View previous topic :: View next topic |
Author |
Message |
Tofu Grandmaster Cheater Reputation: 0
Joined: 25 Sep 2007 Posts: 620
|
Posted: Wed Jul 23, 2008 4:24 pm Post subject: [REL] Task manager & regedit.exe ENABLER/DISABLER |
|
|
EDIT: Removed the rather complicated tuts and instead, made them into a batch file.
I made 2 batch files, one to enable and one to disable task manager
and regedit.exe.
(no, I can't figure any reason why someone would want to disable them...)
What these do?
They modify your registry by creating (or overwriting) 2 registry keys
which control whether you are able to use task manager and registry tools.
Note: You may need to use this on all of the users on your PC,
as it edits the registry for the current user only. (HKEY_CURRENT_USER) _________________
Last edited by Tofu on Wed Sep 24, 2008 10:08 pm; edited 4 times in total |
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Wed Jul 23, 2008 5:46 pm Post subject: |
|
|
Uh.. you took the info posted in other topics and made your own lol.. kinda pointless to be honest. The question got answered anyway in the topic that you are referring to. _________________
- Retired. |
|
Back to top |
|
|
Tofu Grandmaster Cheater Reputation: 0
Joined: 25 Sep 2007 Posts: 620
|
Posted: Wed Jul 23, 2008 5:51 pm Post subject: |
|
|
Wiccaan wrote: | Uh.. you took the info posted in other topics and made your own lol.. kinda pointless to be honest. The question got answered anyway in the topic that you are referring to. |
The info in that topic was supplied by me.
So..
And this way it's more easier to find. _________________
|
|
Back to top |
|
|
oib111 I post too much Reputation: 0
Joined: 02 Apr 2007 Posts: 2947 Location: you wanna know why?
|
Posted: Wed Jul 23, 2008 5:53 pm Post subject: |
|
|
Actually it was supplied by me, you just wrote it _________________
8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
|
Back to top |
|
|
Tofu Grandmaster Cheater Reputation: 0
Joined: 25 Sep 2007 Posts: 620
|
Posted: Wed Jul 23, 2008 6:09 pm Post subject: |
|
|
@ oib11
Ok, now I'm confused, there has been so many of these topics..
Ok, you posted a code to be used in a program,
I posted a method to be done using the command prompt, and the method 1.
So they are not entirely the same.. _________________
|
|
Back to top |
|
|
oib111 I post too much Reputation: 0
Joined: 02 Apr 2007 Posts: 2947 Location: you wanna know why?
|
Posted: Wed Jul 23, 2008 6:47 pm Post subject: |
|
|
elpacco wrote: | awesome tanks!
edit: can u make one that allows regedit to run too? |
Uh...that's more of if you're computer is on a server, and your not an administrator, the admin probably disabled regedit.exe. _________________
8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
Back to top |
|
|
Tofu Grandmaster Cheater Reputation: 0
Joined: 25 Sep 2007 Posts: 620
|
Posted: Wed Jul 23, 2008 6:58 pm Post subject: |
|
|
elpacco wrote: |
edit: can u make one that allows regedit to run too? |
Here: Code: | REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f |
_________________
|
|
Back to top |
|
|
samuri25404 Grandmaster Cheater Reputation: 7
Joined: 04 May 2007 Posts: 955 Location: Why do you care?
