Illustrated cracked the freezing point reduction 6. 0 method-vulnerability warning-the black bar safety net

2007-10-11T00:00:00
ID MYHACK58:62200717208
Type myhack58
Reporter 佚名
Modified 2007-10-11T00:00:00

Description

A*first of all the way freezing works. Without the patience of friends can jump directly to the second part to see how to crack the freezing point reduction*6.0。)

Probably a lot of people have seen online the widely circulated“DeepFreeze freezing principle”of the post, why I would also like to reiterate its principle? Because I this person is a dry technology jobs, deep reasonable theory to the practice of major significance, do not understand the essence of things, technology can only ever stay in the follow the level; furthermore I think the quote simply is too ambiguous, and in some places also in misleading people.

Freezing and other restore software such as a Restore Wizard, three tea one-key recovery, etc is not the same, it did not capture the South Bridge chip of the I0 control, nor control the drive of the INT13 interrupt, it does not rewrite the hard drive MBR(Master Boot Record. Restore Wizard, three tea one-key recovery, etc. by rewriting the hard drive of MBR the restore software in theoperating systemis loaded before the section to achieve its reduction function, and the freezing point is the use of drive added in the form ofoperating systemkernel module to implement its reducing function, it must be attached to the original system,once into another system,it the Restore feature fails. Its load priority is very high, and after loading in the current system can not stop can not be disabled nor deleted. The following figure by the software of the method of freezing the kernel driver will be described:

! !

The freezing point is also no“use your own hard drive to replace the original drive”, and it is the hard drive the original drive is a on the lower layer of the relationship, that is all to hard disk access, first through its“filter”and then commit to the hard disk the original drive processing,so as to achieve reduction purposes,this technique is called“filter driver”. The following figure through the hard disk and partition driver files for detailed analysis to be verified:

! !

The mouse and keyboard as a character access equipment, is also the freezing point of the regulation:

!

Here you may have thought the freezing point of the crack method, that is to uninstall the freezing point of the kernel driver, but that's not enough, we still need to unravel the freezing point and the device turns out the drive of the upper and lower layer of the relationship, may be someone tried to directly remove the Deepfrz. sys file and directly or indirectly remove or disable the registry entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DeepFrz method has suffered the blue screen experience, and that is because there is no unlock the driver's sake. Below I give a freezing point reduction of 6. 0 crack method, of course, as long as the understand its principle, the method is varied.

Second, the*freezing point reduction*6.0crack methods:

Because the registry key the key to be modified, we must get into another oneoperating systemcan be achieved, in addition we also need a registry editing tool. I use the deep autumn leaves disc PE from CD to start theoperating system, and CopyToDVD(advanced Registry Editor), if everyone's computer is a dual system that is better, the direct use of the system comes with the Registry Editor(Regedit)is also available. Now to the topic:

1、 start from the disc into the system, open RegistryWorkshop it.

!

2、from the File menu select“load hive”, we want to import hard disk system registry.

!

Navigate to C:\WINDOWS\system32\config find the system and open, possibly some path is not the same, it depends on what you want to hack the system where the actual position.

!

Item names we can easily write, such as: df loading position by default without changes.

!

So under HKEY_LOCAL_MACHINE. a df:

!

3、we are in the HKEY_LOCAL_MACHINE\df item to find all contains deep words of content:

!

4, good search results come out, in order to facilitate the view, I chose to by value to the arrangement. The red line above the section is the freezing point of service entry, which is the first part of the principles of the article said the freezing point of the kernel module is from here to drive the load. The red line of the following section represents the freezing point of the drive module and the device, a keyboard, a mouse, a hard disk, a single partition of the original drive has a common function of the hardware of the drive.

!

5、we remove from the registry the red line above each item, the red line the following section we want to one by one edit the UpperFilters value, clear the value in the data DeepFrz words, it can also be a one-time export use Notepad to edit after import.

!

The UpperFilters in the Edit I only model once, the other similar to:

!

Note: remove the DeepFrz after a certain can not leave the air line, see below:

! !

6, for each of the UpperFilters values are edited after the US and then the mouse positioning to the df on the item, then from the File menu select“unload hive”, the reboot into the hard driveoperating system, you'll find that the freezing point has been dissolved.

!

Third, the*freezing point reduction*6.0crack method two:

First with the ice edge tools such as the C:\WINDOWS\system32\config\system is copied to the U disk, then in accordance with the above method for its use RegistryWorkshop editing, the editing good and then from a DOS system or other system to copy back to the hard disk overwriting the original file.

The freezing point reduction*6.0*the main file description:

Deepfrz. sys-------------the freezing point of the kernel file,in order to drive the load,this is the key file. The driver is loaded after that no way to the end. In another system delete the file after restart will cause the blue screen of death.

Df5sev. exe and Frzstate2k. exe----------these two files work together,is the freezing point of the management and settings of the program,the former to service in the form of loading, the latter by the former to boot. So you in the registry is not found Frzstate2k. exe startup items.

$persi0. sys--------------the freezing point of the set to save the files,including password,protection plate, etc.

LogonDll. dll--------------DfLogon