectionHandle,
 IN ACCESS_MASK DesiredAccess,
 IN POBJECT_ATTRIBUTES ObjectAttributes
 );

extern "C"
NTSYSAPI
NTSTATUS
NTAPI
ZwOpenFile(
 �OUT PHANDLE FileHandle, 
 �IN ACCESS_MASK DesiredAccess, 
 �IN POBJECT_ATTRIBUTES ObjectAttributes, 
 �OUT PIO_STATUS_BLOCK IoStatusBlock,
 �IN ULONG ShareAccess,
 �IN ULONG OpenOptions
 �);

extern "C"
NTSYSAPI
NTSTATUS
NTAPI
ZwQuerySystemInformation(
IN UINT SystemInformationClass, 
IN OUT PVOID SystemInformation, 
IN ULONG SystemInformationLength, 
OUT PULONG ReturnLength OPTIONAL
);

extern "C"
NTSYSAPI
VOID
NTAPI
RtlInitUnicodeString(
PUNICODE_STRING DestinationString,
PCWSTR SourceString
);

//{ { AFX_INSERT_LOCATION } }
// Microsoft Visual C++ will insert additional declarations immediately before the previous line.

#endif // !defined(AFX_STDAFX_H__6F819B7D_2C3D_455B_98D9_9241FEB36F13__INCLUDED_)



//iphelpasp.h
#ifndef _IPHLPAPI_H
#define _IPHLPAPI_H
#if __GNUC__ >=3
#pragma GCC system_header
#endif

#include <iprtrmib.h>
#include <ipexport.h>
#include <iptypes.h>
#ifdef __cplusplus
extern "C" {
#endif
DWORD WINAPI AddIPAddress(IPAddr,IPMask,DWORD,PULONG,PULONG);
DWORD WINAPI CreateIpForwardEntry(PMIB_IPFORWARDROW);
DWORD WINAPI CreateIpNetEntry(PMIB_IPNETROW);
DWORD WINAPI CreateProxyArpEntry(DWORD,DWORD,DWORD);
DWORD WINAPI DeleteIPAddress(ULONG);
DWORD WINAPI DeleteIpForwardEntry(PMIB_IPFORWARDROW);
DWORD WINAPI DeleteIpNetEntry(PMIB_IPNETROW);
DWORD WINAPI DeleteProxyArpEntry(DWORD,DWORD,DWORD);
DWORD WINAPI EnableRouter(HANDLE*,OVERLAPPED*);
DWORD WINAPI FlushIpNetTable(DWORD);
DWORD WINAPI GetAdapterIndex(LPWSTR,PULONG);
DWORD WINAPI GetAdaptersInfo(PIP_ADAPTER_INFO,PULONG);
DWORD WINAPI GetBestInterface(IPAddr,PDWORD);
DWORD WINAPI GetBestRoute(DWORD,DWORD,PMIB_IPFORWARDROW);
DWORD WINAPI GetFriendlyIfIndex(DWORD);
DWORD WINAPI GetIcmpStatistics(PMIB_ICMP);
DWORD WINAPI GetIfEntry(PMIB_IFROW);
DWORD WINAPI GetIfTable(PMIB_IFTABLE,PULONG,BOOL);
DWORD WINAPI GetInterfaceInfo(PIP_INTERFACE_INFO,PULONG);
DWORD WINAPI GetIpAddrTable(PMIB_IPADDRTABLE,PULONG,BOOL);
DWORD WINAPI GetIpForwardTable(PMIB_IPFORWARDTABLE,PULONG,BOOL);
DWORD WINAPI GetIpNetTable(PMIB_IPNETTABLE,PULONG,BOOL);
DWORD WINAPI GetIpStatistics(PMIB_IPSTATS);
DWORD WINAPI GetNetworkParams(PFIXED_INFO,PULONG);
DWORD WINAPI GetNumberOfInterfaces(PDWORD);
DWORD WINAPI GetPerAdapterInfo(ULONG,PIP_PER_ADAPTER_INFO, PULONG);
BOOL WINAPI GetRTTAndHopCount(IPAddr,PULONG,ULONG,PULONG);
DWORD WINAPI GetTcpStatistics(PMIB_TCPSTATS);
DWORD WINAPI GetTcpTable(PMIB_TCPTABLE,PDWORD,BOOL);
DWORD WINAPI GetUniDirectionalAdapterInfo(PIP_UNIDIRECTIONAL_ADAPTER_ADDRESS,PULONG);
DWORD WINAPI GetUdpStatistics(PMIB_UDPSTATS);
DWORD WINAPI GetUdpTable(PMIB_UDPTABLE,PDWORD,BOOL);
DWORD WINAPI IpReleaseAddress(PIP_ADAPTER_INDEX_MAP);
DWORD WINAPI IpRenewAddress(PIP_ADAPTER_INDEX_MAP);
DWORD WINAPI NotifyAddrChange(PHANDLE,LPOVERLAPPED);
DWORD WINAPI NotifyRouteChange(PHANDLE,LPOVERLAPPED);
DWORD WINAPI SendARP(IPAddr,IPAddr,PULONG,PULONG);
DWORD WINAPI SetIfEntry(PMIB_IFROW);
DWORD WINAPI SetIpForwardEntry(PMIB_IPFORWARDROW);
DWORD WINAPI SetIpNetEntry(PMIB_IPNETROW);
DWORD WINAPI SetIpStatistics(PMIB_IPSTATS);
DWORD WINAPI SetIpTTL(UINT);
DWORD WINAPI SetTcpEntry(PMIB_TCPROW);
DWORD WINAPI UnenableRouter(OVERLAPPED*, LPDWORD);
#ifdef __cplusplus
}
#endif
#endif /* _IPHLPAPI_H */


