Ò»¡¢ÐÞ¸ÄwinXP pro°²×°½çÃæ
°²×°½çÃæ----Ò²¾ÍÊÇ°²×°¸´ÖÆÍê
ϵͳÎļþ
£¬ÖØÆô½øÈëµÄ°²×°½çÃæ
£¬Õâ¸ö½çÃæÍ£ÁôµÄʱ¼ä½Ï³¤£¬ÖµµÃÒ»¸ÄÒÔ¹©ÐÀÉÍ£¬¸´ÖÆÍêwinXP proµÄ°²×°Îļþµ½Ó²ÅÌÉϺ󣬵ã»÷“i386”Ŀ¼²éÕÒ“winntbbu.dl_”£»¸´ÖƵ½Ò»¸öµØ·½£¬È»ºóÓÃwinRAR´ò¿ªwinntbbu.dl_ £¬ÍϳöÒ»¸ö
ϵͳÎļþwinntbbu.dll;(ʹÓÃEXESCOPRÐÞ¸Ä×ÊÔ´Ò²¿ÉÒÔ£¬µ«ÊÜλͼ300KBÒÔÄÚ´óСÏÞÖÆ)ËùÒÔ²»ÓÃÕâ¸ö¹¤¾ß
¡£
£¨1£©¡¢ÓÃResourceHacker´ò¿ªwinntbbu.dll£¬ÔÚ103ÖÐÕÒµ½1033£¨Ó¢Îİ棩²¢°ÑËüɾÁË£¬ÏÈÌæ»»2052£¨ÖÐÎİ棩£¬È»ºóÔÙ½¨Ò»¸ö×ÊÔ´£¬×ÊÔ´Ö¸Ïòλͼ£¬×ÊÔ´Ãû³ÆÊÇ103£¬×ÊÔ´ÓïÑÔÊÇ1033£¬Ìæ»»³É¹¦£»ÕâÑùÒ²¾Í°ÑÕâÁ½¸öλͼ¶¼·ÅÉÏÈ¥ÁË£¬Ê£Ï¾ÍÊÇ153ÁË£¬ÕâÁ½¸öλͼҲͬÉÏ·½·¨Ò»ÑùÌæ»»¾ÍÐÐÁË£
¡£¡£¡
£¨2£©¡¢ÐÞ¸ÄÍêwinntbbu.dllÎļþºó£¬¾Í¿ÉÒÔ°ÑËüÉú³Éwinntbbu.dl_ÎļþÁË£¬ÖÆ×÷·½·¨ÊÇ°ÑÐ޸ĺõÄwinntbbu.dll·ÅÔÚÅ̸ùĿ¼Ï£¨ÈçC,½øÈëwinXPµÄDOSÏ£¬¹â±êÖ¸ÏòCÅÌ£¬Í¨¹ýmakecabÃüÁ“makecab winntbbu.dll winntbbu.dl_”¼´¿ÉÔÚCÅÌÉú³ÉÒ»¸öwinntbbu.dl_ÎļþÁË£¡£¡£¡£¡
£¨3£©¡¢ÔÚÌæ»»¹ý³ÌÖУ¬¿ÉÄܳöÏÖ³ö´í£¬Ò»°ã¶¼ÊÇûÓа´²½Öè½øÐлòͼƬ²»±ê×¼Ôì³ÉµÄ£¬¶àÊÔÊÔ¼´¿É¡£ÁíÍ⣬Ð޸ĺóÎļþ¿ÉÄܱȽϴ󣬻òÓëÔ΢ÈíµÄ²»Í¬£¬µ«ÊÇ°²×°Ê±Ò»°ã¶¼²»»á³öÏÖ´íÎóµÄ¡£
£¨4£©¡¢Èç¹ûϵͳÒѾ°²×°£¬ÔÚϵͳµÄwindows\system32Ï¿ÉÒÔÕÒµ½winntbbu.dllÕâ¸öÎļþ£¬ÏµÍ³°²×°Íê³Éºó²¢Ã»ÓÐɾ³ýËü£¬¶øÊǽâѹ·ÅÔÚÁËÕâÀï¡£
