美国的华莱士

  • Taking Object Ownership in C++

    ·

    发布于

    修改于

    #include <windows.h>
#include <stdio.h>
#include <accctrl.h>
#include <aclapi.h>

//Forward declaration of SetPrivilege
BOOL SetPrivilege(
    HANDLE hToken,          // access token handle
    LPCTSTR lpszPrivilege,  // name of privilege to enable/disable
    BOOL bEnablePrivilege   // to enable or disable privilege
    ) ;


BOOL TakeOwnership(LPTSTR lpszOwnFile) 
{

    BOOL bRetval = FALSE;

    HANDLE hToken = NULL; 
    PSID pSIDAdmin = NULL;
    PSID pSIDEveryone = NULL;
    PACL pACL = NULL;
    SID_IDENTIFIER_AUTHORITY SIDAuthWorld =
            SECURITY_WORLD_SID_AUTHORITY;
    SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
    const int NUM_ACES  = 2;
    EXPLICIT_ACCESS ea[NUM_ACES];
    DWORD dwRes;

    // Specify the DACL to use.
    // Create a SID for the Everyone group.
    if (!AllocateAndInitializeSid(&SIDAuthWorld, 1,
                     SECURITY_WORLD_RID,
                     0,
                     0, 0, 0, 0, 0, 0,
                     &pSIDEveryone)) 
    {
        printf("AllocateAndInitializeSid (Everyone) error %u\n",
                GetLastError());
        goto Cleanup;
    }

    // Create a SID for the BUILTIN\Administrators group.
    if (!AllocateAndInitializeSid(&SIDAuthNT, 2,
                     SECURITY_BUILTIN_DOMAIN_RID,
                     DOMAIN_ALIAS_RID_ADMINS,
                     0, 0, 0, 0, 0, 0,
                     &pSIDAdmin)) 
    {
        printf("AllocateAndInitializeSid (Admin) error %u\n",
                GetLastError());
        goto Cleanup;
    }

    ZeroMemory(&ea, NUM_ACES * sizeof(EXPLICIT_ACCESS));

    // Set read access for Everyone.
    ea[0].grfAccessPermissions = GENERIC_READ;
    ea[0].grfAccessMode = SET_ACCESS;
    ea[0].grfInheritance = NO_INHERITANCE;
    ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
    ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
    ea[0].Trustee.ptstrName = (LPTSTR) pSIDEveryone;

    // Set full control for Administrators.
    ea[1].grfAccessPermissions = GENERIC_ALL;
    ea[1].grfAccessMode = SET_ACCESS;
    ea[1].grfInheritance = NO_INHERITANCE;
    ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
    ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
    ea[1].Trustee.ptstrName = (LPTSTR) pSIDAdmin;

    if (ERROR_SUCCESS != SetEntriesInAcl(NUM_ACES,
                                         ea,
                                         NULL,
                                         &pACL))
    {
        printf("Failed SetEntriesInAcl\n");
        goto Cleanup;
    }

    // Try to modify the object's DACL.
    dwRes = SetNamedSecurityInfo(
        lpszOwnFile,                 // name of the object
        SE_FILE_OBJECT,              // type of object
        DACL_SECURITY_INFORMATION,   // change only the object's DACL
        NULL, NULL,                  // do not change owner or group
        pACL,                        // DACL specified
        NULL);                       // do not change SACL

    if (ERROR_SUCCESS == dwRes) 
    {
        printf("Successfully changed DACL\n");
        bRetval = TRUE;
        // No more processing needed.
        goto Cleanup;
    }
    if (dwRes != ERROR_ACCESS_DENIED)
    {
        printf("First SetNamedSecurityInfo call failed: %u\n",
                dwRes); 
        goto Cleanup;
    }

    // If the preceding call failed because access was denied, 
    // enable the SE_TAKE_OWNERSHIP_NAME privilege, create a SID for 
    // the Administrators group, take ownership of the object, and 
    // disable the privilege. Then try again to set the object's DACL.