Yatere
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
信息系统应用安全第5部分代码安全检测10929-2020-3-20.pdf
01-13
信息系统应用安全代码检测标准
2020-信息安全技术 代码安全审计规范.docx
08-29
2020-信息安全技术代码安全审计规范 ...代码安全审计规范是软件开发中的重要组成部分,对于确保软件代码安全性和可靠性具有重要意义。该规范的实施将对软件开发行业产生深远的影响,提高软件代码安全性和可靠性。
Java代码安全审计
最新发布
04-22
### Java代码安全审计 在数字化转型的背景下,软件开发安全成为了企业关注的重点之一。...在未来,随着移动技术的不断进步和应用场景的扩展,Java代码安全审计的重要性将更加凸显,成为软件开发不可或缺的一部分
信息安全竞赛作品后台代码部分.zip
11-09
信息安全竞赛相关程序代码、设计文档、使用说明,供参考 信息安全竞赛相关程序代码、设计文档、使用说明,供参考 信息安全竞赛相关程序代码、设计文档、使用说明,供参考 信息安全竞赛相关程序代码、设计文档、使用...
系统源代码安全审计报告.pdf
03-12
在源代码审计详情中,报告对源代码中的安全缺陷进行了分类和统计,包括安全风险定义、安全缺陷统计、安全缺陷示例等部分。在安全风险定义中,报告对安全缺陷的风险级别进行了划分,并对每个风险级别的威胁进行了描述...
UserClone 自己写的克隆帐户工具 附VC源码
Yatere的天平秤
05-29 2077
<br />功能:<br />     <br />    1.增加用户并添加到Administrators组<br />        Usage: userclone UserName Password   /Add<br />       2.克隆指定帐户<br />        Usage: userclone UserName ClonedUser /Clone<br /><br />开发环境:<br />    WinXP sp3 + VC++6.0<br /><br />PS:  为什么不能
Exploit 编写系列教程 1-10合集
Yatere的天平秤
04-24 2048
<br />下载地址1:http://bbs.pediy.com/showthread.php?p=879337下载地址2: http://u.115.com/file/f428224d99下载地址3:http://www.vdisk.cn/down/index/5217288A2787目录译序………………………………………………………………..2<br />Exploit 编写系列教程第一篇:栈溢出……………………………………..3<br />Exploit 编写系列教程第二篇:跳至ShellCode……
使用API添加用户的小程序 当net user不能使用时
Yatere的天平秤
05-29 1878
<br />#ifndef UNICODE #define UNICODE #endif #include <stdio.h> #include <windows.h> #include <lm.h> #pragma comment(lib,"netapi32") int Usage(wchar_t *); int wmain(int argc, wchar_t *argv[]) { USER_INFO_1 ui; DWORD dwError =
LoadLibrary 和 GetModuleHandle
Yatere的天平秤
01-15 1469
LoadLibrary是加载dll并增加引用计数,需要freelibrary释放。 而GetModuleHandle是返回一个已经映射进调用进程地址空间的模块的句柄,不需要释放
函数调用栈
Yatere的天平秤
01-22 1349
首先引入几个寄存器: EIP,EBP,ESP都是系统的寄存器,里面存的都是些地址。 为什么要说这三个指针,是因为我们系统中栈的实现上离不开他们三个。 我们DC上讲过栈的数据结构,主要有以下特点: 后进先处。(这个强调过多) 其实它还有以下两个作用: 1.栈是用来存储临时变量,函数传递的中间结果。 2.操作系统维护的,对于程序员是透明的。 我们可能只强调了它的后进先出的特点,至于栈实
