📄 setcurdir.dpr
字号:
//Seems DuplicateHandle can duplicate handles to user objects...
program SetCurDir;
{$APPTYPE CONSOLE}
uses Windows, SysUtils, ApiHooks, PrcWorks;
type
TRAP = function(Priv : LongWord; Enable : Boolean; EnThread : LongWord; var WasEn : Boolean) : LongWord; stdcall;
var
PID : Integer;
RAP : TRAP;
WasEn : Boolean;
hTarget : LongWord;
pRCI : PRCINFO;
AHResult : LongWord;
lpPathName : Pointer;
DirName : array[0..259] of Char;
begin
if ParamCount <> 2 then
WriteLn(Format('Usage: %s <ProcessName> <DirName>', [ParamStr(0)]))
else begin
PID := ProcessName2PID(PChar(ParamStr(1)));
if (PID = PW_PIDERROR) or (PID = PW_SESERROR) then
WriteLn(Format('''%s'' doesn''t exist!', [ParamStr(1)]))
else
if (PID = PW_MEMERROR) then
WriteLn('Not enough memory!')
else begin
RAP := GetProcAddress(GetModuleHandle('ntdll.dll'), 'RtlAdjustPrivilege');
if @RAP <> nil then
RAP(20, TRUE, 0, WasEn);
ExpandEnvironmentStrings(PChar(ParamStr(2)), DirName, 260);
hTarget := OpenProcess(PROCESS_VM_OPERATION or PROCESS_VM_WRITE, FALSE, PID);
if hTarget <> 0 then begin
pRCI := GetDefaultRCInfo;
lpPathName := pRCI.RtlAllocMem(hTarget, 260);
if lpPathName <> nil then begin
if WriteProcessMemory(hTarget, lpPathName, @DirName, 260, AHResult) then begin
AHResult := LoadAndCall(nil, 'KERNEL32.dll', PID, 10000, 1,
'SetCurrentDirectoryA', 1, @lpPathName);
if ErrorAHTimeOut = AHResult then
WriteLn('Not enough time to get result!')
else
if (ErrorAHMin <= AHResult) and (AHResult <= ErrorAHMax) then
WriteLn('Can''t prepare remote execution!')
else
if TRUE = Boolean(AHResult) then
WriteLn('Target''s current directory set.')
else
WriteLn('Can''t set target''s current directory!')
end
else
WriteLn('Can''t write to target''s memory!');
pRCI.RtlFreeMem(hTarget, lpPathName);
end
else
WriteLn('Can''t allocate memory in target!');
CloseHandle(hTarget);
end
else
WriteLn(Format('Can''t open ''%s''!', [ParamStr(1)]));
end;
end;
ReadLn;
end.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -