为什么把MiniLzOpenProcess转换成C++版本不成功呢?
#include <stdio.h>#include <Windows.h>
NTSTATUS GetDebugPrivilege()
{
PVOID RtlAdjustPrivilege=NULL;
DWORD dwRetVal=0;
NTSTATUS ntst=0xC0000022;
RtlAdjustPrivilege=(PVOID)GetProcAddress(GetModuleHandleA("ntdll.dll"),"RtlAdjustPrivilege");
if(RtlAdjustPrivilege==NULL)
return ntst;
//RtlAdjustPrivilege(20,1,0,&dwRetVal);
__asm
{
lea eax,dwRetVal
push eax
push 0
push 1
push 20
call RtlAdjustPrivilege
mov ntst,eax
}
return ntst;
}
/*
Private Function MiniLzOpenProcess(ByVal ProcessID As Long, ByVal DesiredAccess As Long) As Long
Dim ObjectAttributes(5&) As Long, ClientId(1&) As Long, ProcessHandle As Long, PHtemp As Long, HandleTable() As Long, ProcessInfo(5&) As Long
ObjectAttributes(0&) = 24&: ClientId(0&) = ProcessID
If ZwOpenProcess(VarPtr(ProcessHandle), DesiredAccess, VarPtr(ObjectAttributes(0&)), VarPtr(ClientId(0&))) >= 0& Then
PHtemp = ProcessHandle
Else
ReDim HandleTable(&H7FFF&)
Do
ReDim HandleTable(UBound(HandleTable) * 2& + 1&)
ProcessHandle = ZwQuerySystemInformation(16&, VarPtr(HandleTable(0&)), UBound(HandleTable) * 4& + 4&, 0&)
Loop While ProcessHandle = &HC0000004
Do While HandleTable(0&) > 0&
If (HandleTable(HandleTable(0&) * 4& - 2&) And &HFF&) = 5& Then
ClientId(0&) = HandleTable(HandleTable(0&) * 4& - 3&) And &HFFFF&
If ZwOpenProcess(VarPtr(ProcessHandle), 64&, VarPtr(ObjectAttributes(0&)), VarPtr(ClientId(0&))) >= 0& Then
If ZwDuplicateObject(ProcessHandle,
HandleTable(HandleTable(0&) * 4& - 2&) \ &H10000,
-1&,
VarPtr(PHtemp),
DesiredAccess Or &H400&,
0&,
4&) >= 0& Then
If ZwQueryInformationProcess(PHtemp, 0&, VarPtr(ProcessInfo(0&)), 24&, 0&) >= 0& Then
If ProcessInfo(4&) = ProcessID Then
goto proc_end
End If
ZwClose PHtemp
End If
End If
ZwClose ProcessHandle
End If
End If
HandleTable(0&) = HandleTable(0&) - 1&
Loop
PHtemp = 0&
End If
proc_end:
MiniLzOpenProcess = PHtemp
End Function
*/
HANDLE DkOpenProcess(DWORD DesiredAccess, BOOL bInheritHandle, DWORD ProcessID)
{
//typedef function
typedef long (__stdcall *ZWOPENPROCESS)(PHANDLE, ULONG, PLONG, PLONG);
typedef long (__stdcall *ZWQUERYSYSTEMINFORMATION)(LONG, PVOID, ULONG, PULONG);
typedef long (__stdcall* ZWDUPLICATEOBJECT)(HANDLE, ULONG, HANDLE, PHANDLE, ACCESS_MASK, BOOLEAN, ULONG);
typedef long (__stdcall* ZWQUERYINFORMATIONPROCESS)(HANDLE, PVOID, PVOID, ULONG, PULONG );
typedef long (__stdcall *ZWCLOSE)(HANDLE);
ZWOPENPROCESS ZwOpenProcess=(ZWOPENPROCESS)GetProcAddress(GetModuleHandleA("ntdll.dll"),"ZwOpenProcess");
ZWQUERYSYSTEMINFORMATION ZwQuerySystemInformation=(ZWQUERYSYSTEMINFORMATION)GetProcAddress(GetModuleHandleA("ntdll.dll"),"ZwQuerySystemInformation");
ZWDUPLICATEOBJECT ZwDuplicateObject=(ZWDUPLICATEOBJECT)GetProcAddress(GetModuleHandleA("ntdll.dll"),"ZwDuplicateObject");
ZWQUERYINFORMATIONPROCESS ZwQueryInformationProcess=(ZWQUERYINFORMATIONPROCESS)GetProcAddress(GetModuleHandleA("ntdll.dll"),"ZwQueryInformationProcess");
ZWCLOSE ZwClose=(ZWCLOSE)GetProcAddress(GetModuleHandleA("ntdll.dll"),"ZwClose");
//declare var
long ObjectAttributes={0}, ClientId={0}, ProcessInfo={0};
HANDLE ProcessHandle=NULL, PHtemp=NULL;
PDWORD HandleTable=NULL;
DWORD HandleTableCount=0;
NTSTATUS st=0;
//code
ObjectAttributes=24;
ClientId=ProcessID;
if(ZwOpenProcess(&ProcessHandle, DesiredAccess, &ObjectAttributes, &ClientId) >= 0)
{
PHtemp = ProcessHandle;
}
else
{
//Enum Handle Table
HandleTableCount=0x7FFF+1;
HandleTable=(PDWORD)malloc(HandleTableCount);
memset(HandleTable,0,HandleTableCount);
do{
HandleTableCount=(HandleTableCount-1)*2+1;
HandleTable=(PDWORD)malloc(HandleTableCount);
memset(HandleTable,0,HandleTableCount);
st = ZwQuerySystemInformation(16, &HandleTable, (HandleTableCount-1)*4+4, 0);
}while(st==0xC0000004);
//Get Target Handle
while(HandleTable > 0)
{
if((HandleTable*4-2] & 0xFF) == 5)
{
ClientId = HandleTable*4-3] & 0xFFFF;
if(ZwOpenProcess(&ProcessHandle, 64, &ObjectAttributes, &ClientId) >= 0)
{
if(ZwDuplicateObject(ProcessHandle, HandleTable*4-2] / 0x10000, (HANDLE)-1, &PHtemp, DesiredAccess | 0x400, 0, 4) >= 0)
{
if(ZwQueryInformationProcess(PHtemp, 0, &ProcessInfo, 24, 0) >= 0)
{
if(ProcessInfo == ProcessID)
{
goto proc_end;
}
ZwClose(PHtemp);
}
}
ZwClose(ProcessHandle);
}
}
HandleTable = HandleTable - 1;
}
PHtemp=NULL;
}
proc_end:
return PHtemp;
}
int main()
{
GetDebugPrivilege();
DWORD pid;
printf("Input Process id: ");
scanf("%ld", &pid);
printf("Process Handle: %ld", DkOpenProcess(PROCESS_ALL_ACCESS, 0, pid));
getchar();
getchar();
return 0;
}谁能告诉我是什么原因? 我看到了DkOpenProcess,有意思。
问下Dk是不是Donkey的缩写? 这年头不流行到这个了,流行Naylon的FxOpenProcess:http://www.m5home.com/bbs/thread-4806-1-1.html
我以前貌似收藏了个C版本的复制句柄打开进程,你拿去看看吧。。。
页:
[1]