mhabat
دوشنبه 26 اسفند 1392, 01:47 صبح
سلام.
در کد زیر من پراسس آیدی km plyer رو میدم ولی تایتل رو عوض نمی کنه.
نمیدونم مشکلش کجاست.
کد:
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
DWORD Useless();
int privileges();
static DWORD myFunc(LPCWSTR myparam);
int main() {
DWORD size_myFunc = (PBYTE)Useless - (PBYTE)myFunc;
HANDLE Proc;
Proc = OpenProcess(CREATE_THREAD_ACCESS, FALSE, 8328);
cout<<privileges();
LPVOID MyFuncAddress = VirtualAllocEx(Proc, NULL, size_myFunc, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(Proc, MyFuncAddress, (void*)myFunc,size_myFunc, NULL);
LPVOID DataAddress = VirtualAllocEx(Proc,NULL,sizeof("injected ho ho"),MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(Proc, DataAddress,"injected ho ho",sizeof("injected ho ho"), NULL);
HANDLE thread = CreateRemoteThread(Proc, NULL, 0, (LPTHREAD_START_ROUTINE)MyFuncAddress, DataAddress, 0, NULL);
if (thread!=0){
WaitForSingleObject(thread, INFINITE); //this waits untill thread thread has finished
VirtualFree(MyFuncAddress, 0, MEM_RELEASE); //free myFunc memory
VirtualFree(DataAddress, 0, MEM_RELEASE); //free data memory
CloseHandle(thread);
CloseHandle(Proc); //don't wait for the thread to finish, just close the handle to the process
cout<<"Injection completed!"<<endl;
}else{
cout<<"Error!"<<endl;
}
CloseHandle(Proc);
return 0;
}
static DWORD Useless(){
return 0;
}
static DWORD myFunc(LPCWSTR myparam){
SetWindowText(FindWindow(NULL,TEXT("The KMPlayer")),myparam);
return 0;
}
int privileges(){
HANDLE Token;
TOKEN_PRIVILEGES tp;
if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&Token))
{
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (AdjustTokenPrivileges(Token, 0, &tp, sizeof(tp), NULL, NULL)==0){
return 1; //FAIL
}else{
return 0; //SUCCESS
}
}
return 1;
}
این هم یه نمونه دیگش:
#include "stdafx.h"
#include <windows.h>
#include <iostream>
#include "string.h"
#include <tlhelp32.h>
#include <Shlwapi.h>
#include <tlhelp32.h>
#include <tchar.h>
using namespace std;
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
DWORD Useless();
int privileges();
static DWORD myFunc(LPCWSTR myparam);
int main() {
DWORD size_myFunc = (PBYTE)Useless - (PBYTE)myFunc;
HANDLE Proc;
Proc = OpenProcess(CREATE_THREAD_ACCESS, FALSE, 6264);
cout<<privileges();
string data="SetWindowText(FindWindow(NULL,\"Calculator\"),\"injectedddddd\");";
unsigned long LoadLib = (unsigned long)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
LPVOID MyFuncAddress = VirtualAllocEx(Proc, NULL, sizeof("SetWindowText(FindWindow(NULL,\"Calculator\"),\"injectedddddd\");"), MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(Proc, MyFuncAddress,(LPCVOID) data.c_str(),sizeof("SetWindowText(FindWindow(NULL,\"Calculator\"),\"injectedddddd\");"), NULL);
HANDLE thread = CreateRemoteThread(Proc, NULL, 0,(LPTHREAD_START_ROUTINE) LoadLib, MyFuncAddress, 0, NULL);
if (thread!=0){
WaitForSingleObject(thread, INFINITE); //this waits untill thread thread has finished
VirtualFree(MyFuncAddress, 0, MEM_RELEASE); //free myFunc memory
CloseHandle(thread);
CloseHandle(Proc); //don't wait for the thread to finish, just close the handle to the process
cout<<"Injection completed!"<<endl;
}else{
cout<<"Error!"<<endl;
}
CloseHandle(Proc);
return 0;
}
static DWORD Useless(){
return 0;
}
static DWORD myFunc(LPCWSTR myparam){
SetWindowText(FindWindow(NULL,TEXT("The KMPlayer")),myparam);
return 0;
}
int privileges(){
HANDLE Token;
TOKEN_PRIVILEGES tp;
if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&Token))
{
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (AdjustTokenPrivileges(Token, 0, &tp, sizeof(tp), NULL, NULL)==0){
return 1; //FAIL
}else{
return 0; //SUCCESS
}
}
return 1;
}
در کد زیر من پراسس آیدی km plyer رو میدم ولی تایتل رو عوض نمی کنه.
