ÕÒ»ØÃÜÂë
 ×¢²á

QQ怬

Ö»ÐèÒ»²½£¬¿ìËÙ¿ªÊ¼

²é¿´: 1509|»Ø¸´: 2

XPϵͳDIY

ºì·Û¼ÑÈË ·¢±íÓÚ 2012-4-4 15:28:41 | ÏÔʾȫ²¿Â¥²ã |ÔĶÁģʽ À´×Ô Öйú¹ã¶«ÉîÛÚ

ÂíÉÏ×¢²á£¬½á½»¸ü¶àºÃÓÑ£¬ÏíÓøü¶à¹¦ÄÜ¡£

ÄúÐèÒª µÇ¼ ²Å¿ÉÒÔÏÂÔØ»ò²é¿´£¬Ã»ÓÐÕʺţ¿×¢²á

x
Ò»¡¢ÐÞ¸ÄwinXP pro°²×°½çÃæ δÃüÃû.jpg

°²×°½çÃæ----Ò²¾ÍÊÇ°²×°¸´ÖÆÍêϵͳÎļþ£¬ÖØÆô½øÈëµÄ°²×°½çÃ棬Õâ¸ö½çÃæÍ£ÁôµÄʱ¼ä½Ï³¤£¬ÖµµÃÒ»¸ÄÒÔ¹©ÐÀÉÍ£¬¸´ÖÆÍêwinXP proµÄ°²×°Îļþµ½Ó²ÅÌÉϺ󣬵ã»÷¡°i386¡±Ä¿Â¼²éÕÒ¡°winntbbu.dl_¡±£»¸´ÖƵ½Ò»¸öµØ·½£¬È»ºóÓÃwinRAR´ò¿ªwinntbbu.dl_ £¬ÍϳöÒ»¸öϵͳÎļþwinntbbu.dll;(ʹÓÃEXESCOPRÐÞ¸Ä×ÊÔ´Ò²¿ÉÒÔ£¬µ«ÊÜλͼ300KBÒÔÄÚ´óСÏÞÖÆ)ËùÒÔ²»ÓÃÕâ¸ö¹¤¾ß¡£

£¨1£©¡¢ÓÃResourceHacker´ò¿ªwinntbbu.dll£¬ÔÚ103ÖÐÕÒµ½1033£¨Ó¢Îİ棩²¢°ÑËüɾÁË£¬ÏÈÌæ»»2052£¨ÖÐÎİ棩£¬È»ºóÔÙ½¨Ò»¸ö×ÊÔ´£¬×ÊÔ´Ö¸Ïòλͼ£¬×ÊÔ´Ãû³ÆÊÇ103£¬×ÊÔ´ÓïÑÔÊÇ1033£¬Ìæ»»³É¹¦£»ÕâÑùÒ²¾Í°ÑÕâÁ½¸öλͼ¶¼·ÅÉÏÈ¥ÁË£¬Ê£Ï¾ÍÊÇ153ÁË£¬ÕâÁ½¸öλͼҲͬÉÏ·½·¨Ò»ÑùÌæ»»¾ÍÐÐÁË£¡£¡£¡

£¨2£©¡¢ÐÞ¸ÄÍêwinntbbu.dllÎļþºó£¬¾Í¿ÉÒÔ°ÑËüÉú³Éwinntbbu.dl_ÎļþÁË£¬ÖÆ×÷·½·¨ÊÇ°ÑÐ޸ĺõÄwinntbbu.dll·ÅÔÚÅ̸ùĿ¼Ï£¨ÈçC:),½øÈëwinXPµÄDOSÏ£¬¹â±êÖ¸ÏòCÅÌ£¬Í¨¹ýmakecabÃüÁ¡°makecab winntbbu.dll winntbbu.dl_¡±¼´¿ÉÔÚCÅÌÉú³ÉÒ»¸öwinntbbu.dl_ÎļþÁË£¡£¡£¡£¡

£¨3£©¡¢ÔÚÌæ»»¹ý³ÌÖУ¬¿ÉÄܳöÏÖ³ö´í£¬Ò»°ã¶¼ÊÇûÓа´²½Öè½øÐлòͼƬ²»±ê×¼Ôì³ÉµÄ£¬¶àÊÔÊÔ¼´¿É¡£ÁíÍ⣬Ð޸ĺóÎļþ¿ÉÄܱȽϴ󣬻òÓëԭ΢ÈíµÄ²»Í¬£¬µ«ÊÇ°²×°Ê±Ò»°ã¶¼²»»á³öÏÖ´íÎóµÄ¡£

