Ws2help. dll 0-day elevation and repair

Methods: miao)

Source: Eighth programming www.debugc.com

There is a way to raise the right, that is, when there is no progress, you can replace a program in the service and get a permission when the server is restarted .)

This has a limitation, that is, there are not many targets to replace, not all programs can replace. Some self-check programs and some running processes cannot be modified.

I will share a similar method:

The program calls system resources many times during execution.

However, the program compilation process does not specify a clear system resource path.

For example, when a networked program starts, it needs to load ws2help. dll in the system directory.

However, when the program is loaded, it does not know the location of the dll,
The startup sequence is to first search for the local directory and then search for the system directory,

Finally, find ws2help. dll in the system directory.
: You only need to compile a dll for the function you need and change it to ws2help. dll and put it in the program root directory for the network application,

When the administrator or another service starts the program, it will load.
I have mentioned in an article that the replacement of sogou's Automatic Upgrade Strategy for program running is similar to this!

Usage: Put the file in the program root directory of the network application. The file will be loaded when the program starts, and the wlozz password of the system administrator user is automatically created.

Modify the user password and load the file into c32. Search for the string wlozz and modify it by yourself.