如果您需要更多信息,请告诉我.谢谢. 解决方案 这个问题有 3 个部分:以管理员身份运行写入受保护的内存写入 lsass.exe 所需的权限要强制程序以管理员身份运行,您只需添加一个清单文件,您可以这样做:如果要写入没有写入权限的内存页面,则需要使用 VirtualProtectEx 我在这样的包装器中使用它:PatchEx(HANDLE hProcess, char* dst, char* src, int size){DWORD oldprotect;VirtualProtectEx(hProcess, dst, size, PAGE_EXECUTE_READWRITE, &oldprotect);WriteProcessMemory(hProcess, dst, src, size, NULL);VirtualProtectEx(hProcess, dst, size, oldprotect, &oldprotect);}作为 Windows 安全的一部分,您不能像 lsass.exe 那样编辑以 SYSTEM 身份运行的进程的内存.为了编辑 lsass.exe,您至少需要通过获取 SYSTEM 令牌以 SYSTEM 身份运行.但由于 Windows 8.1 lsass.exe 是受保护的进程轻 (PPL) 进程,因此不再那么容易.您可以在 Alex Ionescu 的博客上阅读更多相关信息您很可能需要处于内核模式才能使用 LSASS.I’m trying to make a memory editor that requires me to elevate permissions of my program. I’ve looked all around the wide web, and haven’t found a single result on what I need. I need: code that can elevate my program so it can edit/have access to the memory of a Windows-protected process (such as lsass.exe or svchost.exe). I know that I do in fact need to escalate my permissions as after attempting to WriteProcessMemory() and use GetLastError(), I get error code 998 (ERROR_NO_ACCESS).Please let me know if you need any more information.Thank you. 解决方案 There are 3 parts to this question:Running as adminWriting to protected memoryPrivileges required for writing to lsass.exeTo force a program to run as administrator you just need to add a manifest file which you can do like so:If you want to write to a memory page which does not have write permissions you need to use VirtualProtectEx I use it in a wrapper like this:PatchEx(HANDLE hProcess, char* dst, char* src, int size){ DWORD oldprotect; VirtualProtectEx(hProcess, dst, size, PAGE_EXECUTE_READWRITE, &oldprotect); WriteProcessMemory(hProcess, dst, src, size, NULL); VirtualProtectEx(hProcess, dst, size, oldprotect, &oldprotect);}As part of Windows security, you cannot edit memory of processes running as SYSTEM which lsass.exe does.In order to edit lsass.exe you will need to at a bare minimum also be running as SYSTEM by grabbing a SYSTEM token. But since Windows 8.1 lsass.exe is a Protected Process Light (PPL) process, therefore it is no longer that easy.You can read more about it on Alex Ionescu's BlogYou will most likely need to be in kernel mode to mess with LSASS. 这篇关于如何提升权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云!
06-08 07:06