上一篇
下一篇
暂停Windows文件保护
作者:JiaJia 日期:2007-10-21
#include <stdio.h>
#include <windows.h>
typedef DWORD(__stdcall *CPP) (DWORD param1, PWCHAR param2, DWORD param3);
void Disable_WFP()
{
HINSTANCE hmod=LoadLibrary("sfc_os.dll");
CPP SetSfcFileException;
// the function is stored at the fifth ordinal in sfc_os.dll
SetSfcFileException= (CPP)GetProcAddress(hmod,(LPCSTR)5);
SetSfcFileException(0, L"c:\\windows\\system32\\calc.exe",-1);
//Now we can modify the system file in a complete stealth.
}
void main()
{
Disable_WFP();
}
运行后,删除 C:\WINDOWS\SYSTEM32\CALC.EXE文件,不会自动恢复
Windows2K3 CN SP1 VC6 测试通过
好像说重启后会恢复,这个未测试,所以叫暂停
#include <windows.h>
typedef DWORD(__stdcall *CPP) (DWORD param1, PWCHAR param2, DWORD param3);
void Disable_WFP()
{
HINSTANCE hmod=LoadLibrary("sfc_os.dll");
CPP SetSfcFileException;
// the function is stored at the fifth ordinal in sfc_os.dll
SetSfcFileException= (CPP)GetProcAddress(hmod,(LPCSTR)5);
SetSfcFileException(0, L"c:\\windows\\system32\\calc.exe",-1);
//Now we can modify the system file in a complete stealth.
}
void main()
{
Disable_WFP();
}
运行后,删除 C:\WINDOWS\SYSTEM32\CALC.EXE文件,不会自动恢复
Windows2K3 CN SP1 VC6 测试通过
好像说重启后会恢复,这个未测试,所以叫暂停
文章来自: 
引用通告: 
Tags: 评论: 0 | 引用: 0 | 查看次数: -
发表评论