This Blog Has Been Moved !
This Blog Has been moved to http://aleemkhan.wordpress.com
It is really amazing how the .NET Framework has made the development tasks easier. The Framework Class Library is undoubtedly an extremely rich set of API’s. I wanted to dump the entire address space of any process. So, I thought of doing a small Dump Tool in the free time which I get occasionally in the evenings or on weekends. I’ll post the complete code when it’s complete.
Anyway I wrote the following C++ code to get SeDebugPrivilige for a process. SeDebugPrivilige allows any process to access memory and other information of operating system processes which you do not have access to otherwise.
BOOL CTaskManagerDlg::SetPrivilege()
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
LUID luid;
TOKEN_PRIVILEGES tpPrevious;
DWORD cbPrevious=sizeof(TOKEN_PRIVILEGES);
if(!OpenProcessToken(::GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
return FALSE;
if(!LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &luid ))
return FALSE;
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = 0;
AdjustTokenPrivileges(hToken,FALSE,&tp,
sizeof(TOKEN_PRIVILEGES),&tpPrevious,&cPrevious);
if (GetLastError() != ERROR_SUCCESS)
return FALSE;
tpPrevious.PrivilegeCount = 1;
tpPrevious.Privileges[0].Luid = luid;
tpPrevious.Privileges[0].Attributes|=(SE_PRIVILEGE_ENABLED);
AdjustTokenPrivileges(hToken,FALSE, &tpPrevious,cbPrevious,
NULL,NULL);
if (GetLastError() != ERROR_SUCCESS)
return FALSE;
CloseHandle(hToken);
return TRUE;
}
This code has been taken mostly from the MSDN Article Article ID: Q131065
To do all this from C# you just need to call a simple function J
System.Diagnostics.Process.EnterDebugMode();
Yes ! Its that easy. The Base Class Library is quite rich but you only have to find the things. However, I still could not find the equivalent of Functions from the native ToolHelp32 library defined in the Kernel32.dll. So, I have to write a complete PInvoke wrapper for that. I will post the complete code on the weekend.
Can anyone tell me where to find .NET Equivalents of ToolHelp32 Functions ?
Comments
michael kors outlet
louis vuitton bags
north face
fake oakley sunglasses
cheap oakley sunglasses
michael kors outlet online
ugg boots
coach factory outlet
louis vuitton outlet stores
abercrombie
michael kors outlet online
coach outlet online
michael kors outlet
tory burch outlet online
ed hardy outlet
ugg boots
louis vuitton purses
retro 11
p90x
toms outlet
michael kors outlet
ray ban outlet
fitflop clearance
the north face jackets
michael kors outlet online sale
canada goose sale
nike free 5.0
air max 95
michael kors outlet
canada goose coats
ugg boots
gucci outlet
uggs outlet
uggs australia
nfl jerseys
oakley outlet
jordan concords
coach outlet store online clearance
giuseppe zanotti outlet
kids lebron shoes
http://mchaabaty.com/luxurious/
http://mchaabaty.com/red-bricks/
http://mchaabaty.com/factory/
michael kors outlet
fitflops uk
louis vuitton handbags
ray ban sunglasses
nike outlet store
michael jordan shoes
nike outlet
coach outlet
ray ban sunglasses
20179.25wengdongdong
