Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <Windows.h>
- #include <tlHelp32.h>
- #include <conio.h>
- #include <iostream>
- #include <subauth.h>
- using namespace std;
- ULONG GetDebugPrivileges();
- typedef struct _CLIENT_ID
- {
- PVOID UniqueProcess;
- PVOID UniqueThread;
- } CLIENT_ID, *PCLIENT_ID;
- typedef struct _OBJECT_ATTRIBUTES
- {
- ULONG Length;
- HANDLE RootDirectory;
- PUNICODE_STRING ObjectName;
- ULONG Attributes;
- PVOID SecurityDescriptor;
- PVOID SecurityQualityOfService;
- } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
- #define InitializeObjectAttributes(p, n, a, r, s) \
- { \
- (p)->Length = sizeof(OBJECT_ATTRIBUTES); \
- (p)->RootDirectory = r; \
- (p)->Attributes = a; \
- (p)->ObjectName = n; \
- (p)->SecurityDescriptor = s; \
- (p)->SecurityQualityOfService = NULL; \
- }
- typedef NTSTATUS(NTAPI* NTOPENPROCESS)(PHANDLE ProcessHandle, ACCESS_MASK AccessMask, POBJECT_ATTRIBUTES ObjectAttributes, PCLIENT_ID ClientID);
- int main()
- {
- GetDebugPrivileges();
- CLIENT_ID pCID;
- OBJECT_ATTRIBUTES pATTRIBUTES;
- DWORD pID;
- HANDLE pHANDLE;
- ZeroMemory(&pATTRIBUTES, sizeof(pATTRIBUTES));
- HMODULE ntdll = LoadLibrary(__TEXT("ntdll.dll"));
- DWORD processID=11512; //Dışardan Gelen PID
- pCID.UniqueProcess = (HANDLE)processID;
- pCID.UniqueThread = 0;
- printf("ID:: %d\n", processID);
- InitializeObjectAttributes(&pATTRIBUTES, NULL, 0, NULL, NULL);
- NTOPENPROCESS NtOpenProcess = (NTOPENPROCESS)GetProcAddress(ntdll, "NtOpenProcess");
- NTSTATUS state = NtOpenProcess(&pHANDLE, PROCESS_VM_READ, &pATTRIBUTES, &pCID);
- if (!NT_SUCCESS(state))
- printf("Error:: %d\n", GetLastError());
- else
- printf("HANDLE:: %x\n", pHANDLE);
- printf("\n\n");
- DWORD address = 0x0E7A720;
- int value = 0;
- ReadProcessMemory(pHANDLE, (void*)address, &value, sizeof(value), 0);
- cout << value << "\n";
- //TerminateProcess(pHANDLE, 0);
- FreeLibrary(ntdll);
- _getch();
- return 0;
- }
- ULONG GetDebugPrivileges()
- {
- TOKEN_PRIVILEGES tokenPrvlgs;
- HANDLE hToken = 0;
- if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
- return 0;
- if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tokenPrvlgs.Privileges[0].Luid))
- return 0;
- tokenPrvlgs.PrivilegeCount = 1;
- tokenPrvlgs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
- if (!AdjustTokenPrivileges(hToken, FALSE, &tokenPrvlgs, 0, NULL, NULL))
- {
- return 0;
- }
- CloseHandle(hToken);
- return 1;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement