// FPort.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
BOOL GetProcessModule (DWORD dwPID, DWORD dwModuleID,
LPMODULEENTRY32 lpMe32, DWORD cbMe32)
{
BOOL bRet = FALSE;
BOOL bFound = FALSE;
HANDLE hModuleSnap = NULL;
MODULEENTRY32 me32 = {0};
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
if (hModuleSnap == INVALID_HANDLE_VALUE)
return (FALSE);
me32.dwSize = sizeof(MODULEENTRY32);
if (Module32First(hModuleSnap, &me32))
{
do
{
if (me32.th32ModuleID == dwModuleID)
{
CopyMemory (lpMe32, &me32, cbMe32);
bFound = TRUE;
}
}
while (!bFound && Module32Next(hModuleSnap, &me32));
bRet = bFound;
}
else
bRet = FALSE;
CloseHandle (hModuleSnap);
return (bRet);
}
PCHAR ProcessPidToName(HANDLE hProcessSnap, DWORD ProcessId, PCHAR ProcessName)
{
PROCESSENTRY32 processEntry = { 0 };
processEntry.dwSize = sizeof(PROCESSENTRY32);
lstrcpy(ProcessName, "???");
if (!Process32First(hProcessSnap, &processEntry))
{
return ProcessName;
}
do
{
if (processEntry.th32ProcessID == ProcessId)
{
MODULEENTRY32 me32 = {0};
GetProcessModule(processEntry.th32ProcessID,
1, &me32, sizeof(MODULEENTRY32));
if (lstrlen(me32.szExePath) != 0)
{
lstrcpy(ProcessName, me32.szExePath);
}
else
{
lstrcpy(ProcessName, processEntry.szExeFile);
}
return ProcessName;
}
} while(Process32Next(hProcessSnap, &processEntry));
return ProcessName;
}
HANDLE OpenPhysicalMemory(HANDLE& hSection)
{
NTSTATUS status;
UNICODE_STRING physmemString;
OBJECT_ATTRIBUTES attributes;
HANDLE hMemory;
RtlInitUnicodeString(&physmemString, L"\\Device\\PhysicalMemory");
InitializeObjectAttributes(&attributes, &physmemString,
OBJ_CASE_INSENSITIVE, NULL, NULL);
status = ZwOpenSection(&hSection, SECTION_MAP_READ, &attributes );
if (!NT_SUCCESS(status)) return NULL;
hMemory = MapViewOfFile(hSection, FILE_MAP_READ,
0, 0x30000, 0x1000);
if (GetLastError() != 0) return NULL;
return hMemory;
}
void AdjustDacl(HANDLE hProcess)
{
SID world = { SID_REVISION,1, SECURITY_WORLD_SID_AUTHORITY, 0 };
LPTSTR ptstrName = (LPTSTR)&world;
EXPLICIT_ACCESS ea = { STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, SET_ACCESS, NO_INHERITANCE,
{ 0, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_USER, ptstrName}};
ACL * pdacl = 0;
if (SetEntriesInAcl(1, &ea, 0, &pdacl) != ERROR_SUCCESS)
{
printf( "SetEntriesInAcl Error:%d", GetLastError());
}
if (SetSecurityInfo(hProcess, SE_KERNEL_OBJECT,
DACL_SECURITY_INFORMATION, 0, 0, pdacl, 0) != ERROR_SUCCESS)
{
printf( "SetSecurityInfo Error:%d", GetLastError());
}
LocalFree(pdacl);
}
HANDLE OpenDeviceTcpUdp(WCHAR * deviceName)
{
UNICODE_STRING physmemString;
OBJECT_ATTRIBUTES attributes;
IO_STATUS_BLOCK iosb;
HANDLE hDeviceHandle;
RtlInitUnicodeString(&physmemString, deviceName);
if (GetLastError() != 0) return NULL;
InitializeObjectAttributes(&attributes, &physmemString,
OBJ_CASE_INSENSITIVE, 0, NULL);
NTSTATUS status = ZwOpenFile(&hDeviceHandle, 0x100000, &attributes, &iosb, 3, 0);
if (!NT_SUCCESS(status)) return NULL;
return hDeviceHandle;
}
PULONG GetHandleList()
{
ULONG cbBuffer = 0x1000;
PULONG pBuffer = new ULONG[cbBuffer];
NTSTATUS Status;
do
{
Status = ZwQuerySystemInformation(
SystemHandleInformation,
pBuffer,
cbBuffer * sizeof(ULONG),
NULL
);
if (Status == STATUS_INFO_LENGTH_MISMATCH)
{
delete [] pBuffer;
pBuffer = new ULONG[cbBuffer *= 2];
}
else if (!NT_SUCCESS(Status))
{
delete [] pBuffer;
return NULL;
}
}while (Status == STATUS_INFO_LENGTH_MISMATCH);
return pBuffer;
}
PVOID GetTcpUdpObject(PULONG pBuffer, HANDLE hHandle, DWORD ProcessId)
{
int nCount = *pBuffer;
PSYSTEM_HANDLE_INFORMATION pProcesses = (PSYSTEM_HANDLE_INFORMATION)(pBuffer + 1);
