|
|
配合S大佬的winxshell,无论是开机或者进桌面随意进入system或admin,并处理注册表选择安不安装微软通用显示驱动display.inf
核心pecmd.ini代码如下
FIND EXPLORER.EXE,CALL LDSHEL!CALL INITPE
//进入桌面前的初始化操作
_SUB INITPE
TEAM DISP W1024 H768 B32|DISP W1280 720 B32|DISP W1280 H1024 B32|DISP W1366 H768 B32|DISP W1920 H1080 B32
LOGO %WinDir%\web\wallpaper\Windows\img0.jpg
TEAM EXEC !%WINDIR%\SYSTEM32\WPEINIT.EXE | INIT U,3000
EXEC* adminsid=!reg.exe query "HKLM\SECURITY\SAM\Domains\Builtin\Aliases\Members"
NAME SID=%adminsid%
REGI HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileService\References\%SID%-500\RefCount=@03,0
EXEC =!%WINDIR%\System32\LSAgetRights.exe -c -u Administrator
MESS 是否安装通用display.inf驱动?@选择安装 #YN *5000 $Y
FIND $%YESNO%=YES,
{
EXEC !=REG.EXE IMPORT "%WinDir%\displayinf.reg"
DEVI %WinDir%\inf\display.inf
}
DEVI %WinDir%\inf\wpdfs.inf
DEVI %WinDir%\inf\sti.inf
DEVI %WinDir%\inf\tdibth.inf
DEVI %WinDir%\inf\usbvideo.inf
REGI HKLM\SYSTEM\Setup\SystemSetupInProgress=#0
SERV netprofm
EXEC !netcfg.exe -c s -i MS_NATIVEWIFIP
SERV Wlansvc
EXEC !startnet.exe -wg WORKGROUP
SERV LanmanServer
SERV FDResPub
EXEC !wpeutil.exe DisableFirewall
SERV Spooler
REGI HKLM\SYSTEM\Setup\SystemSetupInProgress=#1
REGI HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon=#1
REGI HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName=Administrator
REGI HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword=""
REGI HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\Guest=#0
REGI HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\EnableSIHostIntegration=#0
REGI HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Init=PECMD.EXE LOAD %SystemRoot%\PECMD.ini
IFEX X:\Users\Administrator\NTUSER.DAT,HIVE -u %SID%-500,X:\Users\Administrator\NTUSER.DAT
EXEC !=%WinDir%\System32\AutoNumLock.exe
EXEC !="%ProgramFiles%\WinXShell\WinXShell.exe" -code app:call('logonuserinit')
LINK %Public%\Desktop\切换到 System 用户,PECMD.EXE,LOAD %CurFile%*SwitchUser,SHELL32.DLL#111
MESS 是否进入Admin用户?@用户选择 #YN *5000 $Y
FIND $%YESNO%=YES,CALL ADMIN!CALL SYSTEM
LOAD %WinDir%\pecmd.ini
_END
_SUB ADMIN
CALL $Netapi32.dll,NetJoinDomain,,WORKGROUP,,,,1
@IFEX %Public%\Desktop\切换到 Admin 用户.lnk,FILE -q -force %Public%\Desktop\切换到 Admin 用户.lnk
LINK %Public%\Desktop\切换到 System 用户,PECMD.EXE,LOAD %CurFile%*SwitchUser,SHELL32.DLL#160
EXEC =!"%ProgramFiles%\WinXShell\WinXShell.exe" -ui -jcfg "X:\Program Files\WinXShell\UI_LogonPE.jcfg"
` TEAM SET YESNO=NO|IFEX #2=%ERRORLEVEL%,SET YESNO=YES
TEAM FILE X:\Users\admin.txt | CALL SYSHEL
EXEC !=LogonAdmin.bat PECMD
// TEXT Waiting for SYSTEM session ... # 0xFFFFFF L59 T39 $20*
SHEL explorer.exe
TEXT Waiting for SYSTEM session ... # 0xFFFFFF L59 T39 $20*
TEAM FILE %public%\desktop\desktop.ini|FILE %desktop%\desktop.ini|FILE %Programs%\Startup|FILE %PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup
SEND 0x74
_END
_SUB SYSTEM
@IFEX %Public%\Desktop\切换到 System 用户.lnk,FILE -q -force %Public%\Desktop\切换到 System 用户.lnk
LINK %Public%\Desktop\切换到 Admin 用户,PECMD.EXE,LOAD %CurFile%*SwitchUser,SHELL32.DLL#111
IFEX X:\Users\admin.txt,
{
FILE -q -force %Public%\Desktop\切换到 Admin 用户.lnk
LINK %Public%\Desktop\切换到 Admin 用户,PECMD.EXE,LOAD %CurFile%*ADMIN,SHELL32.DLL#111
}
TEAM WAIT 200 | CALL LDSOFT
SHEL %WinDir%\explorer.exe
_END
_SUB SwitchUser
FIND $%USERNAME%=SYSTEM,
{
@IFEX %Public%\Desktop\切换到 Admin 用户.lnk,FILE -q -force %Public%\Desktop\切换到 Admin 用户.lnk
LINK %Public%\Desktop\切换到 System 用户,PECMD.EXE,LOAD %CurFile%*SwitchUser,SHELL32.DLL#160
@IFEX X:\Users\admin.txt,PECMD LOAD %CurFile%*ADMIN!EXEC TSCON 2
}
FIND $%USERNAME%=Administrator,
{
@IFEX %Public%\Desktop\切换到 System 用户.lnk,FILE -q -force %Public%\Desktop\切换到 System 用户.lnk
LINK %Public%\Desktop\切换到 Admin 用户,PECMD.EXE,LOAD %CurFile%*SwitchUser,SHELL32.DLL#111
@IFEX X:\Users\Administrator,EXEC TSCON 1
}
_END
|
评分
-
查看全部评分
|
[复制链接]
IP卡
狗仔卡
发表于 2022-9-23 08:15:02
显身卡
楼主
