资源描述:
《从管理员身份获得SYSTEM 权限的四种方法》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、1.以服务方式运行 因为以服务方式运行程序时,相当于运行程序的是系统进程,所以,被指定运行的程序自然而然的继承了系统进程的权限,也就是SYSTEM权限。;@echooff;gotomake;====================================================================================;以SYSTEM权限运行程序-GetSys1;采用以服务方式运行的方法;========================================================================
2、============.386.modelflat,stdcalloptioncasemap:noneincludec:masm32includewindows.incincludec:masm32includekernel32.incincludec:masm32includeadvapi32.incincludec:masm32includemasm32.incincludelibc:masm32libkernel32.libincludelibc:masm32libadvapi32.libincludelibc:masm32
3、libmasm32.lib_ReLaunchprotoCTXTMACROtext locallbl .const lbldbtext,0 .code exitm ENDM.codestartproc LOCAL stStartupInfo:STARTUPINFO LOCAL procinfo:PROCESS_INFORMATION invoke CreateMutex,NULL,TRUE,CTXT("GetSys1_Mutex") invoke GetLastError .ifea
4、x==ERROR_ALREADY_EXISTS invoke RtlZeroMemory,addrstStartupInfo,sizeofstStartupInfo mov stStartupInfo.cb,sizeofstStartupInfo invoke CreateProcess,0,CTXT("regedit.exe"),0,0,0,0,0,0,addrstStartupInfo,addrprocinfo invoke CloseHandle,procinfo.hProcess in
5、voke CloseHandle,procinfo.hThread .else invoke _ReLaunch .endif invoke ExitProcess,NULLstartendp_ReLaunchproc LOCAL hSCManager LOCAL hService LOCAL szName[MAX_PATH]:byte invoke OpenSCManager,NULL,NULL,SC_MANAGER_CREATE_SERVICE .ifeax!=0 mo
6、v hSCManager,eax invoke OpenService,hSCManager,CTXT("GetSys1Temp"),DELETE .ifeax!=0 push eax invoke DeleteService,eax call CloseServiceHandle .endif invoke GetModuleFileName,NULL,addrszName,MAX_PATH invok
7、e CreateService,hSCManager,CTXT("GetSys1Temp"),CTXT("GetSys1TempService"), SERVICE_START+SERVICE_QUERY_STATUS+DELETE, SERVICE_WIN32_OWN_PROCESS+SERVICE_INTERACTIVE_PROCESS,SERVICE_DEMAND_START, SERVICE_ERROR_IGNORE,addrszName,NUL
