Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- format PE64 GUI 5.0
- entry start
- include 'win64a.inc'
- section '.data' data readable writeable
- struct CLIENT_SHELL
- .ddsocket dd ?
- .ddport dd ?
- .dbsync db ?
- ends
- struct SECURITY_ATTRIBUTES
- nLength dd ?
- lpSecurityDescriptor dq ?
- bInheritHandle dd ?
- ends
- start:
- TOKEN_ADJUST_PRIVILEGES = 20h
- TOKEN_QUERY = 8h
- SE_PRIVILEGE_ENABLED = 2h
- struct LUID
- lowPart dd ?
- HighPart dq ?
- ends
- struct LUID_AND_ATTRIBUTES
- pLuid LUID
- Attributes dd ?
- ends
- struct _TOKEN_PRIVILEGES
- PrivilegeCount dd ?
- Privileges LUID_AND_ATTRIBUTES
- ends
- TTokenHd dd ?
- udtLUID LUID
- tkp _TOKEN_PRIVILEGES
- SE_SHUTDOWN_NAME db 'SeShutdownPrivilege',0
- section '.code' code readable executable
- stdcall GetCurrentProcess
- stdcall OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES+TOKEN_QUERY,TTokenHd
- or rax,rax
- jz loc_exit
- stdcall LookupPrivilegeValueA, NULL, SE_SHUTDOWN_NAME, udtLUID
- or rax,rax
- jz loc_exit
- mov [tkp.PrivilegeCount],1
- mov [tkp.Privileges.Attributes],SE_PRIVILEGE_ENABLED
- mov eax,[udtLUID.lowPart]
- mov [tkp.Privileges.pLuid.lowPart],eax
- mov rax,[udtLUID.HighPart]
- mov [tkp.Privileges.pLuid.HighPart],rax
- stdcall AdjustTokenPrivileges,[TTokenHd],0,tkp,0,0,0
- fastcall Shell,666d
- loc_exit:
- ret
- proc Shell,dwsock:DWORD
- ret
- endp
- section '.idata' import data readable writeable
- library kernel,'KERNEL32.DLL',\
- advapi32,'ADVAPI32.DLL'
- import kernel,\
- GetCurrentProcess,'GetCurrentProcess',\
- GetTickCount,'GetTickCount',\
- ExitProcess,'ExitProcess'
- import advapi32,\
- OpenProcessToken,'OpenProcessToken',\
- LookupPrivilegeValueA,'LookupPrivilegeValueA',\
- AdjustTokenPrivileges,'AdjustTokenPrivileges'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement