|
[原创]汇编hook MmCreateSection 让系统不能动弹
那就不买他cpu了 |
|
|
|
|
|
[求助]如何枚举宿主进程所有线程?
delphi 代码 引用单元 TLHelp32 procedure ThreadAllTerminate; var PId, TId:DWORD; hSnapshot:THandle; te:TThreadEntry32; begin hSnapshot := CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, PId ); if hSnapshot = INVALID_HANDLE_VALUE then Exit; te.dwSize := sizeof( THREADENTRY32 ); if Thread32First( hSnapshot, te ) = True then begin repeat if te.th32OwnerProcessID = PId then begin if te.th32ThreadID <> TId then begin end; end; until Thread32Next( hSnapshot, te ) = False; end; CloseHandle( hSnapshot ); end; |
|
[转帖]HyperDbg
开源,免费的 好像不错 现在只是个原型版本 对环境要求比较苛刻.. 下面是readme的内容 HyperDbg is a kernel debugger that leverages hardware-assisted virtualization. More precisely, HyperDbg is based on a minimalistic hypervisor that is installed while the system runs. Compared to traditional kernel debuggers (e.g., WinDbg, SoftIce, Rasta R0 Debugger) HyperDbg is completely transparent to the kernel and can be used to debug kernel code without the need of serial (or USB) cables. For example, HyperDbg allows to single step the execution of the kernel, even when the kernel is executing exception and interrupt handlers. Compared to traditional virtual machine based debuggers (e.g., the VMware builtin debugger), HyperDbg does not require the kernel to be run as a guest of a virtual machine, although it is as powerful. Once loaded, the debugger will sits in background and will pop up the GUI when the F12 hot-key is pressed or when a debug event occurs. The current version of HyperDbg is a prototype and will evolve drastically in the future. Currently the debugger allows to set breakpoints, to single step the execution of the kernel, to inspect the memory of the operating system and of a particular process. However, the debugger currently does not distinguish between threads, has limited support for kernel's symbols, and has does not clone shared pages before setting a breakpoint. Future version of the debugger will be based on an enhanced version of the hypervisor that guarantees complete isolation and transparency. HyperDbg currently only supports: * systems with PS/2 keyboards * systems with Intel VT-x * systems running 32-bit OSes and applications (no PAE) * Windows XP (SP2). HyperDbg renders the GUI by writing directly to the memory of the video card. Some video cards are known to give problems. The debugger does not work correctly when the accelerated drivers for the following cards are loaded: * Intel 82915g * nvidia GeForce 9800GT * nvidia GeForce GT 130 If you have any of the aforementioned cards (and you are using the accelerated driver) or if the interface is not correctly rendered on the screen, you have to disable the driver in order to be able to use HyperDbg. The driver used by default by Windows XP does not give any problem. See the file INSTALL for compilation instructions. HyperDbg is developed by: * Aristide Fattori <joystick@security.dico.unimi.it> * Lorenzo Martignoni <martignlo@gmail.com> * Roberto Paleari <roberto.paleari@gmail.com> Comments, suggestions, criticisms, and patches are very welcome and can be sent by email to the authors. |
|
[下载]Delphi Decompiler 1.1.0.194
Idr 也不错呵呵 不过都只能用来做辅助工作 |
|
[注意]讣告 江民科技创始人王江民因病去世 享年59岁
默哀...一路走好 |
|
[转帖]Interactive Delphi Reconstructor
用delphi 7的编译目标测试了一下 很强大 |
|
[转帖]Preview of the new cross-platform IDA Pro GUI
改用c++开发ui了... |
|
[注意]KmdKit4D重大更新
楼主辛苦啦... |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值