win32thread.h

来自「Cracker终结者——提供最优秀的软件保护技术」· C头文件代码 · 共 77 行

77 行

#include <PrcWorks.h>
#include <ApiHooks.h>

CRITICAL_SECTION xxxCCSLock;
typedef LONG (WINAPI *TRAP)(DWORD, BOOL, DWORD, DWORD*);
TRAP RAP = NULL;
LONG xxxCCSEntry = 0;

typedef struct _xxxCRTMSG {
  BYTE   Dummy[0x20];
  LONG   Status;
  DWORD  Dummy24;
  HANDLE hThread;
  DWORD  PID;
  DWORD  TID;
} xxxCRTMSG, *PxxxCRTMSG;

typedef LONG (WINAPI *TxxxCsrClientCallServer)(PxxxCRTMSG, DWORD, DWORD, DWORD);
static TxxxCsrClientCallServer OldxxxCsrClientCallServer = NULL;

LONG WINAPI NewxxxCsrClientCallServer(PxxxCRTMSG Buffer, DWORD Par1, DWORD Command, DWORD Size) {
  LONG Result = OldxxxCsrClientCallServer(Buffer, Par1, Command, Size);
  if((Buffer->Status == 0xC0000001) //STATUS_UNSUCCESSFUL
      && (Command == 0x00010001)) {

    EnterCriticalSection(&xxxCCSLock);
    if(InterlockedExchangeAdd(&xxxCCSEntry, 1) == 0) {

      TCHAR SesFullCsrName[32];
      #ifdef _stprintf 
        _stprintf(SesFullCsrName, TEXT("%u/csrss.exe"), GetSessionId(Buffer->PID));
      #else
         wsprintf(SesFullCsrName, TEXT("%u/csrss.exe"), GetSessionId(Buffer->PID));
      #endif

      DWORD WasEn = TRUE;
      if(RAP)
        RAP(20, TRUE, 0, &WasEn);

      HANDLE hCsr;
      if(hCsr = OpenProcess(PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION | SYNCHRONIZE |
                            PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE |
                            PROCESS_CREATE_THREAD | READ_CONTROL,
                            FALSE, ProcessName2PID(SesFullCsrName))) {
        HANDLE DuphTargetThread;
        if(DuplicateHandle((HANDLE)-1, Buffer->hThread, hCsr, &DuphTargetThread, 0, FALSE, DUPLICATE_SAME_ACCESS)) {
          static RCINFO rci = {0};
          DWORD Params[4] = {(DWORD)DuphTargetThread, LACSTKPointer+8, Buffer->PID, Buffer->TID};
          if((LONG)hLoadAndCall(&rci, TEXT("csrsrv.dll"), hCsr, 20000, 0, TEXT("CsrCreateRemoteThread"), 4, Params)>=0) {
            Result = 0;
            Buffer->Status = 0;
          }
          hLoadAndCall(&rci, TEXT("ntdll.dll"), hCsr, 5000, 0, TEXT("NtClose"), 1, &DuphTargetThread);
        }
        CloseHandle(hCsr);
      }

      if(!WasEn && RAP)
        RAP(20, WasEn, 0, &WasEn);
    }

    InterlockedExchangeAdd(&xxxCCSEntry, -1);
    LeaveCriticalSection(&xxxCCSLock);
  }
  return(Result);
}

VOID WINAPI InitWin32Thread(VOID) {
  InitializeCriticalSection(&xxxCCSLock);
  HINSTANCE hntdll;
  if(hntdll = GetModuleHandle(TEXT("ntdll.dll")))
    RAP = (TRAP)GetProcAddress(hntdll, "RtlAdjustPrivilege");
}

VOID WINAPI QuitWin32Thread(VOID) {
  DeleteCriticalSection(&xxxCCSLock);
}

win32thread.h - 源码说明

本页面展示了「Cracker终结者——提供最优秀的软件保护技术」中的 win32thread.h 源码文件，采用 C头文件编程语言编写，共 77 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与Cracker相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C

搜索代码Ctrl + F

全屏模式F11

增大字号Ctrl + =

减小字号Ctrl + -

显示快捷键?