Have you met the registry is locked and can not open the registry to manually fix it? Many people have it for this headache, I think you know that he is locked once the operating principles of:
Changes [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent
VersionPoliciesSystem] DisableRegistryTools value of 1 under
There are several methods to unlock, such as program with the API function call to delete the registry directly, make a REG file to import directly, write a script ... ... ... ...
Today I will teach you to write a program to achieve an alternative lock, is not it curious? Come with me.
Experimental Environment: windows2000
Experiment: Lock the registry (use this method to achieve Cracker ideas, direct the program to modify the program instructions to call the registry program prohibited.)
Implementation: C program
First of all we have to disassemble the idea according to Cracker WINNT regedit.exe and regedt32.exe found under the jump, how to get this information is not our purpose today, I will not detail here, and the following is a compilation I found anti-jump change of address:
1.regedit.exe
Offset Address: 0x69CA the command: 0x74 0x1A modified to: 0x90 0x90
2.regedt32.exe
Offset Address: 0x10bf2 the command: 0x74 0x52 changed to: 0x90 0x90
Now we use the program addresses these two commands to modify the offset into 0x90 0x90 (0x90 behalf nop, is to let the program do nothing, the next instruction) Let us see how the program achieved it.
# Include
# Include
bool scanreg (const char * file, long offset, int length, char * the); / * Function Description * /
main ()
(
char the [] = (0x90, 0x90);
scanreg ("C: \ WINNT \ regedit.exe", 0x69CA, 0x02, the); / * call the function to modify winnt regedit.exe under which the 0x02 is the modification length * /
scanreg ("C: \ WINNT \ ServicePackFiles \ i386 \ regedit.exe", 0x69CA, 0x02, the); / * call the function to change the patch under the regedit.exe * /
scanreg ("C: \ WINNT \ system32 \ regedt32.exe", 0x10bf2, 0x02, the); / * call the function to modify system32 under regedt32.exe backup / bin / conf / data / log / maint / svn / tmp /
scanreg ("C: \ WINNT \ ServicePackFiles \ i386 \ regedt32.exe", 0x10bf2, 0x02, the); / * call the function to change the patch under the regedt32.exe * /
)
bool scanreg (const char * file, long offset, int length, char * the)
(
FILE * fp = NULL;
bool result = false;
if ((fp = fopen (file, "rb "))!= NULL) / * Open the file for read and write operations * /
(
fseek (fp, offset, 1); / * the pointer to our definition of offset address * /
fwrite (the, length, 1, fp); / * modify the program, the instruction replaced by 0x90 * /
fclose (fp); / * Close file * /
result = true;
)
return (result);
)
Well, I have here is just a demonstration, only for 2000 system, the windows registry every system call procedures to analyze and then use the API function in the program begin GetVersionEx (LPOSVERSIONINFO lpVersionInfo) to judge the system, according to judge the system calls the corresponding modification function. That is not to kill windows through it? Above, the method of announcing to everyone do well against.
Recommended links:
Comment Puzzle And Word GamesCPU chip with independent intellectual property rights through the acceptance of Godson 2Eps3 formatFlac To Mp3Hope PS3 Mobile ConverterVacations DVD to Apple TVShop REGISTRY ToolsCentury Through to bring Austria into the blowout UMPC OQO incoming yearmp4 3gp Video converterInfomation File And Disk MANAGEMENTYoutube to DAT TodayReview Calculators And ConvertersCharles Zhang: Sohu is looking for the next opponentThree STRATEGIES to help you get started WinRARUnicom Frankly Difficult To Govern Without Legal Constraint SP Is Critical ViolationsDTAB.mkv files