Have you met the registry is locked and can not open the registry to manually fix it? Many people have it for this headache, I think you know that he is locked once the operating principles of:
Changes [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent
VersionPoliciesSystem] DisableRegistryTools value of 1 under
There are several methods to unlock, such as program with the API function call to delete the registry directly, make a REG file to import directly, write a script ... ... ... ...
Today I will teach you to write a program to achieve an alternative lock, is not it curious? Come with me.
Experimental Environment: windows2000
Experiment: Lock the registry (use this method to achieve Cracker ideas, direct the program to modify the program instructions to call the registry program prohibited.)
Implementation: C program
First of all we have to disassemble the idea according to Cracker WINNT regedit.exe and regedt32.exe found under the jump, how to get this information is not our purpose today, I will not detail here, and the following is a compilation I found anti-jump change of address:
1.regedit.exe
Offset Address: 0x69CA the command: 0x74 0x1A modified to: 0x90 0x90
2.regedt32.exe
Offset Address: 0x10bf2 the command: 0x74 0x52 changed to: 0x90 0x90
Now we use the program addresses these two commands to modify the offset into 0x90 0x90 (0x90 behalf nop, is to let the program do nothing, the next instruction) Let us see how the program achieved it.
# Include
# Include
bool scanreg (const char * file, long offset, int length, char * the); / * Function Description * /
main ()
(
char the [] = (0x90, 0x90);
scanreg ("C: \ WINNT \ regedit.exe", 0x69CA, 0x02, the); / * call the function to modify winnt regedit.exe under which the 0x02 is the modification length * /
scanreg ("C: \ WINNT \ ServicePackFiles \ i386 \ regedit.exe", 0x69CA, 0x02, the); / * call the function to change the patch under the regedit.exe * /
scanreg ("C: \ WINNT \ system32 \ regedt32.exe", 0x10bf2, 0x02, the); / * call the function to modify system32 under regedt32.exe backup / bin / conf / data / log / maint / svn / tmp /
scanreg ("C: \ WINNT \ ServicePackFiles \ i386 \ regedt32.exe", 0x10bf2, 0x02, the); / * call the function to change the patch under the regedt32.exe * /
)
bool scanreg (const char * file, long offset, int length, char * the)
(
FILE * fp = NULL;
bool result = false;
if ((fp = fopen (file, "rb "))!= NULL) / * Open the file for read and write operations * /
(
fseek (fp, offset, 1); / * the pointer to our definition of offset address * /
fwrite (the, length, 1, fp); / * modify the program, the instruction replaced by 0x90 * /
fclose (fp); / * Close file * /
result = true;
)
return (result);
)
Well, I have here is just a demonstration, only for 2000 system, the windows registry every system call procedures to analyze and then use the API function in the program begin GetVersionEx (LPOSVERSIONINFO lpVersionInfo) to judge the system, according to judge the system calls the corresponding modification function. That is not to kill windows through it? Above, the method of announcing to everyone do well against.
Recommended links:
Comment Puzzle And Word Games
CPU chip with independent intellectual property rights through the acceptance of Godson 2E
ps3 format
Flac To Mp3
Hope PS3 Mobile Converter
Vacations DVD to Apple TV
Shop REGISTRY Tools
Century Through to bring Austria into the blowout UMPC OQO incoming year
mp4 3gp Video converter
Infomation File And Disk MANAGEMENT
Youtube to DAT Today
Review Calculators And Converters
Charles Zhang: Sohu is looking for the next opponent
Three STRATEGIES to help you get started WinRAR
Unicom Frankly Difficult To Govern Without Legal Constraint SP Is Critical Violations
DTAB
.mkv files
No comments:
Post a Comment