    // Open a handle to the access token for the calling process.
    if (!OpenProcessToken(GetCurrentProcess(), 
                          TOKEN_ADJUST_PRIVILEGES, 
                          &hToken)) 
       {
          printf("OpenProcessToken failed: %u\n", GetLastError()); 
          goto Cleanup; 
       } 

    // Enable the SE_TAKE_OWNERSHIP_NAME privilege.
    if (!SetPrivilege(hToken, SE_TAKE_OWNERSHIP_NAME, TRUE)) 
    {
        printf("You must be logged on as Administrator.\n");
        goto Cleanup; 
    }

    // Set the owner in the object's security descriptor.
    dwRes = SetNamedSecurityInfo(
        lpszOwnFile,                 // name of the object
        SE_FILE_OBJECT,              // type of object
        OWNER_SECURITY_INFORMATION,  // change only the object's owner
        pSIDAdmin,                   // SID of Administrator group
        NULL,
        NULL,
        NULL); 

    if (dwRes != ERROR_SUCCESS) 
    {
        printf("Could not set owner. Error: %u\n", dwRes); 
        goto Cleanup;
    }
        
    // Disable the SE_TAKE_OWNERSHIP_NAME privilege.
    if (!SetPrivilege(hToken, SE_TAKE_OWNERSHIP_NAME, FALSE)) 
    {
        printf("Failed SetPrivilege call unexpectedly.\n");
        goto Cleanup;
    }

    // Try again to modify the object's DACL,
    // now that we are the owner.
    dwRes = SetNamedSecurityInfo(
        lpszOwnFile,                 // name of the object
        SE_FILE_OBJECT,              // type of object
        DACL_SECURITY_INFORMATION,   // change only the object's DACL
        NULL, NULL,                  // do not change owner or group
        pACL,                        // DACL specified
        NULL);                       // do not change SACL

    if (dwRes == ERROR_SUCCESS)
    {
        printf("Successfully changed DACL\n");
        bRetval = TRUE; 
    }
    else
    {
        printf("Second SetNamedSecurityInfo call failed: %u\n",
                dwRes); 
    }

Cleanup:

    if (pSIDAdmin)
        FreeSid(pSIDAdmin); 

    if (pSIDEveryone)
        FreeSid(pSIDEveryone); 

    if (pACL)
       LocalFree(pACL);

    if (hToken)
       CloseHandle(hToken);

    return bRetval;

}

  • 目前这个状态应该是对的吧?

    ·

    发布于

    修改于

  • 京东上卖的三体套装

    ·

    发布于

    修改于

    其实我们大家都知道,京东上的所谓“特惠套装”往往都比单独买贵一些,但是贵的这么离谱的还是头一次见到。

    三体3本套装
    三体3本套装

    三体3本套装+另外2本
    三体3本套装+另外2本

    分别购买三体1、2、3部
    分别购买三体1、2、3部

  • 禁用所有活动网卡(支持还原)

    ·

    发布于

    修改于

    #include <Windows.h>
#include <SetupAPI.h>
#include <devguid.h>
#include <Cfgmgr32.h>

#pragma comment(lib,"Setupapi.lib")

ULONG NetCardIndex[16];
//参数为FALSE可以将活动网卡禁用,而后用参数TRUE调用
//可以将之前被禁用的网卡启动,并且不会启动非本函数禁用的网卡。
//该方法不支持WOW64,在64位系统中必须以64位代码执行。
ULONG ChangeNetCardStatus(BOOL Enable)
{
	HDEVINFO				DeviceInfoSet;
	SP_DEVINFO_DATA			DeviceInfoData;
	ULONG					DeviceIndex;
	CHAR					Buffer[64];
	DWORD					Size;
	ULONG					Status;
	ULONG					ProblemNumber;
	SP_PROPCHANGE_PARAMS	PropchangeParams;
	DWORD					ChangedCount;

	ChangedCount = 0;
	DeviceInfoSet = SetupDiGetClassDevsA(
		&GUID_DEVCLASS_NET,
		NULL,
		NULL,
		DIGCF_PRESENT);

	SecureZeroMemory(&DeviceInfoData, sizeof(SP_DEVINFO_DATA));
	DeviceInfoData.cbSize = sizeof(SP_DEVINFO_DATA);
	DeviceIndex = 0;

	while (SetupDiEnumDeviceInfo(
		DeviceInfoSet,
		DeviceIndex,
		&DeviceInfoData) && DeviceIndex < 16)
	{
		DeviceIndex++;
		if (Enable && NetCardIndex[DeviceIndex - 1] == 0)
			continue;
		if (!SetupDiGetDeviceRegistryPropertyA(
			DeviceInfoSet,
			&DeviceInfoData,
			SPDRP_LOCATION_INFORMATION,
			NULL,
			(PBYTE)&Buffer,
			sizeof(Buffer),
			&Size))
		{
			continue;
		}
		if (CR_SUCCESS != CM_Get_DevNode_Status(&Status, &ProblemNumber, DeviceInfoData.DevInst, 0))
			continue;
		//if (Status & DN_WILL_BE_REMOVED)
		//	continue;
		if (Enable == FALSE && Status & DN_HAS_PROBLEM && ProblemNumber == CM_PROB_DISABLED)
			continue;

