-
CLI: -allow-plugins
-
HKLM\SOFTWARE\voidtools\Everything 1.5a\AllowedPlugins
-
组策略:Software\Policies\voidtools\Everything\plugins_allowed_list
Not Policy.ini
-
os_load_system_library / GetSystemDirectoryW() + LoadLibrary vul
COMCTL32.dll
- Plugins:
MSVCR80.dll
- v1.5 new
-
Patch
- IAT /
os_load_system_library
os_CryptCreateHash- Hash const
WinVerifyTrust
Security
只靠不自动加载也没什么作用,有写入ev插件目录权限的就也能修改主程序,而用户自己下载的又反正会手动开启,更像是给企业实现审计或者保密用的
Macros.csv
Omit Results.csv
CLI:
-allow-pluginsHKLM\SOFTWARE\voidtools\Everything 1.5a\AllowedPlugins组策略:
Software\Policies\voidtools\Everything\plugins_allowed_listNot
Policy.inios_load_system_library/GetSystemDirectoryW()+LoadLibraryvulCOMCTL32.dllMSVCR80.dllPatch
os_load_system_libraryos_CryptCreateHashWinVerifyTrustSecurity
Macros.csv
Omit Results.csv