我目前正试图用c++注入用户名和密码到lsass.exe中,我对c++很陌生,所以这可能是一个愚蠢的问题,但它总是给我错误'0xC0000005:在位置0xCCCCCCCC读取访问违规'。下面是我的代码:
#include <iostream>
#include <windows.h>
#include <processthreadsapi.h>
int main()
{
STARTUPINFO si;
PROCESS_INFORMATION pi;
si.dwFlags = 0x00000001;
si.wShowWindow = 0;
LPCWSTR userName = L"username"; // The username that will be injected into LSASS
LPCWSTR userDomain = L"domain"; // The Logon Domain that will be injected into LSASS
LPCWSTR userPassword = L"password"; // The User Password that will be injected into LSASS
LPCWSTR applicationName = L"path";
LPCWSTR currentDirectory = L"C:\";
bool r = CreateProcessWithLogonW(userName, userDomain, userPassword, 0x00000002, applicationName, NULL, 0x04000000, NULL, currentDirectory, &si, &pi);
std::cout << r << std::endl;
WaitForSingleObject(pi.hProcess, INFINITE);
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
}
我不确定,但在visual studio调试器的变量列表中,&pi和&si包含'0xCCCCCCCC',更具体地说:&pi的hProcess和hThread都有它
我只是从这里复制粘贴代码:https://blog.spookysec.net/DnD-LSASS-Injection/这对他们来说很有效…
感谢您的帮助
编辑:它现在运行了,我已经修改了
STARTUPINFO si;
PROCESS_INFORMATION pi;
STARTUPINFO si = {0};
PROCESS_INFORMATION pi = {0};
但是我似乎没有我应该拥有的权利…我登录了我自己的用户帐户,但甚至无法复制启动文件夹中的文件…
需要对STARTUPINFO结构进行更多初始化。特别是结构的大小。操作系统使用结构的大小来确定存在哪些成员。它就像一个结构版本。
STARTUPINFO si = {0};
si.cb = sizeof(si);