¶þ¡¢ÐÞ¸ÄwinXP pro¿ª»ú»Ãæ
¿ª»ú»ÃæÒ²¾ÍÊÇ°²×°ÍêwinXP proϵͳºó£¬´ò¿ª»úÆ÷ʱ³öÏֵĹö¶¯»Ã棬Õâ¸ö»ÃæÖ÷ÒªÊÇÐÞ¸ÄNtoskrnl.ex_ Õâ¸öÎļþ£¬Í¬Ñù£¬Ò²ÊÇÔÚ“i386”ϲéÕÒ“ntoskrnl.ex_”£¬ÕÒµ½²¢¸´ÖƵ½Ò»¸öµØ·½£¬ÓÃwinRAR´ò¿ª£¬ÍϳöÀïÃæµÄÎļþntoskrnl.exe£»ÓÃResourceHacker´ò¿ª£¬Î»Í¼¾ÍÔÚÀïÃ棺1¡¢2¡¢……8¡¢9¡¢1000£»ÐÞ¸Äijһ·ù¶¼ÐУ»ÐÞ¸ÄÍê³Éºó£¬ÔÙ°Ñntoskrnl.exe¸´ÖƵ½c:ÅÌÏ£¬´ò¿ª“DOSÃüÁîģʽ”²¢Ö¸ÏòC:\£¬ÔËÐУº“makecab ntoskrnl.exe ntoskrnl.ex_” ¼´¿ÉÔÚCÅÌÉú³ÉÒ»¸öÐ޸ĺõÄntoskrnl.ex_£»³É¹¦£¡£¡
×¢Ò⣺Éú³ÉµÄÎļþ¿ÉÄܴܺ󣬵«Ò»°ã²»»á³öÎÊÌâµÄ£»Ö±½Ó°ÑÕâ¸öÎļþ·Åµ½I386ϾÍÐÐÁË¡£
Èç¹ûÒѾ°²×°ÁËwinXP proϵͳ£¬¿ÉÒÔ°ÑÐ޸ĺõÄntoskrnl.exe·Åµ½c:\windows\system32ÏÂÃ棬´úÌæÔÀ´µÄÄǸö¡£
Èý¡¢ÐÞ¸ÄwinXP proµÇ¼»Ãæ
µÇ¼½çÃæ---Ò²¾ÍÊÇ“»¶ÓʹÓÔµÄÇ°Ò»¸ö½çÃ棬Èç¹ûÉèÖÃÃÜÂëµÇ¼¾Í»á³öÏÖÕâ¸ö½çÃæ¡£Õâ¸ö½çÃæµÄÐ޸ĿÉÒÔͨ¹ýÐÞ¸Älogonui.ex_ÎļþÀ´Íê³É£»ÔÚ“i386”ÖвéÕÒËü¼´¿É£»Ê×ÏÈÓÃwinRAR´ò¿ª£¬ÍϳöÀïÃæµÄÎļþlogonui.exe£»ÓÃResourceHacker´ò¿ªlogonui.exe,Ð޸İɡ£¡£¡£ Èç¹ûϵͳÒѾ°²×°£¬logonui.exeÎļþÔò°²×°ÔÚ\windows\system32ÏÂÃ棬´Ëʱͨ¹ýÐÞ¸ÄÒ²¿ÉÒÔ´ïµ½Ô¤ÆÚµÄЧ¹ûµÄ¡£
ËÄ¡¢ÐÞ¸ÄWindows XPÆô¶¯»Ãæ
Èç¹ûÄãÏëÒªÓÃ×Ô¼ºÐ޸ĹýµÄ¿ª»ú»Ãæ¾Í²»Òª´òÉÏËÄÔ·ݵÄKB890859Õâ¸ö²¹¶¡
1¡¢Ê×ÏÈÎÒÃÇÐèÒªÒ»¸ö¹¤¾ßÈí¼þ£¬ÎÒÓõÄÊÇResHacker£¬Äã¿ÉÒÔµ½ÕâÀïÈ¥ÏÂÔØÒ»¸ö¡£µ±È»eXescopeÒ²¿ÉÒÔ£¬µ«ÊÇÎҸоõResHacker¸ü·½±ã¡£