		PropchangeParams.ClassInstallHeader.cbSize = sizeof(SP_CLASSINSTALL_HEADER);
		PropchangeParams.ClassInstallHeader.InstallFunction = DIF_PROPERTYCHANGE;
		PropchangeParams.Scope = DICS_FLAG_GLOBAL;
		PropchangeParams.StateChange = Enable ? DICS_ENABLE : DICS_DISABLE;
		if (FALSE == SetupDiSetClassInstallParamsA(DeviceInfoSet, &DeviceInfoData, (PSP_CLASSINSTALL_HEADER)&PropchangeParams, sizeof(PropchangeParams)))
		{
			printf("SetupDiSetClassInstallParamsA: %08X\n", GetLastError());
			continue;
		}
		if (FALSE == SetupDiCallClassInstaller(DIF_PROPERTYCHANGE, DeviceInfoSet, &DeviceInfoData))
		{
			printf("SetupDiCallClassInstaller: %08X\n", GetLastError());
		}
		NetCardIndex[DeviceIndex - 1] = 1;
		ChangedCount++;
	}

	if (DeviceInfoSet) {
		SetupDiDestroyDeviceInfoList(DeviceInfoSet);
	}
	return ChangedCount;
}

int main()
{
	SecureZeroMemory(&NetCardIndex, sizeof(NetCardIndex));
	ChangeNetCardStatus(FALSE);
	SleepEx(10 * 1000, TRUE);
	ChangeNetCardStatus(TRUE);
	return 0;
}

  • 卡巴斯基全功能安全软件2018中klbackupdisk.sys导致Win10蓝屏

    ·

    发布于

    修改于

    应该是管理磁盘备份的一个驱动,具体原因没时间分析,卸载了吧,等BUG修复了再装回来。

  • VMware Workstation 14.0.0 Build 6661328 密钥

    ·

    发布于

    修改于

    VMware Workstation 14.0.0 Build 6661328 KEY
    GA18K-DRXE3-488TZ-J4ZNX-PZAXA

  • Sublime Text 3 3143 注册码

    ·

    发布于

    修改于

    —– BEGIN LICENSE —–
    TwitterInc
    200 User License
    EA7E-890007
    1D77F72E 390CDD93 4DCBA022 FAF60790
    61AA12C0 A37081C5 D0316412 4584D136
    94D7F7D4 95BC8C1C 527DA828 560BB037
    D1EDDD8C AE7B379F 50C9D69D B35179EF
    2FE898C4 8E4277A8 555CE714 E1FB0E43
    D5D52613 C3D12E98 BC49967F 7652EED2
    9D2D2E61 67610860 6D338B72 5CF95C69
    E36B85CC 84991F19 7575D828 470A92AB
    —— END LICENSE ——

  • PGP Command常用命令

    ·

    发布于

    修改于

      • 添加注册码,注册PGP

    pgp --license-authorize --license-number "DAAY2-UUE69-LE950-RAZ0L-2AW5N-ANA"

      • 列出本机key

    pgp --list-keys

      • 启用某个KEY

    pgp --enable 0x11223344

      • 用公钥加密

    pgp -e d:\file1.rtf -r 0x11223344

      • 加密目录

    pgp -e -i t:\ -r 0x11223344 --archive -o d:\1.pgp

      • 解密

    pgp --decrypt --input "test.pgp" -r 0x11223344 --passphrase "the_password"

      • 将KEY设置为可信

    pgp --set-trust 0x11223344 --trust implicit

  • YY使用卸载接口Bypass UAC

    ·

    发布于

    修改于

    在AppData目录下有这些文件,每次启动YY的时候都会尝试通过卸载接口以管理员权限运行某程序,具体是什么程序就不跟了。


  • 使用CryptoAPI计算SHA512哈希

    ·

    发布于

    修改于

    int CalcSha512(PBYTE Data, DWORD DataLength, BYTE Sha512[64])
{
	HCRYPTHASH	hCryptHash = 0;
	HCRYPTPROV	hCryptProv = 0;
	DWORD		HashLen = 64;
	int			ret = 1;

	do
	{
		if (!CryptAcquireContextW(&hCryptProv, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
			break;

		if (!CryptCreateHash(hCryptProv, CALG_SHA_512, 0, 0, &hCryptHash))
			break;

		if (!CryptHashData(hCryptHash, Data, DataLength, 0))
			break;

		if (!CryptGetHashParam(hCryptHash, HP_HASHVAL, Sha512, &HashLen, 0))
			break;
		ret = 0;
	} while (0);
	if (hCryptProv)
		CryptReleaseContext(hCryptProv, 0);
	if (hCryptHash)
		CryptDestroyHash(hCryptHash);
	return ret;
}

最新

登录