Published some of Ring3 at the end of the process of skill-vulnerability warning-the black bar safety net

2008-07-23T00:00:00
ID MYHACK58:62200819775
Type myhack58
Reporter 佚名
Modified 2008-07-23T00:00:00

Description

In response to the XHR call, in 2 0 0 8 年 5 月 5, re-finishing, and some new skills. 2 0 0 8 years 7 months 1 3 to increase a skill. All of OpenProcess/ZwOpenProcess/OpenThread/ZwOpenThread can replace the ZwQuerySystemInformation->ZwOpenProcess->ZwDuplicateObject it. Specific is why your own research.

> (Zw)OpenProcess(PID+0/1/2/3)->(Zw)TerminateProcess > > (Zw)OpenProcess->CreateRemoteThread(ZwCreateThread)->ExitProcess(ZwTerminateProcess) > > (Zw)OpenProcess->VirtualProtect(ZwProtectVirtualMemory)->WriteProcessMemory(ZwWriteVirtualMemory) > > Thread32First/Thread32Next(ZwQuerySystemInformation)->(Zw)OpenThread->(Zw)TerminateThread > > DebugActiveProcess > > (Zw)OpenProcess->DbgUiDebugActiveProcess > > (Zw)OpenProcess->(Zw)AssignProcessToJobObject->(Zw)TerminateJobObject > > (Zw)OpenProcess->ZwUnmapViewOfSection > > (Zw)OpenProcess->(Zw)SetContextThread > > (Zw)OpenProcess->QueueUserAPC(ZwQueueApcThread) > > / The Window The Default Settings / > > PostMessage(SendMessage) with WM_CLOSE/it wm_quit/NC_DESTORY > > SetParent->DestoryWindow > > EndTask // Will make a direct call to the Win32 subsystem > > PostMessage(SendMessage) 0x19 // by MJ0011, for MFC Application > > for (int i=0; i<6 5 5 3 6; i++) { PostMessage(HWND, i, 0, 0); // Message Flood } > > SetWindowLong(HWND, GWL_WNDPROC, (WNDPROC)YourDeadLock_Or_Crash_Function);

To be continued on.