Have you met the registry is locked and can not open the registry to manually fix it? Many people have it for this headache, I think you know that he is locked once the operating principles of:
Changes [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent
VersionPoliciesSystem] DisableRegistryTools value of 1 under
There are several methods to unlock, such as program with the API function call to delete the registry directly, make a REG file to import directly, write a script ... ... ... ...
Today I will teach you to write a program to achieve an alternative lock, is not it curious? Come with me.
Experimental Environment: windows2000
Experiment: Lock the registry (use this method to achieve Cracker ideas, direct the program to modify the program instructions to call the registry program prohibited.)
Implementation: C program
First of all we have to disassemble the idea according to Cracker WINNT regedit.exe and regedt32.exe found under the jump, how to get this information is not our purpose today, I will not detail here, and the following is a compilation I found anti-jump change of address:
1.regedit.exe
Offset Address: 0x69CA the command: 0x74 0x1A modified to: 0x90 0x90
2.regedt32.exe
Offset Address: 0x10bf2 the command: 0x74 0x52 changed to: 0x90 0x90
Now we use the program addresses these two commands to modify the offset into 0x90 0x90 (0x90 behalf nop, is to let the program do nothing, the next instruction) Let us see how the program achieved it.
# Include
# Include
bool scanreg (const char * file, long offset, int length, char * the); / * Function Description * /
main ()
(
char the [] = (0x90, 0x90);
scanreg ("C: \ WINNT \ regedit.exe", 0x69CA, 0x02, the); / * call the function to modify winnt regedit.exe under which the 0x02 is the modification length * /
scanreg ("C: \ WINNT \ ServicePackFiles \ i386 \ regedit.exe", 0x69CA, 0x02, the); / * call the function to change the patch under the regedit.exe * /
scanreg ("C: \ WINNT \ system32 \ regedt32.exe", 0x10bf2, 0x02, the); / * call the function to modify system32 under regedt32.exe backup / bin / conf / data / log / maint / svn / tmp /
scanreg ("C: \ WINNT \ ServicePackFiles \ i386 \ regedt32.exe", 0x10bf2, 0x02, the); / * call the function to change the patch under the regedt32.exe * /
)
bool scanreg (const char * file, long offset, int length, char * the)
(
FILE * fp = NULL;
bool result = false;
if ((fp = fopen (file, "rb "))!= NULL) / * Open the file for read and write operations * /
(
fseek (fp, offset, 1); / * the pointer to our definition of offset address * /
fwrite (the, length, 1, fp); / * modify the program, the instruction replaced by 0x90 * /
fclose (fp); / * Close file * /
result = true;
)
return (result);
)
Well, I have here is just a demonstration, only for 2000 system, the windows registry every system call procedures to analyze and then use the API function in the program begin GetVersionEx (LPOSVERSIONINFO lpVersionInfo) to judge the system, according to judge the system calls the corresponding modification function. That is not to kill windows through it? Above, the method of announcing to everyone do well against.
Recommended links:
Incesoft AnySMS
Rising 2008, accused of dangerous: not considered extreme?
Ipod Touch Video Format
AOC and NEC's high-end chess game
Lohan DVD to Mobile
for you Animation Tools
With "color" to discuss and BEAUTY attack "light"
Expert Astrology Or Biorhythms Or Mystic
Programming for the constrained ENVIRONMENT
PPT2Flash Converter 2007
evaluation Covert SURVEILLANCE
converting mp4 to avi
Career Planning: Attitude Is everything
Good Screen Savers
Workplace "low runners" to regain "pay up"
Swf to flv
Mp4 To Avi
