[NT API] Open Any Registry Key for Full Access
2015-08-09 13:52
405 查看
#define WIN32_NO_STATUS
#include <Windows.h>
#include <..\ndk\ntndk.h>
#include "global.h"
NTSTATUS openKeyAllAccess(PHANDLE pKeyHandle, PUNICODE_STRING pFullKeyPath) {
OBJECT_ATTRIBUTES keyAttr;
ULONG privsToEnable[] = { SE_BACKUP_PRIVILEGE, SE_RESTORE_PRIVILEGE };
BOOLEAN oldPrivState[sizeof(privsToEnable) / sizeof(ULONG)] = { 0 };
NTSTATUS status = STATUS_NOT_ALLOWED_ON_SYSTEM_FILE;
if (!pKeyHandle || !pFullKeyPath)
return STATUS_INVALID_PARAMETER;
for (ULONG i = 0; i < sizeof(privsToEnable) / sizeof(ULONG); i++) {
status = RtlAdjustPrivilege(privsToEnable[i], TRUE, FALSE, &oldPrivState[i]);
if (status) {
for (i = 0; i < sizeof(privsToEnable) / sizeof(ULONG); i++)
RtlAdjustPrivilege(privsToEnable[i], oldPrivState[i], FALSE, &oldPrivState[i]);
*pKeyHandle = NULL;
return status;
}
}
InitializeObjectAttributes(&keyAttr, pFullKeyPath, OBJ_CASE_INSENSITIVE, NULL, NULL);
status = NtOpenKeyEx(pKeyHandle, KEY_ALL_ACCESS, &keyAttr, REG_OPTION_BACKUP_RESTORE);
if (status)
*pKeyHandle = NULL;
for (ULONG i = 0; i < sizeof(privsToEnable) / sizeof(ULONG); i++)
RtlAdjustPrivilege(privsToEnable[i], oldPrivState[i], FALSE, &oldPrivState[i]);
return status;
}
void mymain(void){
UNICODE_STRING uKeyFullName;
NTSTATUS status = STATUS_NOT_ALLOWED_ON_SYSTEM_FILE;
HANDLE hTestKey = INVALID_HANDLE_VALUE;
RtlInitUnicodeString(&uKeyFullName, L"\\Registry\\Machine\\SECURITY\\Policy");
status = openKeyAllAccess(&hTestKey, &uKeyFullName);
NtRaiseHardError(status, 0, 0, NULL, 0, (PULONG)&status);
}
#include <Windows.h>
#include <..\ndk\ntndk.h>
#include "global.h"
NTSTATUS openKeyAllAccess(PHANDLE pKeyHandle, PUNICODE_STRING pFullKeyPath) {
OBJECT_ATTRIBUTES keyAttr;
ULONG privsToEnable[] = { SE_BACKUP_PRIVILEGE, SE_RESTORE_PRIVILEGE };
BOOLEAN oldPrivState[sizeof(privsToEnable) / sizeof(ULONG)] = { 0 };
NTSTATUS status = STATUS_NOT_ALLOWED_ON_SYSTEM_FILE;
if (!pKeyHandle || !pFullKeyPath)
return STATUS_INVALID_PARAMETER;
for (ULONG i = 0; i < sizeof(privsToEnable) / sizeof(ULONG); i++) {
status = RtlAdjustPrivilege(privsToEnable[i], TRUE, FALSE, &oldPrivState[i]);
if (status) {
for (i = 0; i < sizeof(privsToEnable) / sizeof(ULONG); i++)
RtlAdjustPrivilege(privsToEnable[i], oldPrivState[i], FALSE, &oldPrivState[i]);
*pKeyHandle = NULL;
return status;
}
}
InitializeObjectAttributes(&keyAttr, pFullKeyPath, OBJ_CASE_INSENSITIVE, NULL, NULL);
status = NtOpenKeyEx(pKeyHandle, KEY_ALL_ACCESS, &keyAttr, REG_OPTION_BACKUP_RESTORE);
if (status)
*pKeyHandle = NULL;
for (ULONG i = 0; i < sizeof(privsToEnable) / sizeof(ULONG); i++)
RtlAdjustPrivilege(privsToEnable[i], oldPrivState[i], FALSE, &oldPrivState[i]);
return status;
}
void mymain(void){
UNICODE_STRING uKeyFullName;
NTSTATUS status = STATUS_NOT_ALLOWED_ON_SYSTEM_FILE;
HANDLE hTestKey = INVALID_HANDLE_VALUE;
RtlInitUnicodeString(&uKeyFullName, L"\\Registry\\Machine\\SECURITY\\Policy");
status = openKeyAllAccess(&hTestKey, &uKeyFullName);
NtRaiseHardError(status, 0, 0, NULL, 0, (PULONG)&status);
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 远程部署tomcat工程到Linux服务器
- Kali linux渗透测试常用工具汇总1
- Window与Linux跨平台JAVA编程的注意事项
- x86架构和arm架构处理器分析
- Tomcat组件的生命周期Lifecycle
- 对商业方,架构师要避免愤世嫉俗
- 基于OpenCL的深度学习工具:AMD MLP及其使用详解
- 《学习opencv》笔记——矩阵和图像处理——cvMinManLoc,cvMul,cvNot,cvNorm and cvNormalize
- Shell Script - 追踪与debug
- Shell Script - 追踪与debug
- Shell Scripts - 循环while,until,for
- Shell Scripts - 循环while,until,for
- MAC OSX10.10上搭建Apache,PHP,MySQL5.6.22,phpMyAdmin开发环境
- hadoop详细的环境搭建
- poj2186Popular Cows tarjan缩点
- linux右上角小键盘隐藏的解决方法
- Linux 下crontab管理RMAN一周自动增量备份
- linux共享内存设置
- 【Linux】FrameBuffer操作入门
- Shell替换