for (int i = 0; i < nCount; i++)
{
if (pProcesses->ProcessId == ProcessId && pProcesses->Handle == (int)hHandle)
{
return (PVOID)pProcesses;
}
pProcesses++;
}
return NULL;
}
BOOL GetPTE(PVOID objAddress, HANDLE hMapPhysicalMemory, HANDLE hSection, PTE& pte)
{
DWORD dwPhysMemBuf = (DWORD)hMapPhysicalMemory, dwAddress = (DWORD)objAddress;
LPVOID pNewMapPhy = NULL;
DWORD dwNewAddress = *((LPDWORD)(dwPhysMemBuf + (dwAddress >> 0x16) * 4));
if ((dwNewAddress & 0x000000ff) < 0x01)
{
return FALSE;
}
if ((dwNewAddress & 0x000000ff) < 0x80)
{
pNewMapPhy = MapViewOfFile(hSection, 4, 0, dwNewAddress & 0xFFFFF000, 0x1000);
dwNewAddress = (dwAddress >> 0x0c) & 0x3ff;
dwNewAddress = *((LPDWORD)((DWORD)pNewMapPhy + 4 * dwNewAddress)) & 0xFFFFF000;
UnmapViewOfFile(pNewMapPhy);
pNewMapPhy = NULL;
}
else
{
dwNewAddress = (dwNewAddress & 0xFFFFF000) + (dwAddress & 0x003ff000);
}
pNewMapPhy = MapViewOfFile(hSection, FILE_MAP_READ,
0, dwNewAddress, 0x1000);
if (pNewMapPhy == NULL)
{
long lError = GetLastError();
return FALSE;
}
else
{
memcpy(&pte, (char *)pNewMapPhy + (dwAddress & 0x00000FFF), sizeof(PTE));
}
UnmapViewOfFile(pNewMapPhy);
return TRUE;
}
BOOL RaisePrivleges( HANDLE hToken, char *pPriv )
{
TOKEN_PRIVILEGES tkp;
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
tkp.Privileges[0].Luid.HighPart = 0;
tkp.Privileges[0].Luid.LowPart = 0;
if (!LookupPrivilegeValue(NULL, pPriv, &tkp.Privileges[0].Luid))
{
printf("LookupPrivilegeValue Error:%d\n", GetLastError());
return FALSE;
}
int iRet = AdjustTokenPrivileges(hToken, FALSE, &tkp, 0x10, (PTOKEN_PRIVILEGES)NULL, 0);
if (iRet == NULL)
{
printf( "AdjustTokenPrivileges Error:%d\n", GetLastError());
return TRUE;
}
else
{
iRet = GetLastError();
switch (iRet)
{
case ERROR_NOT_ALL_ASSIGNED:
{
printf("AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED\n" );
return FALSE;
}
case ERROR_SUCCESS:
{
return TRUE;
}
default:
{
printf("AdjustTokenPrivileges Unknow Error:%d\n", iRet);
return FALSE;
}
}
}
}
int main(int argc, char* argv[])
{
HANDLE hToken;
HANDLE hTcpHandle;
HANDLE hUdpHandle;
HANDLE hSection;
printf("---[ FPort, by Phiger ]---\n");
printf("---[ Date : 2003-12-30 ]---\n\n");
HANDLE hMapPhysicalMemory = OpenPhysicalMemory(hSection);
HANDLE hCurrentProc = GetCurrentProcess();
if (!OpenProcessToken(hCurrentProc,
TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,
&hToken))
{
printf( "OpenProcessToken Error:%d\n", GetLastError());
}
else
{
if (!RaisePrivleges(hToken, (char*)SE_DEBUG_NAME))
printf( "SetPrivlegesSE_DEBUG_NAME Error:%d\n", GetLastError());
}
if (hToken) CloseHandle(hToken);
hTcpHandle = OpenDeviceTcpUdp(L"\\Device\\TCP");
hUdpHandle = OpenDeviceTcpUdp(L"\\Device\\UDP");
PULONG pBuffer = GetHandleList();
if (pBuffer == NULL) return 0;
PSYSTEM_HANDLE_INFORMATION objTcpAddress = NULL;
PSYSTEM_HANDLE_INFORMATION objUdpAddress = NULL;
objTcpAddress = (PSYSTEM_HANDLE_INFORMATION)GetTcpUdpObject(pBuffer, hTcpHandle, GetCurrentProcessId());
PTE pteTCPCur;
if (!GetPTE(objTcpAddress->Object, hMapPhysicalMemory, hSection, pteTCPCur))
{
return 0;
}
objUdpAddress = (PSYSTEM_HANDLE_IN
大名鼎鼎的FPort的源代码,进程端口关联查询
4星 · 超过85%的资源 需积分: 16 147 浏览量
2009-04-11
23:47:10
上传
评论 2
收藏 77KB RAR 举报
liulaotou2
- 粉丝: 4
- 资源: 26
最新资源
- 王姿.html
- 51单片机学习(1)-软件keil下载
- 历届(第1-21届)希望杯数学竞赛初一试题及答案(最新整理).doc全国数学邀请赛(264页资料)
- 水滴.psd
- TokenPocket_V2.1.2_release.apk
- Apache-druid-kafka-rce.yaml
- 基于C#的ASP.NET数据库原理及应用技术课程指导平台的开发
- 基于ROS的智能车轨迹跟踪算法的仿真与设计源码运用PID跟踪算法.zip.zip
- Bug Bounty Tip - i春秋Self-XSS变废为宝的奇思妙想
- 1991-2015年全国初中化学竞赛复赛试题汇编(212页)(24年竞赛复赛真题).docx天原杯
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