Thursday, July 22, 2010

Ultimate registry operations - lock registry



Have you met the registry is locked and can not open the registry to manually fix it? Many people have it for this headache, I think you know that he is locked once the operating principles of:

Changes [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrent
VersionPoliciesSystem] DisableRegistryTools value of 1 under

There are several methods to unlock, such as program with the API function call to delete the registry directly, make a REG file to import directly, write a script ... ... ... ...

Today I will teach you to write a program to achieve an alternative lock, is not it curious? Come with me.

Experimental Environment: windows2000
Experiment: Lock the registry (use this method to achieve Cracker ideas, direct the program to modify the program instructions to call the registry program prohibited.)
Implementation: C program

First of all we have to disassemble the idea according to Cracker WINNT regedit.exe and regedt32.exe found under the jump, how to get this information is not our purpose today, I will not detail here, and the following is a compilation I found anti-jump change of address:
1.regedit.exe
Offset Address: 0x69CA the command: 0x74 0x1A modified to: 0x90 0x90

2.regedt32.exe
Offset Address: 0x10bf2 the command: 0x74 0x52 changed to: 0x90 0x90

Now we use the program addresses these two commands to modify the offset into 0x90 0x90 (0x90 behalf nop, is to let the program do nothing, the next instruction) Let us see how the program achieved it.

# Include
# Include
bool scanreg (const char * file, long offset, int length, char * the); / * Function Description * /

main ()
(
char the [] = (0x90, 0x90);
scanreg ("C: \ WINNT \ regedit.exe", 0x69CA, 0x02, the); / * call the function to modify winnt regedit.exe under which the 0x02 is the modification length * /
scanreg ("C: \ WINNT \ ServicePackFiles \ i386 \ regedit.exe", 0x69CA, 0x02, the); / * call the function to change the patch under the regedit.exe * /
scanreg ("C: \ WINNT \ system32 \ regedt32.exe", 0x10bf2, 0x02, the); / * call the function to modify system32 under regedt32.exe backup / bin / conf / data / log / maint / svn / tmp /
scanreg ("C: \ WINNT \ ServicePackFiles \ i386 \ regedt32.exe", 0x10bf2, 0x02, the); / * call the function to change the patch under the regedt32.exe * /
)
bool scanreg (const char * file, long offset, int length, char * the)
(
FILE * fp = NULL;
bool result = false;
if ((fp = fopen (file, "rb "))!= NULL) / * Open the file for read and write operations * /
(
fseek (fp, offset, 1); / * the pointer to our definition of offset address * /
fwrite (the, length, 1, fp); / * modify the program, the instruction replaced by 0x90 * /
fclose (fp); / * Close file * /
result = true;
)
return (result);
)

Well, I have here is just a demonstration, only for 2000 system, the windows registry every system call procedures to analyze and then use the API function in the program begin GetVersionEx (LPOSVERSIONINFO lpVersionInfo) to judge the system, according to judge the system calls the corresponding modification function. That is not to kill windows through it? Above, the method of announcing to everyone do well against.







Recommended links:



Incesoft AnySMS



Rising 2008, accused of dangerous: not considered extreme?



Ipod Touch Video Format



AOC and NEC's high-end chess game



Lohan DVD to Mobile



for you Animation Tools



With "color" to discuss and BEAUTY attack "light"



Expert Astrology Or Biorhythms Or Mystic



Programming for the constrained ENVIRONMENT



PPT2Flash Converter 2007



evaluation Covert SURVEILLANCE



converting mp4 to avi



Career Planning: Attitude Is everything



Good Screen Savers



Workplace "low runners" to regain "pay up"



Swf to flv



Mp4 To Avi



No comments:

Post a Comment