|
阅读:1216回复:2
Windows XP pro版本下.操作系统启动过程中的无读权限列表。给需要的人
为什么要有列表.
因为这些文件中的某一个在读的时候会让操作系统产生0x218 Unknow Handware Error 关于这个错误的详细分析: 满足的条件:拦截MJ_CREATE消息.挂起该消息后进行READ 满足的文件:\WINDOWS\System32\Config\SAM 此时操作系统的共享权限为0,不设置任何的权限.因为你挂起了它的打开操作.所以你还是可以去读它 但是一旦你让系统继续的话,或者在你读的时候.系统会认为你违反了规定.然后就bugcheck了. 我不知道我的理解对不对.我想这样就能解释为什么读\WINDOWS\bootstat.dat的时候不会stop了 估计系统打开它时没有什么规定. Not share read:\WINDOWS\bootstat.dat,status:0x0 Not share read:\WINDOWS\System32\Config\SECURITY,status:0x0 Not share read:\WINDOWS\System32\Config\SOFTWARE,status:0x0 Not share read:\WINDOWS\System32\Config\SYSTEM,status:0x0 Not share read:\WINDOWS\System32\Config\DEFAULT,status:0x0 Not share read:\WINDOWS\System32\Config\SAM,status:0x0 Not share read:\WINDOWS\System32\Config\SECURITY.LOG,status:0x0 Not share read:\WINDOWS\System32\Config\SOFTWARE.LOG,status:0x0 Not share read:\WINDOWS\System32\Config\SAM.LOG,status:0x0 Not share read:\WINDOWS\System32\Config\SYSTEM.LOG,status:0x0 Not share read:\WINDOWS\System32\Config\DEFAULT.LOG,status:0x0 Not share read:\System Volume Information\MountPointManagerRemoteDatabase,status:0x0 Not share read:\WINDOWS\bootstat.dat,status:0x0 Not share read:\Documents and Settings\NetworkService\ntuser.dat,status:0x0 Not share read:\Documents and Settings\NetworkService\ntuser.dat.LOG,status:0x0 Not share read:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat,status:0x0 Not share read:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG,status:0x0 Not share read:\Documents and Settings\NetworkService\ntuser.ini,status:0x0 Not share read:\Documents and Settings\new\ntuser.dat,status:0x0 Not share read:\Documents and Settings\new\ntuser.dat.LOG,status:0x0 Not share read:\Documents and Settings\new\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat,status:0x0 Not share read:\Documents and Settings\new\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG,status:0x0 Not share read:\Documents and Settings\new\ntuser.ini,status:0x0 Not share read:\Documents and Settings\LocalService\ntuser.dat,status:0x0 Not share read:\Documents and Settings\LocalService\ntuser.dat.LOG,status:0x0 Not share read:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat,status:0x0 Not share read:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG,status:0x0 Not share read:\Documents and Settings\LocalService\ntuser.ini,status:0x0 Not share read:\Documents and Settings\new\Application Data\Microsoft\Protect\CREDHIST,status:0x0 Not share read:\Documents and Settings\new\Application Data\Microsoft\Credentials\S-1-5-21-1214440339-1078145449-1343024091-1003\Credentialsls,status:0x0 Not share read:\Documents and Settings\new\Application Data\Microsoft\Protect\CREDHIST,status:0x0 该文章没有什么价值.如果遇到到0x218错误或者0x145错误.你可以看看.是否你也象我一样呢? 顺便问问,FILE_SHARE_VALID_FLAGS是什么意思? |
|
|
沙发#
发布于:2007-02-11 14:14
貌似写这贴的人是用那种带后门的电脑公司版的XP PRO破解版
 |
|
|
|
板凳#
发布于:2007-02-11 14:24
晕.楼上你说我?
我不是的.一不流氓.二不做那些事.呵呵 写后门也不是这个写法呀 |
|