VB创建SYSTEM用户进程(第二种方法)
2007-09-30 13:31
375 查看
Attribute VB_Name = "modHook"
Private Declare Function NtCreateProcessEx Lib "NTDLL.DLL" (ByRef ProcessHandle As Long, ByVal AccessMask As Long, ByVal ObjectAttributes As Long, ByVal hParentProcess As Long, ByVal InheritHandles As Long, ByVal hSection As Long, ByVal hDebugPort As Long, ByVal hExceptionPort As Long, ByVal reserv As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function GetCurrentProcessId Lib "kernel32" () As Long
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long
Private Const PROCESS_QUERY_INFORMATION As Long = (&H400)
Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
Private Const SYNCHRONIZE As Long = &H100000
Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Private Type OBJECT_ATTRIBUTES
Length As Long
RootDirectory As Long
ObjectName As Long
Attributes As Long
SecurityDescriptor As Long
SecurityQualityOfService As Long
End Type
Public gclsHookInfo As clsHookInfo
Public glngProcess As Long
Public glngSystemHandle As Long
Public Function NtCreateProcessExCallback(ByRef ProcessHandle As Long, ByVal AccessMask As Long, ByVal ObjectAttributes As Long, ByVal hParentProcess As Long, ByVal InheritHandles As Long, ByVal hSection As Long, ByVal hDebugPort As Long, ByVal hExceptionPort As Long, ByVal reserv As Long) As Long
Dim hReturn As Long
'hParentProcess 指定为一个System用户进程的句柄,需要注意的是不要关闭此句柄
gclsHookInfo.HookStatus False
hReturn = NtCreateProcessEx(ProcessHandle, AccessMask, ObjectAttributes, glngSystemHandle, InheritHandles, hSection, hDebugPort, hExceptionPort, reserv)
gclsHookInfo.HookStatus True
NtCreateProcessExCallback = hReturn
End Function
Public Function GetFunAddr(lngFunAddr As Long) As Long
GetFunAddr = lngFunAddr
End Function
Private Declare Function NtCreateProcessEx Lib "NTDLL.DLL" (ByRef ProcessHandle As Long, ByVal AccessMask As Long, ByVal ObjectAttributes As Long, ByVal hParentProcess As Long, ByVal InheritHandles As Long, ByVal hSection As Long, ByVal hDebugPort As Long, ByVal hExceptionPort As Long, ByVal reserv As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function GetCurrentProcessId Lib "kernel32" () As Long
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long
Private Const PROCESS_QUERY_INFORMATION As Long = (&H400)
Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
Private Const SYNCHRONIZE As Long = &H100000
Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Private Type OBJECT_ATTRIBUTES
Length As Long
RootDirectory As Long
ObjectName As Long
Attributes As Long
SecurityDescriptor As Long
SecurityQualityOfService As Long
End Type
Public gclsHookInfo As clsHookInfo
Public glngProcess As Long
Public glngSystemHandle As Long
Public Function NtCreateProcessExCallback(ByRef ProcessHandle As Long, ByVal AccessMask As Long, ByVal ObjectAttributes As Long, ByVal hParentProcess As Long, ByVal InheritHandles As Long, ByVal hSection As Long, ByVal hDebugPort As Long, ByVal hExceptionPort As Long, ByVal reserv As Long) As Long
Dim hReturn As Long
'hParentProcess 指定为一个System用户进程的句柄,需要注意的是不要关闭此句柄
gclsHookInfo.HookStatus False
hReturn = NtCreateProcessEx(ProcessHandle, AccessMask, ObjectAttributes, glngSystemHandle, InheritHandles, hSection, hDebugPort, hExceptionPort, reserv)
gclsHookInfo.HookStatus True
NtCreateProcessExCallback = hReturn
End Function
Public Function GetFunAddr(lngFunAddr As Long) As Long
GetFunAddr = lngFunAddr
End Function
相关文章推荐
- VB创建SYSTEM用户进程(第一种方法)
- VB 创建SYSTEM用户进程
- 在SYSTEM权限下创建用户进程方法
- 在服务中创建用户进程的方法(C#版)
- 在服务中创建用户进程的方法(C#版)
- Python mutilprocess模块之第二种创建进程方法--继承Process类
- 在服务程序中创建用户进程的方法
- 在服务程序中创建用户进程的方法
- 创建SYSTEM用户权限的进程
- system 用户创建的进程创建当前用户(如Administrator)的进程。
- "SYSTEM"用户创建进程
- 通过API HOOK 创建SYSTEM用户进程
- 在服务程序中创建用户进程的方法
- 在服务中创建用户进程的方法(C#版)
- 在服务中创建用户进程的方法(C#版)
- 在服务中创建用户进程的方法(C#版)
- 在服务程序中创建用户进程的方法
- 在服务中创建用户进程的方法(C#版)
- System进程无法创建一个Administrator用户的子进程
- Python使用multiprocessing创建进程的方法