Description: Xfilter.dll 的安装过程实际是一个操作注册表的过程。
操作的注册表为:HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2 下的内容
建议在安装Xfilter之前首先备份这个注册表分支的内容。-Xfilter.dll the actual installation process is a process of operating the registry. Operation of the registry : HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControl Set \\ Services \\ WinSock2 content of the proposals before the first installation Xfilter the first backup of the registry branch. Platform: |
Size: 1040265 |
Author:测试 |
Hits:
Description: 关于如何突破 icesword 的注册表隐藏的一点想法.这个想法应该是可以突破现有版本的 icesword 的注册表隐藏的. 这是一个半通用的方法.但不是搜索特征传.在 coding 中,这个要比隐藏进程麻烦些. 编码如果超过 1天半 俺就会放弃. 这里给出了一个简单的包.里面包含一个驱动程序和一个注册表文件.
测试的时候请自己把 HideRegistryApp.exe 跑起来. 然后把 test.reg 导入到注册表中. icesword 可以先启动,也可以后启动. 然后在 icesword 的注册表浏览中浏览 HKEY_LOCAL_MACHINE --> SOFTWARE --> wuyanfeng 我的驱动隐藏了 wuyanfeng 下面的 wuyanfeng KEY . 你门可以随便的在什么地方 建立 不少于 2层的 wuyanfeng KEY 在我的驱动跑着的时候只能看到最上一层,其他的都被隐藏掉了. 例如你可以 建立如下 KEY HKEY_CLASSES_ROOT ---> wuyanfeng1 -->wuyanfeng 等等. 这个驱动我只在 xp sp2 的系统中测试过,其他系统没有测试-icesword on how to break the 1:00 hidden registry idea. This idea should be able to suddenly breaking the existing version of the registry icesword hidden. This is a semi-generic approach. But instead of search features Chuan. In coding, The trouble than some hidden process. encoding more than one-half if I will stop. Here is a simple package. Lane surface contains a driver and a registry document. Please test when they put HideRegistryA pp.exe run up. then test.reg into the registry. icesword ahead start can be activated. Then in the registry icesword Browsing View HKEY_LOCAL_MA 24:00 -- Platform: |
Size: 68204 |
Author:79282853 |
Hits:
Description: Recub这是一款Windows平台下的远程控制工具 使用activex启动技术 英文介绍
RECUB Features.
1 RC4 Encripted Reverce connect Shell for XP,2k,2003.
2 Bypass Firewalls by starting new instance of Internet explorer and injecting code
3 Activate throw Encrypted ICMP request
5 No listning ports
6 No Process visible,injects into Explorer.exe on startup and exiting
6 Activex startup
7 Empty All Event Logs After exiting the shell.
8 We can use Netcat also for remote shell.
9 EXE size only 5.39 KB
Install
Copy to any folder like windows of system32 and run once
Uninstall
Just delete the exe file
and this key at
HKEY_LOCAL_MACHINE\\Software\\\\Microsoft\\\\Active Setup\\\\Installed Components\\\\{H9I12RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK}
HKEY_CURRENT_USER\\Software\\\\Microsoft\\\\Active Setup\\\\Installed Components\\\\{H9I12RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK} Platform: |
Size: 107901 |
Author:张京 |
Hits:
Description: 利用这个程序: 1.可以监视在你的电脑运行的程序, 把在你的电脑运行过的程序的时间和名字记录下来 2.可以阻止你规定的禁用程序的执行, 比如不让玩游戏。 3.这个程序需要加入注册表, 在系统启动时就运行, 达到监视的目的。注册表大概都不陌生,就是这里: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run-use of this procedure : 1. You can monitor the computer running program, on your computer one of the procedures of the time and record the names of two. You can stop the implementation of the banned procedures, such as not playing games. 3. This procedure needs to join the registry, the system started running on to achieve the purpose of surveillance. The registry probably not unfamiliar, is here : HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run Platform: |
Size: 758877 |
Author:毕胜 |
Hits:
