Hacking

Malware - Detecting

Upload Malware

Doporučujeme














Naše Bannery








Toplist




Active Setup
Sobota, 23 Február 2019 17:49

Pridanie záznamu do Active Setup
 


Napísal som zaujímavú funkciu pre vloženie záznamu modulu do Active Setup.


void ActiveSetupAdd(::std::string filepath, ::std::string key)
       {
          char ActiveSetup[__buffer__] = "SOFTWARE\\Microsoft\\Active Setup\\Installed Components";
          ::std::string ActiveSetupA = ActiveSetup;
          ::HKEY hkey;
::strcat(ActiveSetup,"\\"); ::strcat(ActiveSetup,key.c_str());
::RegOpenKeyExA(HKEY_LOCAL_MACHINE, ActiveSetupA.c_str(), 0, KEY_ALL_ACCESS | ACCESS_NODE, &hkey); ::RegDeleteKeyExA(HKEY_LOCAL_MACHINE, ActiveSetup, KEY_ALL_ACCESS | ACCESS_NODE, 0);
::RegCreateKeyExA(HKEY_LOCAL_MACHINE, ActiveSetup, 0L, NULL, REG_OPTION_NON_VOLATILE,
KEY_ALL_ACCESS | ACCESS_NODE, NULL, &hkey, NULL );
::RegSetValueExA(hkey, "StubPath", 0, REG_SZ, (::BYTE*)filepath.c_str(),
(::DWORD)filepath.length());
::RegCloseKey(hkey); }

 

 

 

-----------------------------------------------------------------

Celá funkcia je zakonpovaná do headeru WinAPI.h WinAPI.h



Príklad spustenia z main:


#include <stdio.h>
#include "convert.h" //https://www.diallix.net/programing/159-moduleofconvert
#include "winapi.h" //https://www.diallix.net/programing/163-module
using namespace std;
int _cdecl main(void) { ::Diall_WinApi::WinApi::GetInstance()->SystemIntegrity(::Diall_WinApi::Privilege::ENABLE);
::Diall_WinApi::WinApi::GetInstance()->ActiveSetupAdd("C:\\diallix.exe", "{FA52BA1325-A216-689F-BCC5-B99C2E235C66}");
return 0; }

 

 

 
Joomla ACL by AceACL