£¨4£©¡¢Èç¹ûϵͳÒѾ­°²×°£¬ÔÚϵͳµÄwindows\system32Ï¿ÉÒÔÕÒµ½winntbbu.dllÕâ¸öÎļþ£¬ÏµÍ³°²×°Íê³Éºó²¢Ã»ÓÐɾ³ýËü£¬¶øÊǽâѹ·ÅÔÚÁËÕâÀï¡£


¶þ¡¢ÐÞ¸ÄwinXP pro¿ª»ú»­Ãæ

¿ª»ú»­ÃæÒ²¾ÍÊÇ°²×°ÍêwinXP proϵͳºó£¬´ò¿ª»úÆ÷ʱ³öÏֵĹö¶¯»­Ã棬Õâ¸ö»­ÃæÖ÷ÒªÊÇÐÞ¸ÄNtoskrnl.ex_ Õâ¸öÎļþ£¬Í¬Ñù£¬Ò²ÊÇÔÚ¡°i386¡±Ï²éÕÒ¡°ntoskrnl.ex_¡±£¬ÕÒµ½²¢¸´ÖƵ½Ò»¸öµØ·½£¬ÓÃwinRAR´ò¿ª£¬ÍϳöÀïÃæµÄÎļþntoskrnl.exe£»ÓÃResourceHacker´ò¿ª£¬Î»Í¼¾ÍÔÚÀïÃ棺1¡¢2¡¢¡­¡­8¡¢9¡¢1000£»ÐÞ¸Äijһ·ù¶¼ÐУ»ÐÞ¸ÄÍê³Éºó£¬ÔÙ°Ñntoskrnl.exe¸´ÖƵ½c:ÅÌÏ£¬´ò¿ª¡°DOSÃüÁîģʽ¡±²¢Ö¸ÏòC:\£¬ÔËÐУº¡°makecab ntoskrnl.exe ntoskrnl.ex_¡± ¼´¿ÉÔÚCÅÌÉú³ÉÒ»¸öÐ޸ĺõÄntoskrnl.ex_£»³É¹¦£¡£¡
×¢Ò⣺Éú³ÉµÄÎļþ¿ÉÄܴܺ󣬵«Ò»°ã²»»á³öÎÊÌâµÄ£»Ö±½Ó°ÑÕâ¸öÎļþ·Åµ½I386ϾÍÐÐÁË¡£
Èç¹ûÒѾ­°²×°ÁËwinXP proϵͳ£¬¿ÉÒÔ°ÑÐ޸ĺõÄntoskrnl.exe·Åµ½c:\windows\system32ÏÂÃ棬´úÌæÔ­À´µÄÄǸö¡£


Èý¡¢ÐÞ¸ÄwinXP proµÇ¼»­Ãæ

µÇ¼½çÃæ---Ò²¾ÍÊÇ¡°»¶Ó­Ê¹Óá±µÄÇ°Ò»¸ö½çÃ棬Èç¹ûÉèÖÃÃÜÂëµÇ¼¾Í»á³öÏÖÕâ¸ö½çÃæ¡£Õâ¸ö½çÃæµÄÐ޸ĿÉÒÔͨ¹ýÐÞ¸Älogonui.ex_ÎļþÀ´Íê³É£»ÔÚ¡°i386¡±ÖвéÕÒËü¼´¿É£»Ê×ÏÈÓÃwinRAR´ò¿ª£¬ÍϳöÀïÃæµÄÎļþlogonui.exe£»ÓÃResourceHacker´ò¿ªlogonui.exe,Ð޸İɡ£¡£¡£ Èç¹ûϵͳÒѾ­°²×°£¬logonui.exeÎļþÔò°²×°ÔÚ\windows\system32ÏÂÃ棬´Ëʱͨ¹ýÐÞ¸ÄÒ²¿ÉÒÔ´ïµ½Ô¤ÆÚµÄЧ¹ûµÄ¡£


