-
-
[原创]win10系统 过Setting设置默认浏览器
-
2016-11-15 17:08
17746
-
[原创]win10系统 过Setting设置默认浏览器
如题,在win10系统下 与win8以及以前的系统不同了 以往的系统修改注册表就可以了 但是win10多了一些内容 导致直接修改注册表会被“Setting”给还原成IE - -
后测试了国内几大浏览器厂家 发现其中有几个可以直接跳过Setting进行设置的 于是分析之
尽量不罗嗦,大概说一下正确的分析过程吧 至于我在分析中碰到的N个坑 浪费的N多时间就不提了
1.各大浏览器均是采用创建新进程传参进行设置浏览器的,所以直接附加是不行的 要先获取设置浏览器的命令行参数,然后用OD等打开被调试软件并修改改命令行参数,使其执行设置默认浏览器操作
2.设置默认浏览器除了众所周知的注册表设置外多了一个com的设置项 而进程在调用com接口是 在“堆栈”是找不到调用来源的 所以需要给CoInitializeEx,或CoCreateInstance下断 在调用com接口前断下 进行跟踪调试
思路就这样, 具体的浏览器核心代码是介个样子第:
1.通过CoCreateInstance获取特定GUID的com接口
2.通过IUnknown.QueryInterface获取combase虚函数表
3.调用combase.ObjectStublessClient6设置默认浏览器
代码如下:
以下仅支持win10 32位哦 想要64位的 可以自己去研究
或者站内信联系我购买 我也好赚点零花钱 - -(求勿喷 求放过 研究了两周呢 赚点零花钱没啥大不了的吧)
还有 发了辣么多文章了 精华咋就 辣么男孽
记得给点感谢啥的哈
void SetDefaultBrowser(wchar_t * lpValueName)
{
// Included because they aren't defined in mingw for some reason.
#ifdef _WIN64
const GUID CLSID_ApplicationAssociationRegistration =
{ , , ,{ ,,,,,,, } };
const IID IID_ApplicationAssociationRegistration =
{ , , ,{ ,,,,,,, } };
const IID IID2_ApplicationAssociationRegistration =
{ , , ,{ ,,,,,,, } };
const IID IID3_ApplicationAssociationRegistration =
{ , , ,{ ,,,,,,, } };
#else
const GUID CLSID_ApplicationAssociationRegistration =
{ 0x591209C7, 0x767B, 0x42B2,{ 0x9f,0xba,0x44,0xee,0x46,0x15,0xf2,0xc7 } };
const IID IID_ApplicationAssociationRegistration =
{ 0x4E530B0A, 0xE611, 0x4C77,{ 0xa3,0xac,0x90,0x31,0xd0,0x22,0x28,0x1b } };
const IID IID2_ApplicationAssociationRegistration =
{ 0x229D59E2, 0xF94A, 0x402E,{ 0x9a,0x9f,0x3b,0x84,0xa1,0xac,0xed,0x77 } };
const IID IID3_ApplicationAssociationRegistration =
{ 0xC7225171, 0xB9A7, 0x4CF7,{ 0x86,0x1F,0x85,0xAB,0x7B,0xA3,0xC5,0xB2 } };
#endif
auto hRet = 0;
auto ifA = false;
auto cInit = CoInitializeEx(NULL, NULL);
auto BrowserStruct = 0;
IApplicationAssociationRegistration* pAAR = nullptr;/*ppv*/
IApplicationAssociationRegistration* pAAR2 = nullptr;/*v11*/
IApplicationAssociationRegistration* pAAR3 = nullptr;/*v10*/
IApplicationAssociationRegistration* pAAR4 = nullptr;/*v9*/
HRESULT hr = CoCreateInstance(CLSID_ApplicationAssociationRegistration,
NULL,
3,
IID_ApplicationAssociationRegistration,
(void**)&pAAR);
if (hr >= 0 && pAAR)
{
hr = pAAR->QueryInterface(IID2_ApplicationAssociationRegistration, (void**)&pAAR2);
if (!FAILED(hr)) {
//combase.ObjectStublessClient6
hr = (*(int(__stdcall **)(PVOID, PVOID))(*(DWORD *)pAAR2 + 0x18))(pAAR2, lpValueName);
if (!FAILED(hr)) {
ifA = true;
}
if (pAAR2)
pAAR2->Release();
pAAR2 = 0;
}
if (!ifA){
hr = pAAR->QueryInterface(IID3_ApplicationAssociationRegistration, (void**)&pAAR3);
if (!FAILED(hr)) {
hr = (*(int(__stdcall **)(PVOID, PVOID))(*(DWORD *)pAAR3 + 0x18))(pAAR3, lpValueName);
if (!FAILED(hr)) {
ifA = true;
}
hr = (*(int(__stdcall **)(PVOID, DWORD, PVOID, PVOID))(*(DWORD *)pAAR + 0x14))(pAAR, 1, lpValueName, &hRet);
if (pAAR3)
(*(void(__stdcall **)(PVOID))(*(DWORD *)pAAR3 + 0x08))(pAAR3);
pAAR3 = 0;
}
}
if (!ifA) {
hr = pAAR->QueryInterface(IID3_ApplicationAssociationRegistration, (void**)&pAAR4);
if (!FAILED(hr)) {
hr = (*(int(__stdcall **)(PVOID, PVOID))(*(DWORD *)pAAR4 + 0x14))(pAAR4, lpValueName);
if (!FAILED(hr)) {
ifA = true;
}
hr = (*(int(__stdcall **)(PVOID, DWORD, PVOID, PVOID))(*(DWORD *)pAAR + 0x14))(pAAR, 1, lpValueName, &hRet);
if (pAAR4)
(*(void(__stdcall **)(PVOID))(*(DWORD *)pAAR4 + 0x08))(pAAR4);
pAAR4 = 0;
}
}
//combase.#4_ObjectStublessClient5
hr = (*(int(__stdcall **)(PVOID, DWORD, PVOID, PVOID))(*(DWORD *)pAAR + 0x14))(pAAR, 1, lpValueName, &hRet);
if (pAAR)
pAAR->Release();
pAAR = 0;
}
if (cInit >= 0)
CoUninitialize();
return;
}
int main()
{
SetDefaultBrowser(L"2345Explorer");
return 0;
}
[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界