RtlAdjustPrivilege进程提权,权限ID对照表 SeCreateTokenPrivilege 0x2SeAssignPrimaryTokenPrivilege 0x3SeLockMemoryPrivilege 0x4SeIncreaseQuotaPrivilege 0x5SeUnsolicitedInputPrivilege 0x0SeMachineA
二进制字符串转整数 void BinaryStringToInt(LPCTSTR lpszBinary, LONG* a){ for (int i = _tcslen(lpBinary) - 1, BitOffset = 0; i >= 0; i--, BitOffset++) { if (lpBinary[i] == TEXT('1')) { __asm { mov eax, Bi
屏蔽按CapsLock键切换到大写时,编辑框自动弹出的提示 WNDPROC OldProc;LPCTSTR lpStr = TEXT("保持大写锁定打开可能会使您错误输入密码");LRESULT CALLBACK WindowProc( _In_ HWND hwnd, _In_ UINT uMsg, _In_ WPARAM wParam, _In_ LPARAM lParam){ if (uMsg == TTM_ADDTOOL)
x64内联汇编调用API(需intel编译器,vc不支持x64内联汇编) #include "stdafx.h"#include STARTUPINFOW StartInfo = {0};PROCESS_INFORMATION pi = {0};TCHAR szCommandLine[MAX_PATH] = TEXT("C:\\Windows\\NOTEPAD.EXE D:\\parallel_studio_xe_2013_update4_for_windo
小试X64 inline HOOK,hook explorer.exe--->CreateProcessInternalW监视进程创建 原始函数是这样的kernel32!CreateProcessInternalW:00000000`7738e750 4c8bdc mov r11,rsp00000000`7738e753 53 push rbx00000000`7738e754 56 push rsi00000000`7738e7
非常简单的利用CreateProcess注入DLL的方法 TCHAR szDll[] = TEXT("d:\\test.dll");STARTUPINFO si = {0};PROCESS_INFORMATION pi = {0};si.cb = sizeof(si);si.dwFlags = STARTF_USESHOWWINDOW;si.wShowWindow = SW_SHOW;TCHAR szCommandLine[MAX_PATH]
生成随机数 #include #include #include int APIENTRY _tWinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPTSTR lpCmdLine, int nShowCmd){
ring3下利用WMI监视进程创建(vc版) #include "stdafx.h"#define _WIN32_DCOM#include using namespace std;#include #include # pragma comment(lib, "wbemuuid.lib")int main(
Ring3下无驱动移除winlogon.exe进程ctrl+alt+del,win+u,win+l三个系统热键,非屏蔽热键 随手而作,纯粹技术研究,没什么实际意义。打开xuetr,正常情况下.winlogon.exe注册了三个热键。ctrl+alt+del,win+u,win+l三个。这三个键用SetWindowsHookEx()函数,使用键盘钩子也屏蔽不了。我们先把UnregisterSystemH
自定义电源按钮动作. #include "stdafx.h"#include <windows.h>#include <Powrprof.h>#pragma comment(lib, "Powrprof.lib") int APIENTRY _tWinMain(HINSTANCE hInstance, HINSTANCE hPreInstance, LPTSTR lpCmdLine, int nShowCmd){ UINT uiID = 0; GLOBAL_POWER_POLICY
mysql字符串转换 SELECT auth, ip, CONVERT(CAST(address AS BINARY) USING 'gbk') FROM admins WHERE LENGTH(access)>3可以用cast,convert函数让MYSQL直接返回指定的编码字符串.经常忘记,做下笔记.