钩子。看看这个漏洞: http://zdnet.com.com/2100-1105-964057.html win2000和xp在执行搜索的时候, 首先查找根目录而开始菜单的运行窗口里执行命令, 也是首先在系统盘的根目录里进行查找. 这个漏洞其实是已经是公开的秘密了. 既然现在作为漏洞公布出来, 我也就把网上的PasswordReminder.cpp拿来改了改加了一个加超级管理员用户和执行cmd.exe的功能. 使用方法: 把程序解压, 把压缩包里的文件 CMD.EXE (该文件具有隐藏和只读属性) 释放到目标机器的系统盘根目录, 一般都是在C:比如利用UNICODE/Decode漏洞就有写根目录的权限, -hook. Look at this loophole : http://zdnet.com.com/2100-1105-964057.html WIN2000 and xp in the implementation of the search, the first find the root directory and start the operation of the menu window Lane executing orders, as well as first in the root system disk directory for you. The flaw is in fact is already an open secret. Now as loopholes announced, I also put PasswordReminder.cpp use of the Internet changed the change added a super admin users increases and implementation cmd.exe function. Use : decompression procedures, the paper bag compression CMD. EXE (the document is hidden and read-only attribute) released into the target machine's system occurs, are usually in the C : For instance, the use of UNICODE/Decode about writing loopholes in the root directory of the authorit