13 Security Lab

Mysql InnoDB를 사용할 때 다음과 같은 에러를 만날 수 있다. ERROR 1286 (42000) at line 1: Unknown table engine 'innodb'. C:\APM_Setup\Server\MySQL5\my.ini 파일 수정 (APMSETUP 기준) [mysqld] 태그 부분에 아래 항목 수정 & 추가 #skip-innodb default-table-type=innodb

1. Add environment variable "PATH" : "C:\Python27", "C:\Python27\Scripts"2. cmd > pip install yara3. x64 Redistributable for VS2010설치 (https://www.microsoft.com/ko-kr/download/details.aspx?id=14632, "vcredist_x64.exe")4. cmd > yara-ctypes -h Easy to make it

>> python setup.py build err : building 'pydasm' extension error: Unable to find vcvarsall.bat' Solution : Update: Comments below point out that the instructions here may be dangerous. Consider using the Visual C++ 2008 Express edition and NOT using the original answer below. Original error message means Visual C++ 2008 is not installed For Windows installations: While running setup.py for packa..

123456789101112131415161718192021222324int Adjust_Privilege_Func(){ int v0; int v1; int v2; int v4; char v5; int v6; int v7; v0 = 0; v1 = GetCurrentProcess(0x20); if ( OpenProcessToken(v1, v2, &v7) ) { v4 = 1; if ( LookupPrivilegeValueW(0, L"SeDebugPrivilege", &v5) )// if Process has "SeDebugPrivilege" { v6 = 2; v0 = AdjustTokenPrivileges(v7, 0, &v4, 16, 0, 0);// Enable SeDebugPrivilege } CloseH..

출처 : http://blog.daum.net/aswip/8429343 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 #include #include #include // for IsUserAnAdmin() function.#pragma comment(lib, "shell32.lib") // for IsUserAnAdmin() function. BOOL GetProcessElevation(TOKEN_ELEVATION_TYPE *pElevationType, BOOL *pIsAdmin)..

System 권한여부체크 1234567891011121314151617181920212223242526272829signed int __thiscall Check_ProcessSID(void *this){ Flag = 0; hToken = 0; if ( OpenProcessToken(this, 8, &hToken) ) { v5 = 0x44; if ( CreateWellKnownSid(22, 0, &SystemSID_INFO, &v5) )// 22 : WinLocalSystemSid { v7 = 0; GetTokenInformation(hToken, 1, 0); if ( GetLastError() == 122 ) { LocalMem_Var = HeapAlloc(dword_405048); // Get loc..

Processes User mode Kernel mode NtTerminateProcess PsTerminateProcess/PspTerminateProcess NtOpenProcess PsLookupProcessByProcessId, ObOpenObjectByPointer Threads User mode Kernel mode NtTerminateThread PspTerminateThreadByPointer NtOpenThread PsLookupThreadByThreadId, ObOpenObjectByPointer NtGetContextThread PsGetContextThread NtSetContextThread PsSetContextThread Virtual memory User mode Kernel..

Process Win32 Native API OpenProcess NtOpenProcess TerminateProcess NtTerminateProcess CreateProcess NtCreateProcess(Ex)/NtCreateUserProcess, RtlCreateUserProcess GetProcessId NtQueryInformationProcess (ProcessBasicInformation) ExitProcess RtlExitUserProcess (Windows Vista and later) GetPriorityClass NtQueryInformationProcess (ProcessPriorityClass) SetPriorityClass NtSetInformationProcess (Proce..

SHFileOperation wFunc Type: UINT A value that indicates which operation to perform. One of the following values: FO_COPY Copy the files specified in the pFrom member to the location specified in the pTo member. FO_DELETE Delete the files specified in pFrom. FO_MOVE Move the files specified in pFrom to the location specified in pTo. FO_RENAME Rename the file specified in pFrom. You cannot use thi..

# SHGetFolderPath 출처 : http://msdn.microsoft.com/library/en-us/shellcc/platform/shell/reference/enums/csidl.asp CSIDL values provide a unique system-independent way to identify special folders used frequently by applications, but which may not have the same name or location on any given system. For example, the system folder may be "C:\Windows" on one system and "C:\Winnt" on another. These cons..