erunasdll.cpp

Cracker终结者——提供最优秀的软件保护技术

#define WIN32_LEAN_AND_MEAN
#define UNICODE
#include <windows.h>

#define DefWinStaDesk L"WinSta0\\Default"

extern "C" __declspec(dllexport)
DWORD WINAPI CreateProcessAsSYSTEMW(DWORD CallerPID, LPWSTR lpCommandLineW,
             DWORD dwCreationFlags, LPWSTR lpWinStaDeskW, LPWSTR lpCurrentDirectoryW) {
  HANDLE hCaller, hThread = NULL, hProcess = NULL;
  if(hCaller = OpenProcess(PROCESS_DUP_HANDLE, FALSE, CallerPID)) {
    if(lpWinStaDeskW == NULL)
      lpWinStaDeskW = DefWinStaDesk;
    WCHAR OldDIR[MAX_PATH]; OldDIR[0] = '\0';
    if(lpCurrentDirectoryW)
      if(GetCurrentDirectoryW(sizeof(OldDIR), OldDIR))
        SetCurrentDirectoryW(lpCurrentDirectoryW);
    STARTUPINFOW si = {sizeof(si)};
    si.lpDesktop = lpWinStaDeskW;
    PROCESS_INFORMATION pi;
    if(CreateProcessW(NULL, lpCommandLineW, NULL, NULL, FALSE, dwCreationFlags, NULL, NULL, &si, &pi)) {
      HANDLE hCP = GetCurrentProcess();
      DuplicateHandle(hCP, pi.hThread,  hCaller, &hThread,  0, FALSE, DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS);
      DuplicateHandle(hCP, pi.hProcess, hCaller, &hProcess, 0, FALSE, DUPLICATE_CLOSE_SOURCE | DUPLICATE_SAME_ACCESS);
    }
    if(OldDIR[0])
      SetCurrentDirectoryW(OldDIR);
    CloseHandle(hCaller);
  }
  return((LOWORD((DWORD)hProcess) << 16) + LOWORD((DWORD)hThread));
}