一个syn c源码
Yatere的天平秤
05-04 1222
#include #include #include #pragma comment(lib,"ws2_32.lib") #define SEQ 0x28376839 int threadnum,maxthread,port; char *DestIP;//目标IP void display(void) // 定义状态提示函数 { static int play=0; //
ANSI字符和UNICODE字符
Yatere的天平秤
01-25 913
在软件开发中,特别是使用C语言的一些有关字符串处理的函数,ANSI和UNICODE是区分是用的,那么ANSI类型的字符和UNICODE类型的字符如何定义,如何使用呢?ANSI和UNICODE又如何转换呢? 一.定义部分: ANSI: char str[1024]; 可用字符串处理函数:strcpy( ), strcat( ), strlen( )等等。UNICODE:wchar_t s
window 匿名管通道编程
Yatere的天平秤
05-12 900
放个代码片段方便我以后做事 SECURITY_ATTRIBUTES sa; HANDLE hRead,hWrite; sa.nLength = sizeof(SECURITY_ATTRIBUTES); sa.lpSecurityDescriptor = NULL; //使用系统默认的安全描述符 sa.bInheritHandle = TRUE; //创建的进程继承句
windows 关机 从起代码
Yatere的天平秤
03-24 842
需要提升权限啊啊啊啊啊啊 #include BOOL MySystemShutdown() { HANDLE hToken; TOKEN_PRIVILEGES tkp; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_Q
根据时间关机
Yatere的天平秤
03-24 781
为了限制我妈使用电脑的程序。 是有早上8点以后以及完善8点之前用电脑,否则一开机就是关机。 #include #include BOOL MySystemShutdown() { HANDLE hToken; TOKEN_PRIVILEGES tkp; if (!OpenProcessToken(GetCurrentProcess(),
vc 部分外挂相关代码,不断增加ing
Yatere的天平秤
01-09 743
转ASM代码 @echo offf @cd /d "%~dp0" cl /c /FAs %1 读取进程数据: HWND g=::FindWindow(NULL,gamename); DWORD a; ::GetWindowThreadProcessId(g,(LPDWORD)&a); HANDLE ph=::OpenProcess(PROCESS_AL
自学数据分析需要的bat
Yatere的天平秤
01-08 722
@echo offf @cd /d "%~dp0" cl /c /FAs %1  为了学习vc编译代码和asm相关使用
activex 部分属性代码定义
Yatere的天平秤
01-28 658
一定记得还要修改总索引DEFINE_GUID(IID_IPropertyFrame, 0xB196B28A,0xBAB4,0x101A,0xB6,0x9C,0x00,0xAA,0x00,0x34,0x1D,0x07); // // Class IDs for property sheet implementations // DEFINE_GUID(CLSID_CFontPropPage,
OWASP代码安全审查指南
5. **技术参考**:这部分深入探讨了特定的技术主题,如HTML5的安全特性,对同源策略的理解,以及审查日志、错误处理、客户端JavaScript等环节的安全考虑,帮助开发者从各个层面增强代码安全性。 6. **应对特定...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值