2¡¢ÕÒµ½ntoskrnl.exeÎļþ£¬Í¨³£Î»ÓÚc:\windows\system32Ŀ¼ÖС£¸´ÖÆÁ½·Ý£¬Ò»·Ý×÷Ϊ±¸·Ý£¬Ò»·ÝÓÃÀ´±à¼¡£
3¡¢ÓÃRegHacker´ò¿ªÓÃÀ´±à¼µÄntoskrnl.exeÎļþ£¬ÕÒµ½µÚÒ»ÏBitmap\1\2052£¬È»ºóÑ¡Ôñ²Ëµ¥±£´æΪ1.bmp¡£ÓÃͬÑù·½·¨°ÑµÚ8£¨Bitmap\8\2052£©±£´æΪ8.bmp¡£
4¡¢ÓÃPhotoshop´ò¿ª1.bmpÎļþ£¬ÕâʱºòͼƬÊÇÈ«ºÚµÄ¡£½Ó×Å°´Í¼Ïñ-->ģʽ-->ÑÕÉ«±í£¬ÔØÈë16.actÎļþ£¬OK£¬ÏÖÔÚÓ¦¸Ã¿ÉÒÔ¿´µ½Í¼ÏñÁË¡£
5¡¢·Ö±ð±à¼Íê±ÏÒÔºó£¬ÔÙ°´Í¼Ïñ-->ģʽ-->ÑÕÉ«±í£¬ÔØÈëwin.pal£¬ÕâʱºòͼƬӦ¸ÃÔٴαäºÚ£¬±£´æ¡£
6¡¢ÔÚRegHackerÖÐÓñ༺õÄ1.bmpºÍ8.bmpÎļþ·Ö±ðÌæ»»ntoskrnl.exeÖеÄÏàÓ¦Îļþ¡£´ò¿ªResHacker“²Ù×÷”²Ëµ¥£¬ÕÒµ½“Ì滻λͼ”£¬ÔÚ“´ò¿ªÐÂλͼÎļþ”ÕÒµ½¸Õ²Å±à¼ºÃ±£´æµÄ1.bmpÎļþ£¬Ñ¡Ôñ“´ò¿ª”-->“Ìæ»»”£¬×îºó±£´æntoskrnl.exeÎļþ¡£
7¡¢²»Óýø
°²È«Ä£Ê½¡¢ÓÃÌ滻ϵͳÎļþ¹¤¾ß°Ñ±à¼ºÃµÄntoskrnl.exeÌæ»»*:\windows\system32\ntoskrnl.exeºÍ*:\WINDOWS\system32\dllcache\ntoskrnl.exe£¬ÖØÐÂÆô¶¯£¬´ó¹¦¸æ³É¡£
×¢£º*:\WINDOWS\system32\dllcache\Ï¿ÉÄÜûÓÐntoskrnl.exeÕâ¸öÎļþ¡¢Ã»ÓеľͲ»ÓÃÌæ»»ÁË¡£
×¢Òâ:¿ª»ú»ÃæÖ»Ö§³Ö16É«¡¢Èç¹ûÏ뻻ͼƬÕÒЩ16É«µÄͼƬÀ´×ö°É¡¢»¹ÓÐÌ滻ǰҪÏȱ¸·ÝºÃϵͳ¡¢ÒÔÃâ³ö´í
Èç¹ûÒªÐ޸ݲװÎļþ¾Í±ØÐëÐÞ¸Äi386Îļþ¼ÐÀïµÄsp2.cabÎļþ
