1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
| #include <stdio.h>
#include <windows.h>
#include <tlhelp32.h>
BOOL SeDebug(BOOL bEnablePrivilege);
DWORD FindProcessPID(const wchar_t* ProcessName);
DWORD64 GetProcessModuleBase(DWORD dwPid, const wchar_t* moduleName);
int main(int argc, char** argv)
{
SeDebug(TRUE);
DWORD dwPid = FindProcessPID(L"Notepad.exe");
printf("PID:%d\n", dwPid);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
printf("hProcess:0x%llX\n", hProcess);
DWORD64 moduleBaseAddress = GetProcessModuleBase(dwPid, L"Notepad.exe");
printf("Module:0x%llX\n", moduleBaseAddress);
CloseHandle(hProcess);
getchar();
return 0;
}
BOOL SeDebug(BOOL bEnablePrivilege)
{
HANDLE hCurrentToken = NULL;
BOOL getCurrentToken = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hCurrentToken);
LUID luid;
if (!LookupPrivilegeValue(NULL, L"SeDebugPrivilege", &luid))
{
return FALSE;
}
TOKEN_PRIVILEGES PrivToken;
PrivToken.PrivilegeCount = 1;
PrivToken.Privileges[0].Luid = luid;
if (bEnablePrivilege)
PrivToken.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
PrivToken.Privileges[0].Attributes = 0;
if (!AdjustTokenPrivileges(
hCurrentToken,
FALSE,
&PrivToken,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES)NULL,
(PDWORD)NULL))
{
return FALSE;
}
return TRUE;
}
DWORD FindProcessPID(const wchar_t* ProcessName)
{
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32W process = { 0 };
process.dwSize = sizeof(process);
if (Process32FirstW(snapshot, &process)) {
do {
if (!wcscmp((const wchar_t*)process.szExeFile, (const wchar_t*)ProcessName))
break;
} while (Process32NextW(snapshot, &process));
}
CloseHandle(snapshot);
return process.th32ProcessID;
}
DWORD64 GetProcessModuleBase(DWORD dwPid, const wchar_t* moduleName)
{
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPid);
MODULEENTRY32W me32 = { 0 };
me32.dwSize = sizeof(me32);
if (hModuleSnap == INVALID_HANDLE_VALUE)
{
printf("Error Code %d\n", GetLastError());
printf("[ERROR] Failed to CreateToolhelp32Snapshot\n");
return 0;
}
if (!Module32FirstW(hModuleSnap, &me32))
{
printf("[ERROR] Failed to Module32First\n");
return 0;
}
do
{
if (!wcscmp(me32.szModule, moduleName))
{
CloseHandle(hModuleSnap);
return (DWORD64)me32.modBaseAddr;
}
} while (Module32NextW(hModuleSnap, &me32));
CloseHandle(hModuleSnap);
return 0;
}
|