Description: 利用这个程序: 1.可以监视在你的电脑运行的程序, 把在你的电脑运行过的程序的时间和名字记录下来 2.可以阻止你规定的禁用程序的执行, 比如不让玩游戏。 3.这个程序需要加入注册表, 在系统启动时就运行, 达到监视的目的。注册表大概都不陌生,就是这里: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run-use of this procedure : 1. You can monitor the computer running program, on your computer one of the procedures of the time and record the names of two. You can stop the implementation of the banned procedures, such as not playing games. 3. This procedure needs to join the registry, the system started running on to achieve the purpose of surveillance. The registry probably not unfamiliar, is here : HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run Platform: |
Size: 436488 |
Author:毕胜 |
Hits:
Description: CHKLM类允许你在注册表的HKEY_LOCAL_MACHINE注册键中做写操作(10KB)-CHKLM allows you to type in the registry HKEY_LOCAL_MACHINE registration keys do write (10KB) Platform: |
Size: 9559 |
Author:阿强 |
Hits:
Description: 软件限时使用与注册功能的实现
众所周知,一些共享软件往往提供给使用者的是一个功能不受限制的限时使用版,在试用期内使用者可以无限制的使用软件的全部功能(只是可能会出现提示使用者注册的窗口),试用期一过部分(或全部)功能失效,要想继续使用只能向作者索取注册码(或注册文件)完成对软件的合法注册,注册后的软件将解除一切使用限制。如果您也开发出一个有价值的作品,是否也希望为自己的软件增加一个这样的功能呢?这里笔者就提供一个实现软件限时的完整代码。
软件启动后会首先运行本代码并从注册表HKEY_LOCAL_MACHINE\Software\MyProgram子键下的三个键值MyProgram1-3中读取键值数据。其中MyProgram2的值是软件首次运行日期,MyProgram3的值是软件当前运行时的日期,MyProgram1的值是软件的使用标志:如果软件在试用期内则其值为字符串sign1;如果软件试用期满则其值为字符串sign2,如果软件已经注册则其值为字符串sign3。全局变量ZHUCE依据读取的MyProgram1键值而赋值:ZHUCE=-1说明试用期满,ZHUCE=-2说明软件已注册,ZHUCE=其它值为剩余天数,您的主程序代码要依据此全局变量ZHUCE的值设计相应的交互响应。
为方便您将代码嵌入现存的程序代码中,本示例将全部代码写入一个模块.bas中(模块名随意,也可添加到已有模块中)。注意,代码中的Private Sub Main()过程为整个程序的启动入口,您需要在“工程属性”对话框中将“启动对象”设置为“Sub Main()”。
'通用模块
Global ZHUCE As Integer
'说明:全局变量ZHUCE=-1试用期满,ZHUCE=-2已注册,ZHUCE=其它值为剩余天数
Declare Function RegOpenKeyEx Lib "advapi32" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, ByRef phkResult As Long) As Long
Declare Function RegQueryValueEx Lib "advapi32" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, ByRef lpType As Long, ByVal lpData As String, ByRef lpcbData As Long) As Long
Declare Function RegCloseKey Lib "advapi32" (ByVal hKey As Long) As Long
Private Sub Main()'程序总入口
Dim a As Long, rc(3) As Long, hKey As Long, KeyValType As Long, KeyValSize(3) As Long
Dim c As String, h As String, tmpVal(3) As String
Dim datetime As Integer
datetime = 30'试用期天数
ZHUCE = -1
On Error GoTo cuowu
'以下从注册表HKEY_LOCAL_MACHINE\Software\MyProgram的三个值中取出相关数据字串tmpVal(3)
a = RegOpenKeyEx(&H80000002, "Software\MyProgram", 0, 131135, hKey) ' 打开注册表关键字
For a = 1 To 3: tmpVal(a) = String$(1024, 0): KeyValSize(a) = 1024: Next
rc(1) = RegQueryValueEx(hKey, "MyProgram3", 0, KeyValType, tmpVal(1), KeyValSize(1))
rc(2) = RegQueryValueEx(hKey, "MyProgram2", 0, KeyValType, tmpVal(2), KeyValSize(2))
rc(3) = RegQueryValueEx(hKey, "MyProgram1", 0, KeyValType, tmpVal(3), KeyValSize(3))
For a = 1 To 3
If (Asc(Mid(tmpVal(a), KeyValSize(a), 1)) = 0) Then
tmpVal(a) = Left(tmpVal(a), KeyValSize(a) - 1)
Else
tmpVal(a) = Left(tmpVal(a), KeyValSize(a))
End If
Next
a = RegCloseKey(hKey) '关闭注册表
'使用期限判断
If tmpVal(3) = "sign3" Then ZHUCE = -2: Exit Sub '查找到已注册标志sign3
If Len(tmpVal(1)) = 1023 And Len(tmpVal(2)) = 1023 And Len(tmpVal(3)) = 1023 Then
'首次使用,将当前日期分别写入tmpVal(1)和tmpVal(2)中,在tmpVal(3)中写入准许运行标志sign1
CreateObject("WScript.Shell").regWrite "HKEY_LOCAL_MACHINE\Software\MyProgram\MyProgram3", Date$, "REG_SZ"
CreateObject("WScript.Shell").regWrite "HKEY_LOCAL_MACHINE\Software\MyProgram\MyProgram2", Date$, "REG_SZ"
CreateObject("WScript.Shell").regWrite "HKEY_LOCAL_MACHINE\Software\MyProgram\MyProgram1", "sign1", "REG_SZ"
ZHUCE = datetime
MsgBox "试用期剩余" & Trim(datetime) & "天"
Else
If tmpVal(3) = "sign2" Then '查找到永久中止标志sign2中止使用
ZHUCE = -1
Exit Sub
MsgBox "试用期已满,请您注册!"
