| 12345678910111213141516171819202122232425 |
- #include <windows.h>
- #pragma comment (lib, "advapi32")
- #pragma comment(lib, "mscoree.lib")
- #define ENABLE 1
- #define DISABLE 0
- //SetPrivilege
- DECLSPEC_IMPORT BOOL WINAPI Advapi32$OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle);
- DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$GetCurrentProcess();
- DECLSPEC_IMPORT BOOL WINAPI Advapi32$LookupPrivilegeValueA(LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid);
- DECLSPEC_IMPORT BOOL WINAPI Advapi32$AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength);
- DECLSPEC_IMPORT DWORD WINAPI KERNEL32$GetLastError(void);
- //SilentSysmon
- DECLSPEC_IMPORT BOOL WINAPI KERNEL32$WriteProcessMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesWritten);
- DECLSPEC_IMPORT BOOL WINAPI KERNEL32$FlushInstructionCache(HANDLE hProcess, LPCVOID lpBaseAddress, SIZE_T dwSize);
- //main
- DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId);
- DECLSPEC_IMPORT BOOL WINAPI KERNEL32$CloseHandle(HANDLE hObject);
- WINBASEAPI int __cdecl MSVCRT$printf(const char * _Format,...);
|