|
Posted: Tue Jul 29, 2008 10:02 pm Post subject: |
|
|
This is honestly pretty stupid. Not gonna keep hackers out, lol. I just patched a copy of task manager to ignore that (simply change the je to jmp). Basically like a crappy-ass crackme; search for all the "RegQueryValueEx" calls, check the params for "DisableTaskMgr" and the code will be
Code: |
010054EA . 50 PUSH EAX ; /pBufSize
010054EB . 8D85 20FCFFFF LEA EAX,DWORD PTR SS:[EBP-3E0] ; |
010054F1 . 50 PUSH EAX ; |Buffer
010054F2 . 8D85 0CFCFFFF LEA EAX,DWORD PTR SS:[EBP-3F4] ; |
010054F8 . 50 PUSH EAX ; |pValueType
010054F9 . 53 PUSH EBX ; |Reserved
010054FA . 68 B81A0001 PUSH taskmgr.01001AB8 ; |ValueName = "DisableTaskMgr"
010054FF . FFB5 24FCFFFF PUSH DWORD PTR SS:[EBP-3DC] ; |hKey
01005505 . C785 10FCFFFF>MOV DWORD PTR SS:[EBP-3F0],4 ; |
0100550F . FF15 04100001 CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa>; \RegQueryValueExW
01005515 . FFB5 24FCFFFF PUSH DWORD PTR SS:[EBP-3DC] ; /hKey
0100551B . FF15 00100001 CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe>; \RegCloseKey
01005521 . 399D 20FCFFFF CMP DWORD PTR SS:[EBP-3E0],EBX
01005527 . EB 4B JE SHORT taskmgr.01005574
|
Change the "je" to a "jmp" and save the file, boom. _________________
|
|
Back to top |
|
|
Tofu Grandmaster Cheater Reputation: 0
Joined: 25 Sep 2007 Posts: 620
|
Posted: Wed Jul 30, 2008 1:42 am Post subject: |
|
|
samuri25404 wrote: | This is honestly pretty stupid. Not gonna keep hackers out, lol. I just patched a copy of task manager to ignore that (simply change the je to jmp). Basically like a crappy-ass crackme; search for all the "RegQueryValueEx" calls, check the params for "DisableTaskMgr" and the code will be
Code: |
010054EA . 50 PUSH EAX ; /pBufSize
010054EB . 8D85 20FCFFFF LEA EAX,DWORD PTR SS:[EBP-3E0] ; |
010054F1 . 50 PUSH EAX ; |Buffer
010054F2 . 8D85 0CFCFFFF LEA EAX,DWORD PTR SS:[EBP-3F4] ; |
010054F8 . 50 PUSH EAX ; |pValueType
010054F9 . 53 PUSH EBX ; |Reserved
010054FA . 68 B81A0001 PUSH taskmgr.01001AB8 ; |ValueName = "DisableTaskMgr"
010054FF . FFB5 24FCFFFF PUSH DWORD PTR SS:[EBP-3DC] ; |hKey
01005505 . C785 10FCFFFF>MOV DWORD PTR SS:[EBP-3F0],4 ; |
0100550F . FF15 04100001 CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa>; \RegQueryValueExW
01005515 . FFB5 24FCFFFF PUSH DWORD PTR SS:[EBP-3DC] ; /hKey
0100551B . FF15 00100001 CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe>; \RegCloseKey
01005521 . 399D 20FCFFFF CMP DWORD PTR SS:[EBP-3E0],EBX
01005527 . EB 4B JE SHORT taskmgr.01005574
|
Change the "je" to a "jmp" and save the file, boom. |
And how is this related to the original post?
It was never meant to "keep hackers out"
It was simply meant to enable task manager & regedit. _________________
|
|
Back to top |
|
|
samuri25404 Grandmaster Cheater Reputation: 7
Joined: 04 May 2007 Posts: 955 Location: Why do you care?
|
Posted: Wed Jul 30, 2008 11:07 am Post subject: |
|
|
tofuli wrote: | And how is this related to the original post?
It was never meant to "keep hackers out"
It was simply meant to enable/disable task manager & regedit. |
Fixed.
Usually, most thing that use such mechanisms are trying to disallow users from doing something. If a user wants to do something, and they have the abilities, they will do it, it's as simple as that. There is nothing you can do to prevent them from doing such things besides monitoring them 24/7, and just completely having no computer access at all; most of the time, neither are practical.
A lot of schools have certain protections such as these to keep students out of task manager and the registry and what not (my school only restricted task manager :D), but it's so pointless because users such as me (or other semi-knowledgeable members of this forum, and many other people in this world) will simply reverse the protection, and boom. _________________
|
|
Back to top |
|
|
|