1.ÓÃWINRAR½âѹsp2.cab¡¢ÐÞ¸ÄÀïÃæµÄntkrnlmp.exe¡¢ntkrnlpa.exe¡¢ntkrpamp.exe¡¢ntoskrnl.exe¡¢Õ⼸¸öÎļþµÄÐ޸ķ½·¨¸úÉÏÃæµÄÊÇÒ»ÑùµÄ¡¢ÐÞ¸ÄÒªÒ»Ö¡¢
2.¸ú×Űѽâѹ³öÀ´µÄËùÓÐÎļþ£¨Ò»¹²ÓÐ335¸öÎļþ¡¢°üÀ¨Ð޸ĹýµÄËĸöÎļþ£©ÓÃϵͳ×Ô´øµÄIExpress 2.0£¨Èç¹û¿´²»¶®EÎÄ¡¢ÕâÀïÓиöºº»¯¹ýµÄIExpress 2.0£©Ñ¹Ëõ»Øsp2.cab¡¢
3.°Ñ¸Õ²ÅÐ޸ĹýµÄsp2.cabÌæ»»i386Îļþ¼ÐÀïµÄsp2.cab¡¢
4.ÏÂÔØ£ºModifyPE 0.81¡¢½âѹȫ²¿Îļþ³öÀ´¡¢°Ñ¸Õ²ÅÐ޸ĹýµÄntoskrnl.exe¡¢ntkrnlmp.exeºÍModifyPE.exe·ÅÔÚͬһ¸öÎļþ¼ÐÖУ¬´ò¿ªÃüÁîÐд°¿Ú£¬½øÈëµ½°üº¬ÁËÕâÈý¸öÎļþµÄÎļþ¼Ð£¬È»ºóÔËÐУºmodifyPE.exe ntoskrnl.exe -c½Ó×ÅÔËÐÐ...makecab ntoskrnl.exe ¾¹ýÕâÑù´¦Àíºó£¬Äã¾Í»ñµÃÁËÒ»¸öѹËõ¹ýµÄntoskrnl.ex_Îļþ£¨ÕâÒ²ÊÇmakecabÕâÌõÃüÁîµÄÄ¿µÄ£©¡£½ÓÏÂÀ´ÐèÒªÄã×öµÄ¾ÍÊǸ´ÖÆntoskrnl.ex_µ½ÄãµÄi386Ŀ¼£¬²¢¸²¸ÇÒÑÓÐÎļþ¡££¨ntkrnlmp.exe¸úntoskrnl.exeͬÑù²Ù×÷Ò»´Î¾ÍÐÐÁË£©
ÒòΪÎÒÃÇʹÓÃmodifyPEÈí¼þ´¦ÀíÁËntoskrnl.exeÎļþ£¬ÕâÑù×ö»á¸ü¸Ä¸ÃÎļþµÄCRCÐÅÏ¢£¬¶øWindows XP°²×°³ÌÐòÒ²¾Í²»»áºöÂÔ¸´ÖƸÃÎļþÁË£¬Í¬Ê±°²×°³ÌÐò»áÖ±½ÓʹÓøÃÎļþ£¬¶ø²»½øÐÐÈκÎѯÎÊ¡£
È»¶ø£¬µ±Windows°²×°³ÌÐòÔËÐÐÍê±Ïºó£¬¸Ãʼþ»á±»¼Ç¼ÔÚsetuperr.logÈÕÖ¾ÎļþÖУ¬ÕâÑù¾Í¿ÉÒÔ¿´³ö¸ÃÎļþÊÇûÓо¹ý΢ÈíÊý×ÖÇ©ÃûµÄ¡£dllcacheĿ¼ºÍ¹âÅÌÉÏûÓÐ΢ÈíÔ°æµÄntoskrnl.exeÎļþ£¬²»¹ý²¢²»Óõ£ÐÄ£¬ÕâÑùϵͳ¾Í²»»á°ÑÐ޸ĹýµÄ¸ÃÎļþÌ滻Ϊ΢ÈíµÄÔʼ°æ±¾ÁË¡£