ËÄ¡¢ÐÞ¸ÄWindows XPÆô¶¯»­Ãæ

Èç¹ûÄãÏëÒªÓÃ×Ô¼ºÐ޸ĹýµÄ¿ª»ú»­Ãæ¾Í²»Òª´òÉÏËÄÔ·ݵÄKB890859Õâ¸ö²¹¶¡
1¡¢Ê×ÏÈÎÒÃÇÐèÒªÒ»¸ö¹¤¾ßÈí¼þ£¬ÎÒÓõÄÊÇResHacker£¬Äã¿ÉÒÔµ½ÕâÀïÈ¥ÏÂÔØÒ»¸ö¡£µ±È»eXescopeÒ²¿ÉÒÔ£¬µ«ÊÇÎҸоõResHacker¸ü·½±ã¡£
2¡¢ÕÒµ½ntoskrnl.exeÎļþ£¬Í¨³£Î»ÓÚc:\windows\system32Ŀ¼ÖС£¸´ÖÆÁ½·Ý£¬Ò»·Ý×÷Ϊ±¸·Ý£¬Ò»·ÝÓÃÀ´±à¼­¡£
3¡¢ÓÃRegHacker´ò¿ªÓÃÀ´±à¼­µÄntoskrnl.exeÎļþ£¬ÕÒµ½µÚÒ»ÏBitmap\1\2052£¬È»ºóÑ¡Ôñ²Ëµ¥±£´æΪ1.bmp¡£ÓÃͬÑù·½·¨°ÑµÚ8£¨Bitmap\8\2052£©±£´æΪ8.bmp¡£
4¡¢ÓÃPhotoshop´ò¿ª1.bmpÎļþ£¬ÕâʱºòͼƬÊÇÈ«ºÚµÄ¡£½Ó×Å°´Í¼Ïñ-->ģʽ-->ÑÕÉ«±í£¬ÔØÈë16.actÎļþ£¬OK£¬ÏÖÔÚÓ¦¸Ã¿ÉÒÔ¿´µ½Í¼ÏñÁË¡£
5¡¢·Ö±ð±à¼­Íê±ÏÒÔºó£¬ÔÙ°´Í¼Ïñ-->ģʽ-->ÑÕÉ«±í£¬ÔØÈëwin.pal£¬ÕâʱºòͼƬӦ¸ÃÔٴαäºÚ£¬±£´æ¡£
6¡¢ÔÚRegHackerÖÐÓñ༭ºÃµÄ1.bmpºÍ8.bmpÎļþ·Ö±ðÌæ»»ntoskrnl.exeÖеÄÏàÓ¦Îļþ¡£´ò¿ªResHacker¡°²Ù×÷¡±²Ëµ¥£¬ÕÒµ½¡°Ì滻λͼ¡±£¬ÔÚ¡°´ò¿ªÐÂλͼÎļþ¡±ÕÒµ½¸Õ²Å±à¼­ºÃ±£´æµÄ1.bmpÎļþ£¬Ñ¡Ôñ¡°´ò¿ª¡±-->¡°Ìæ»»¡±£¬×îºó±£´æntoskrnl.exeÎļþ¡£
7¡¢²»Óýø°²È«Ä£Ê½¡¢ÓÃÌ滻ϵͳÎļþ¹¤¾ß°Ñ±à¼­ºÃµÄntoskrnl.exeÌæ»»*:\windows\system32\ntoskrnl.exeºÍ*:\WINDOWS\system32\dllcache\ntoskrnl.exe£¬ÖØÐÂÆô¶¯£¬´ó¹¦¸æ³É¡£
×¢£º*:\WINDOWS\system32\dllcache\Ï¿ÉÄÜûÓÐntoskrnl.exeÕâ¸öÎļþ¡¢Ã»ÓеľͲ»ÓÃÌæ»»ÁË¡£
×¢Òâ:¿ª»ú»­ÃæÖ»Ö§³Ö16É«¡¢Èç¹ûÏ뻻ͼƬÕÒЩ16É«µÄͼƬÀ´×ö°É¡¢»¹ÓÐÌ滻ǰҪÏȱ¸·ÝºÃϵͳ¡¢ÒÔÃâ³ö´í
Èç¹ûÒªÐ޸ݲװÎļþ¾Í±ØÐëÐÞ¸Äi386Îļþ¼ÐÀïµÄsp2.cabÎļþ
1.ÓÃWINRAR½âѹsp2.cab¡¢ÐÞ¸ÄÀïÃæµÄntkrnlmp.exe¡¢ntkrnlpa.exe¡¢ntkrpamp.exe¡¢ntoskrnl.exe¡¢Õ⼸¸öÎļþµÄÐ޸ķ½·¨¸úÉÏÃæµÄÊÇÒ»ÑùµÄ¡¢ÐÞ¸ÄÒªÒ»Ö¡¢