End If
If Date datetime Then '使用期超过datetime天中止使用
'写入tmpVal(3)中止使用字串sign2
CreateObject("WScript.Shell").regWrite "HKEY_LOCAL_MACHINE\Software\MyProgram\MyProgram1", "sign2", "REG_SZ"
ZHUCE = -1
MsgBox "试用期已满,请您注册!"
Else
'写入当前日期于tmpVal(2)中
CreateObject("WScript.Shell").regWrite "HKEY_LOCAL_MACHINE\Software\MyProgram\MyProgram2", Date$, "REG_SZ"
ZHUCE = datetime - (DateValue(Date) - DateValue(tmpVal(1)))
MsgBox "试用期剩余" & Trim(datetime) & "天"
End If
End If
End If
cuowu:
End Sub
从安全保密角度出发,当您应用上述代码时紫色部分应该根据您个人的保密设想进行必要的修改(当然您也可以不修改而直接应用):①示例中的代码把软件的注册与运行信息保存在HKEY_LOCAL_MACHINE\Software\MyProgram子键下的MyProgram1-3三个键值内,请根据您个人的保密原则修改为您所需要的子键名,以隐蔽为原则!②MyProgram1键值中的数据(字符串sign1或sign2或sign3分别对应着试用/期满/注册)应根据您个人的保密设想修改成需要的字符串,也以隐蔽为原则!
主程序中当用户输入正确的注册码(注册码当然是您随意愿而设)后,请执行语句:
CreateObject("WScript.Shell").regWrite "HKEY_LOCAL_MACHINE\Software\MyProgram\MyProgram1", "sign2", "REG_SZ"
完成软件注册。(该行代码中的Software\MyProgram\MyProgram1和sign2请与上述代码保持一致!) Platform: |
Size: 18051 |
Author:dianfeng |
Hits:
Description: RECUB Features. 1 RC4 Encripted Reverce connect Shell for XP,2k,2003. 2 Bypass Firewalls by starting new instance of Internet explorer and injecting code 3 Activate throw Encrypted ICMP request 5 No listning ports 6 No Process visible,injects into Explorer.exe on startup and exiting 6 Activex startup 7 Empty All Event Logs After exiting the shell. 8 We can use Netcat also for remote shell. 9 EXE size only 5.39 KB Install Copy to any folder like windows of system32 and run once Uninstall Just delete the exe file and this key at HKEY_LOCAL_MACHINE\Software\\Microsoft\\Active Setup\\Installed Components\\{H9I12RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK} HKEY_CURRENT_USER\Software\\Microsoft\\Active Setup\\Installed Components\\{H9I12RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK} By Hirosh www.hirosh.net www.eos-india.net Bugs mail me - hir_osh@yahoo.com Thanks for starch at http://mir-os.sourceforge.net/recub.htm For the idea,I started this by porting his version in linux to win32,after some time i stoped porting bc i prefer a small EXE heheh..,and thanks to NC source too.. // Platform: |
Size: 149787 |
Author:hd28585 |
Hits:
Description: 利用这个程序: 1.可以监视在你的电脑运行的程序, 把在你的电脑运行过的程序的时间和名字记录下来 2.可以阻止你规定的禁用程序的执行, 比如不让玩游戏。 3.这个程序需要加入注册表, 在系统启动时就运行, 达到监视的目的。注册表大概都不陌生,就是这里: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-use of this procedure : 1. You can monitor the computer running program, on your computer one of the procedures of the time and record the names of two. You can stop the implementation of the banned procedures, such as not playing games. 3. This procedure needs to join the registry, the system started running on to achieve the purpose of surveillance. The registry probably not unfamiliar, is here : HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run Platform: |
Size: 758784 |
Author:毕胜 |
Hits:
Description: 利用这个程序: 1.可以监视在你的电脑运行的程序, 把在你的电脑运行过的程序的时间和名字记录下来 2.可以阻止你规定的禁用程序的执行, 比如不让玩游戏。 3.这个程序需要加入注册表, 在系统启动时就运行, 达到监视的目的。注册表大概都不陌生,就是这里: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-use of this procedure : 1. You can monitor the computer running program, on your computer one of the procedures of the time and record the names of two. You can stop the implementation of the banned procedures, such as not playing games. 3. This procedure needs to join the registry, the system started running on to achieve the purpose of surveillance. The registry probably not unfamiliar, is here : HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run Platform: |
Size: 436224 |
Author:毕胜 |
Hits:
Description: CHKLM类允许你在注册表的HKEY_LOCAL_MACHINE注册键中做写操作(10KB)-CHKLM allows you to type in the registry HKEY_LOCAL_MACHINE registration keys do write (10KB) Platform: |
Size: 9216 |
Author:阿强 |
Hits:
Search - HKEY_LOCAL_MACHINE