نمیدونم مشکلش کجاست.
کد:
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
DWORD Useless();
int privileges();
static DWORD myFunc(LPCWSTR myparam);
int main() {
DWORD size_myFunc = (PBYTE)Useless - (PBYTE)myFunc;
HANDLE Proc;
Proc = OpenProcess(CREATE_THREAD_ACCESS, FALSE, 8328);
cout<<privileges();
LPVOID MyFuncAddress = VirtualAllocEx(Proc, NULL, size_myFunc, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(Proc, MyFuncAddress, (void*)myFunc,size_myFunc, NULL);
LPVOID DataAddress = VirtualAllocEx(Proc,NULL,sizeof("injected ho ho"),MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(Proc, DataAddress,"injected ho ho",sizeof("injected ho ho"), NULL);
HANDLE thread = CreateRemoteThread(Proc, NULL, 0, (LPTHREAD_START_ROUTINE)MyFuncAddress, DataAddress, 0, NULL);
if (thread!=0){
WaitForSingleObject(thread, INFINITE); //this waits untill thread thread has finished
VirtualFree(MyFuncAddress, 0, MEM_RELEASE); //free myFunc memory
VirtualFree(DataAddress, 0, MEM_RELEASE); //free data memory
CloseHandle(thread);
CloseHandle(Proc); //don't wait for the thread to finish, just close the handle to the process
cout<<"Injection completed!"<<endl;
}else{
cout<<"Error!"<<endl;
}
CloseHandle(Proc);
return 0;
}
static DWORD Useless(){
return 0;
}
static DWORD myFunc(LPCWSTR myparam){
SetWindowText(FindWindow(NULL,TEXT("The KMPlayer")),myparam);
return 0;
}
int privileges(){
HANDLE Token;
TOKEN_PRIVILEGES tp;
if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&Token))
{
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (AdjustTokenPrivileges(Token, 0, &tp, sizeof(tp), NULL, NULL)==0){
return 1; //FAIL
}else{
return 0; //SUCCESS
}
}
return 1;
}
این هم یه نمونه دیگش:
#include "stdafx.h"
#include <windows.h>
#include <iostream>
#include "string.h"
#include <tlhelp32.h>
#include <Shlwapi.h>
#include <tlhelp32.h>
#include <tchar.h>
using namespace std;
#define CREATE_THREAD_ACCESS (PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ)
DWORD Useless();
int privileges();
static DWORD myFunc(LPCWSTR myparam);
int main() {
DWORD size_myFunc = (PBYTE)Useless - (PBYTE)myFunc;
HANDLE Proc;
Proc = OpenProcess(CREATE_THREAD_ACCESS, FALSE, 6264);
cout<<privileges();
string data="SetWindowText(FindWindow(NULL,\"Calculator\"),\"injectedddddd\");";
unsigned long LoadLib = (unsigned long)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
LPVOID MyFuncAddress = VirtualAllocEx(Proc, NULL, sizeof("SetWindowText(FindWindow(NULL,\"Calculator\"),\"injectedddddd\");"), MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(Proc, MyFuncAddress,(LPCVOID) data.c_str(),sizeof("SetWindowText(FindWindow(NULL,\"Calculator\"),\"injectedddddd\");"), NULL);
HANDLE thread = CreateRemoteThread(Proc, NULL, 0,(LPTHREAD_START_ROUTINE) LoadLib, MyFuncAddress, 0, NULL);
if (thread!=0){
WaitForSingleObject(thread, INFINITE); //this waits untill thread thread has finished
VirtualFree(MyFuncAddress, 0, MEM_RELEASE); //free myFunc memory
CloseHandle(thread);
CloseHandle(Proc); //don't wait for the thread to finish, just close the handle to the process
cout<<"Injection completed!"<<endl;
}else{
cout<<"Error!"<<endl;
}
CloseHandle(Proc);
return 0;
}
static DWORD Useless(){
return 0;
}
static DWORD myFunc(LPCWSTR myparam){
SetWindowText(FindWindow(NULL,TEXT("The KMPlayer")),myparam);
return 0;
}
int privileges(){
HANDLE Token;
TOKEN_PRIVILEGES tp;
if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&Token))
{
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (AdjustTokenPrivileges(Token, 0, &tp, sizeof(tp), NULL, NULL)==0){
return 1; //FAIL
}else{
return 0; //SUCCESS
}
}
return 1;
}