2.¸ú×Űѽâѹ³öÀ´µÄËùÓÐÎļþ£¨Ò»¹²ÓÐ335¸öÎļþ¡¢°üÀ¨Ð޸ĹýµÄËĸöÎļþ£©ÓÃϵͳ×Ô´øµÄIExpress 2.0£¨Èç¹û¿´²»¶®EÎÄ¡¢ÕâÀïÓиöºº»¯¹ýµÄIExpress 2.0£©Ñ¹Ëõ»Øsp2.cab¡¢
3.°Ñ¸Õ²ÅÐ޸ĹýµÄsp2.cabÌæ»»i386Îļþ¼ÐÀïµÄsp2.cab¡¢
4.ÏÂÔØ£ºModifyPE 0.81¡¢½âѹȫ²¿Îļþ³öÀ´¡¢°Ñ¸Õ²ÅÐ޸ĹýµÄntoskrnl.exe¡¢ntkrnlmp.exeºÍModifyPE.exe·ÅÔÚͬһ¸öÎļþ¼ÐÖУ¬´ò¿ªÃüÁîÐд°¿Ú£¬½øÈëµ½°üº¬ÁËÕâÈý¸öÎļþµÄÎļþ¼Ð£¬È»ºóÔËÐУºmodifyPE.exe ntoskrnl.exe -c½Ó×ÅÔËÐÐ...makecab ntoskrnl.exe ¾­¹ýÕâÑù´¦Àíºó£¬Äã¾Í»ñµÃÁËÒ»¸öѹËõ¹ýµÄntoskrnl.ex_Îļþ£¨ÕâÒ²ÊÇmakecabÕâÌõÃüÁîµÄÄ¿µÄ£©¡£½ÓÏÂÀ´ÐèÒªÄã×öµÄ¾ÍÊǸ´ÖÆntoskrnl.ex_µ½ÄãµÄi386Ŀ¼£¬²¢¸²¸ÇÒÑÓÐÎļþ¡££¨ntkrnlmp.exe¸úntoskrnl.exeͬÑù²Ù×÷Ò»´Î¾ÍÐÐÁË£©
ÒòΪÎÒÃÇʹÓÃmodifyPEÈí¼þ´¦ÀíÁËntoskrnl.exeÎļþ£¬ÕâÑù×ö»á¸ü¸Ä¸ÃÎļþµÄCRCÐÅÏ¢£¬¶øWindows XP°²×°³ÌÐòÒ²¾Í²»»áºöÂÔ¸´ÖƸÃÎļþÁË£¬Í¬Ê±°²×°³ÌÐò»áÖ±½ÓʹÓøÃÎļþ£¬¶ø²»½øÐÐÈκÎѯÎÊ¡£
È»¶ø£¬µ±Windows°²×°³ÌÐòÔËÐÐÍê±Ïºó£¬¸Ãʼþ»á±»¼Ç¼ÔÚsetuperr.logÈÕÖ¾ÎļþÖУ¬ÕâÑù¾Í¿ÉÒÔ¿´³ö¸ÃÎļþÊÇûÓо­¹ý΢ÈíÊý×ÖÇ©ÃûµÄ¡£dllcacheĿ¼ºÍ¹âÅÌÉÏûÓÐ΢ÈíÔ­°æµÄntoskrnl.exeÎļþ£¬²»¹ý²¢²»Óõ£ÐÄ£¬ÕâÑùϵͳ¾Í²»»á°ÑÐ޸ĹýµÄ¸ÃÎļþÌ滻Ϊ΢ÈíµÄԭʼ°æ±¾ÁË¡£
quller ·¢±íÓÚ 2012-4-5 08:52:39 | ÏÔʾȫ²¿Â¥²ã À´×Ô ÖйúÉϺ£
·¹ý¿´¿´¡¤¡¤¡¤¡¤¡¤¡¤¡¤¡¤¡¤¡¤¡¤¡¤¡¤¡¤¡¤¡¤¡¤¡¤
°®×Ïíµ ·¢±íÓÚ 2012-4-7 20:39:56 | ÏÔʾȫ²¿Â¥²ã À´×Ô Öйúºþ±±Î人
·¹ý£¬´ò½´ÓÍ£¡£¡£¡
ÄúÐèÒªµÇ¼ºó²Å¿ÉÒÔ»ØÌû µÇ¼ | ×¢²á

±¾°æ»ý·Ö¹æÔò

¿ìËٻظ´ ·µ»Ø¶¥²¿ ·µ»ØÁбí