文摘首页 >> 网页制作·视觉设计·3D STUDIO·FLASH制作·网络攻防·病毒播报·编程开发·系统维护·网站经营·视频剪辑·文摘论坛
 







线




访




 
 ■ 您现在的位置: 福建大学生在线 >> 文摘 >> 编程开发 >> 其他相关文章 >> 文摘正文
 
端口到进程实现的源代码
作者:闪空 文章来源:网络 点击数: 更新时间:2006-7-3 9:44:00

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <Aclapi.h>
#include <comdef.h>
#include <winioctl.h>
#pragma comment ( lib, "ws2_32.lib" )
#define NT_HANDLE_LIST 16
#define MAX_HANDLE_LIST_BUF 0x200000
typedef struct _HandleInfo
{
USHORT dwPid;  
USHORT CreatorBackTraceIndex;
BYTE  ObjType;
BYTE  HandleAttributes;
USHORT HndlOffset;
DWORD dwKeObject;
ULONG GrantedAccess;
}HANDLEINFO, *PHANDLEINFO;
typedef struct _IO_STATUS_BLOCK {
DWORD Status;
ULONG Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
typedef struct _LSA_UNICODE_STRING {
  USHORT Length;
  USHORT MaximumLength;
  PWSTR Buffer;
} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;
typedef struct _OBJECT_ATTRIBUTES {
ULONG Length;
HANDLE RootDirectory;
  UNICODE_STRING *ObjectName;
ULONG Attributes;
PSECURITY_DESCRIPTOR SecurityDescriptor;
PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
} OBJECT_ATTRIBUTES,*POBJECT_ATTRIBUTES;
// 申明NtQuerySystemInformation()函数
typedef DWORD (CALLBACK* NTQUERYSYSTEMINFORMATION)( DWORD, PDWORD, DWORD, PVOID );
NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;
typedef VOID (CALLBACK* RTLINITUNICODESTRING)(PUNICODE_STRING,PCWSTR);
RTLINITUNICODESTRING RtlInitUnicodeString;
typedef DWORD (CALLBACK* ZWOPENSECTION)(PVOID, DWORD,POBJECT_ATTRIBUTES);
ZWOPENSECTION ZwOpenSection;
typedef VOID(CALLBACK* INITIALIZEOBJECTATTRIBUTES)(POBJECT_ATTRIBUTES,PUNICODE_STRING,ULONG,HANDLE,PSECURITY_DESCRIPTOR);
INITIALIZEOBJECTATTRIBUTES InitializeObjectAttributes;
typedef DWORD (CALLBACK* ZWOPENFILE)(PHANDLE,DWORD,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,ULONG,ULONG);
ZWOPENFILE ZwOpenFile;
DWORD getmap(PHANDLEINFO get1,LPVOID addr,HANDLE pm,char * buf)
{
DWORD readset;
LPVOID pmaddr1;
int i;
readset = (get1->dwKeObject>>0x16);
readset = *((LPDWORD)((DWORD)addr + 4*readset));
if((readset&0x000000ff)==1)
{
 return 0;
}
else
{
 if((readset&0x000000ff)==0x80)
 {
  pmaddr1 = MapViewOfFile(pm,4,0,readset&0xfffff000,0x1000);
  readset = (get1->dwKeObject>>0x0c) & 0x3ff;
  readset = *((LPDWORD)((DWORD)pmaddr1 + 4*readset));
  UnmapViewOfFile(pmaddr1);
  readset = readset & 0x0FFFFF000;
 }
 else
 {
  readset=(readset&0xfffff000)+(get1->dwKeObject&0x003ff000);
 }
 pmaddr1 =MapViewOfFile(pm,4,0,readset,0x1000);
 if(pmaddr1!=NULL)
 {
  readset = get1->dwKeObject&0x00000fff;
  readset = (DWORD)pmaddr1+readset;
  for(i=0;i<0x70;i++)
  buf[i] = *((char *)(readset + i));
  UnmapViewOfFile(pmaddr1);
 }
 else
 {
  return 0;
 }
}
return readset;
}

[1] [2] 下一页

文摘录入:一叶知秋    责任编辑:一叶知秋 
【字体: 】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口
  • 上一篇文摘:

  • 下一篇文摘:
    		• 版权所有:福建大学生在线(www.fjstu.net)All Right Reserved 2003-2006
    福建大学生在线站务组 - 有你的加入更精彩 - 站务成员全年招募中
    网站备案号:闽ICP备05000367号 广告投放QQ:383870619 欢迎商家加盟