揭秘国内IDC商家那点小把戏
现在国内大多数的IDC服务提供商多不胜数,参差不齐,现在不讨论其安全问题。你在买服务器的同时是否检测过商家给你的机器配置是否真的是真是的呢?真的是Q9300 4G吗?真的是Q9300 8G吗?真的是i5,i7的吗?Linux就不说了
下面就由Flyfish简单给大家说下IDC商家在Windows2003下作假的手段!
用到的文件和工具:
1.Reshacker-资源查看编辑工具,也可以使用EXeScope或其他同类工具;
2.sysdm.cpl-系统设置模块文件,在你的C盘"C:\windows\system"目录下(主意:此文件要和你修改的系统一样,不能把Win7的放到03下,会出错);
3.记事本;
好了,开工:
打开Reshacker,将sysdm.cpl拖进去,点到对话框,101下面,看到了吗?
将它修改为你想在你电脑右键属性里显示的任何值!改完之后保存,将其复制并替换以下两个文件
"c:\windows\system32\dllcache\sysdm.cpl" "c:\windows\system32\sysdm.cpl"
注意大部分系统都开了文件还原,替换后会自动还原,你可以手动关闭,也可以用系统文件替换工具操作!
这样是不是就完了呢?打开你的设备管理器里边看一下,CPU信息还没有变,下面来改CPU:
改CPU就需要操作注册表了,因为它的信息都是保存在注册表里的,要修改的地方有16处,以下位置需要你手动添加权限,不然是看不到的,主要修改的地方如下:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_0\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_1\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_2\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_3\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_0\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_1\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_2\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_3\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_0\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_1\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_2\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_3\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ" HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ"
应该能看懂把!改完之后看看设备管理器那里是不是变了,但是还没有完,只要你一重启由都还原了!是不是可以做个批处理添加到开机启动项里呢?(目前只想到这个办法)
下面我给出一个我写的批处理(开机自动修改,与手动修改效果是一样的!)
@ECHO OFF
::停止并删除windows文件的保护功能
NET stop cryptsvc
SC config cryptsvc start= disabled
::SC delete cryptsvc
::替换文件,修改内存
COPY sysdm.cpl c:\windows\system32\dllcache\sysdm.cpl /y
COPY sysdm.cpl c:\windows\system32\sysdm.cpl /y
::命令操作以下注册表位置,需要先用Regini命令逐条获取权限
ECHO HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_0[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_1[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_2[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_3[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_0[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_1[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_2[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_3[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_0[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_1[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_2[1 7 17]>>c:\reg.ini
ECHO HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_3[1 7 17]>>c:\reg.iniECHO HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor[1 7 17]>>c:\reg.ini
REGINI c:\reg.ini
DEL c:\reg.ini
::这里用脚本演示,批处理开机会弹出黑框
ECHO on error resume next>C:\tmp.VBS
ECHO Set Fs = CreateObject("Wscript.Shell")>>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_0\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_1\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_2\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_3\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_0\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_1\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_2\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_42\_3\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_0\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_1\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_2\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\GenuineIntel_-_x86_Family_6_Model_23\_3\FriendlyName","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
ECHO Fs.Regwrite "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3\ProcessorNameString","Intel (R) Core(TM)2 i5-2400 CPU @ 3.10GHz","REG_SZ">>C:\tmp.VBS
::添加启动项
REG ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\WINDOWS\CurrentVersion\Run" /v 测试 /t REG_SZ /D "C:\tmp.VBS" /F
START C:\tmp.VBS
将上面代码保存为.bat文件,运行即可!
其实用鲁大师、CPUZ或其他系统工具一测就检测出来了,但是并不是所有人都有这个习惯!演示条件有限,不上太多图了!不过是我事先测试过的,有问题请指出,仅供测试哦!