定义了一个宏 宏中的 a 不成立的话 输出 a 失败 类似于 assert 断言 typedef int NTSTATUS; typedef enum _SYSDBG_COMMAND { SysDbgSysReadIoSpace = 14, SysDbgSysWriteIoSpace = 15 }SYSDBG_COMMAND, *PSYSDBG_COMMAND; typedef NTSTATUS (NTAPI * PZwSystemDebugControl) ( SYSDBG_COMMAND ControlCode, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength, PULONG ReturnLength ); PZwSystemDebugControl ZwSystemDebugControl = NULL; typedef struct IO STRUCT { DWORD IoAddr; // IN: Aligned to NumBYTEs,I/O address DWORD Reserved1; // Never accessed by the kernel PVOID pBuffer; // IN (write) or OUT (read): Ptr to buffer DWORD NumBYTEs; // IN: # BYTEs to read/write. Only use 1, 2, or 4. DWORD Reserved4; // Must be 1 DWORD Reserved5; // Must be 0 DWORD Reserved6; // Must be 1 DWORD Reserved7; // Never accessed by the kernel } IO_STRUCT, *PIO_STRUCT; //紧接着下面 封装了一 个提升进程权 限的代码 不知道的兄弟 可参考 这 里 http://hi.baidu.com/invisiable/blog/item/41e4c3a13fa4a68f461064fb.html //windows 核心编程里面也有 BOOL EnablePrivilege (PCSTR name) { HANDLE hToken; BOOL rv; TOKEN_PRIVILEGES priv = { 1, {0, 0, SE_PRIVILEGE_ENABLED} }; /* typedef struct _TOKEN_PRIVILEGES { DWORD PrivilegeCount; LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]; } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES; typedef struct _LUID_AND_ATTRIBUTES { LUID Luid; DWORD Attributes; } LUID_AND_ATTRIBUTES, *PLUID_AND_ATTRIBUTES; typedef struct _LUID { DWORD LowPart; LONG HighPart; } LUID, *PLUID; 我们要怎么样才能知道一个权限对应的 LUID 值是多少呢?这就要用到另外一 个 API 函数 LookupPrivilegevalue */ LookupPrivilegeValue ( 0, name, &priv.Privileges[0].Luid ); OpenProcessToken( GetCurrentProcess (), TOKEN_ADJUST_PRIVILEGES, &hToken ); AdjustTokenPrivileges ( hToken, FALSE, &priv, sizeof priv, 0, 0 ); rv = GetLastError () == ERROR_SUCCESS; CloseHandle (hToken); return rv; } BYTE InPortB (int Port) { BYTE Value; IO_STRUCT io; io.IoAddr = Port; io.Reserved1 = 0; io.pBuffer = (PVOID) (PULONG) & Value; io.NumBYTEs = sizeof (BYTE); io.Reserved4 = 1; io.Reserved5 = 0; io.Reserved6 = 1; io.Reserved7 = 0; ZwSystemDebugControl ( SysDbgSysReadIoSpace, &io, sizeof (io), NULL, 0, NULL ); return Value; } void OutPortB (int Port, BYTE Value) { IO_STRUCT io; io.IoAddr = Port; io.Reserved1 = 0; io.pBuffer = (PVOID) (PULONG) & Value; io.NumBYTEs = sizeof (BYTE); io.Reserved4 = 1; io.Reserved5 = 0; io.Reserved6 = 1; io.Reserved7 = 0; ZwSystemDebugControl ( SysDbgSysWriteIoSpace, &io, sizeof (io), NULL, 0, NULL ); }; int main (void) { HMODULE hNtdll; // ULONG ReturnLength; OSVERSIONINFO OSVersionInfo; OSVersionInfo.dwOSVersionInfoSize = sizeof (OSVERSIONINFO); EnablePrivilege (SE_DEBUG_NAME); FCHK ((hNtdll = LoadLibrary ("ntdll.dll")) != NULL); FCHK ((ZwSystemDebugControl = (PZwSystemDebugControl) GetProcAddress (hNtdll, "ZwSystemDebugControl")) != NULL); FCHK ((void *) GetVersionEx (&OSVersionInfo) != NULL); if (OSVersionInfo.dwPlatformId == VER_PLATFORM_WIN32_NT && OSVersionInfo.dwMajorVersion >= 5 && OSVersionInfo.dwMinorVersion >= 1) //Windows XP 以上 { OutPortB(0X70,(BYTE)(12345678)); OutPortB(0X71,(BYTE)(87654567)); printf("success"); } else { } printf ("This program require Windows XP or Windows 2003.\n"); return 0; } NtSystemDebugContro 可以参考两篇资料一个是 NativeAPI 另一个就是 tombkeeper 老 |
