2 0 0 8 all the active Defense of ideas-vulnerability warning-the black bar safety net

ID MYHACK58:62200819279
Type myhack58
Reporter 佚名
Modified 2008-06-06T00:00:00



Hello everyone, I'm a sailor, and talked about soft kill active Defense, but this year a hot topic, mostly what modify time is too Kabbah take the initiative and restore SSDT table topics like, now to modify the time through the Kabbah take the initiative on the new version of the card bar has no effect, restore the ssdt table to ring0 level also need to write the drive compatibility is not too good but also easy to cause a blue screen.

Today I tell you about my own ideas “to replace the registry start the software restart install through active Defense” the premise is to ensure the installation service of computer on a registry start the software, it will“HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\Run”key value under the random start the software.

The following talk about the process, first check the registry RUN key values to start the software name and the installation path, if it is anti-virus skip and then look for the software processes, if there is the end, the backup startup software put your own alternative to start the software and then quit or force restart, after the restart installed services delete the backup startup software restore.

The above is my idea of the level is limited, also please friends do not laugh it.