QQ2012DLL hijacking vulnerability can be availed 3 6 0 hints-vulnerability warning-the black bar safety net

ID MYHACK58:62201234450
Type myhack58
Reporter 佚名
Modified 2012-07-26T00:00:00


Now the domestic half of the previous people are users 3 6 0 security guards and 3 6 0 Anti-Virus, the

Often someone will ask what good method can make your own“malicious software”equipped with a 3 6 0 on the machine start

In fact, the DLL Hajack is a good method, this method does not relate to the write the registry and other operations,

As long as you find a software you can use Dll Hajack vulnerability, the own Dll released into the soft down of the installation directory, you can easily get the above are nonsense, the following is entered

DLL name: Disk. dll hijacking process: QQ.exe

This is the new Dll hijacking vulnerability, the so-called New is that this Dll does not exist, but each time the program starts and tries to load this Dll. The traditional type of Dll hijacking, as everyone familiar with the LPK, the USP10 is required to do the function for forwarding, and the new Dll does not require

Search path: C:\Program Files\Tencent\QQ\Plugin\Com. Tencent. NetDisk\Bin I of QQ installed to the C drive.

我们 将 自己 的 Dll 命名 为 Disk.dll put to the top of this path, so QQ starts it will load our Dll. My QQ version is QQ2012, QQ other version try it yourself, I didn't try

Test method: after extracting the Disk. dll into C:\Program Files\Tencent\QQ\Plugin\Com. Tencent. NetDisk\Bin directory to your installation directory, and then start the QQ on the line

So you guys know. Everyone can play for free use this DLL vulnerability disregard 3 6 0, by Tencent hand killed 3 6 0