|
[求助]#if 0注释问题
#if Statement CodeA #else CodeB #endif 若Statement为TRUE则编译时编译CodeA,否则编译CodeB。 #if 0 aaaaaaaaaaaaaaaaaaaa #else bbbbbbbbbbbbbbbbbbbb #endif 只是告诉编译器不要编译aaaaaaa,并不是说是当做注释用 |
|
[分享]debugman上不去~bin发这里玩玩
用notepad看了下debugstr,是 r0 call r3? |
|
[求助]Hook IofCompleteRequest的问题?
现在的人提问都还不忘保密源代码 |
|
[半原创]贴点内核态中创建用户态进程的代码
从这儿读吧 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment |
|
[半原创]贴点内核态中创建用户态进程的代码
BYTE* EnvironmentStringsW={ "0x0 0x49 0x0 0x4e 0x0 0x44 0x0 0x4f 0x0 0x57" "0x0 0x53 0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c" "0x0 0x57 0x0 0x49 0x0 0x4e 0x0 0x44 0x0 0x4f" "0x0 0x57 0x0 0x53 0x0 0x5c 0x0 0x53 0x0 0x79" "0x0 0x73 0x0 0x74 0x0 0x65 0x0 0x6d 0x0 0x33" "0x0 0x32 0x0 0x5c 0x0 0x57 0x0 0x62 0x0 0x65" "0x0 0x6d 0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c" "0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72" "0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69" "0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x43" "0x0 0x6f 0x0 0x6d 0x0 0x6d 0x0 0x6f 0x0 0x6e" "0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c 0x0 0x65" "0x0 0x73 0x0 0x5c 0x0 0x54 0x0 0x65 0x0 0x6c" "0x0 0x65 0x0 0x63 0x0 0x61 0x0 0x20 0x0 0x53" "0x0 0x68 0x0 0x61 0x0 0x72 0x0 0x65 0x0 0x64" "0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50" "0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61" "0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c" "0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x4d 0x0 0x69" "0x0 0x63 0x0 0x72 0x0 0x6f 0x0 0x73 0x0 0x6f" "0x0 0x66 0x0 0x74 0x0 0x20 0x0 0x56 0x0 0x69" "0x0 0x73 0x0 0x75 0x0 0x61 0x0 0x6c 0x0 0x20" "0x0 0x53 0x0 0x74 0x0 0x75 0x0 0x64 0x0 0x69" "0x0 0x6f 0x0 0x5c 0x0 0x43 0x0 0x6f 0x0 0x6d" "0x0 0x6d 0x0 0x6f 0x0 0x6e 0x0 0x5c 0x0 0x54" "0x0 0x6f 0x0 0x6f 0x0 0x6c 0x0 0x73 0x0 0x5c" "0x0 0x57 0x0 0x69 0x0 0x6e 0x0 0x4e 0x0 0x54" "0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50" "0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61" "0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c" "0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x4d 0x0 0x69" "0x0 0x63 0x0 0x72 0x0 0x6f 0x0 0x73 0x0 0x6f" "0x0 0x66 0x0 0x74 0x0 0x20 0x0 0x56 0x0 0x69" "0x0 0x73 0x0 0x75 0x0 0x61 0x0 0x6c 0x0 0x20" "0x0 0x53 0x0 0x74 0x0 0x75 0x0 0x64 0x0 0x69" "0x0 0x6f 0x0 0x5c 0x0 0x43 0x0 0x6f 0x0 0x6d" "0x0 0x6d 0x0 0x6f 0x0 0x6e 0x0 0x5c 0x0 0x4d" "0x0 0x53 0x0 0x44 0x0 0x65 0x0 0x76 0x0 0x39" "0x0 0x38 0x0 0x5c 0x0 0x42 0x0 0x69 0x0 0x6e" "0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50" "0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61" "0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c" "0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x4d 0x0 0x69" "0x0 0x63 0x0 0x72 0x0 0x6f 0x0 0x73 0x0 0x6f" "0x0 0x66 0x0 0x74 0x0 0x20 0x0 0x56 0x0 0x69" "0x0 0x73 0x0 0x75 0x0 0x61 0x0 0x6c 0x0 0x20" "0x0 0x53 0x0 0x74 0x0 0x75 0x0 0x64 0x0 0x69" "0x0 0x6f 0x0 0x5c 0x0 0x43 0x0 0x6f 0x0 0x6d" "0x0 0x6d 0x0 0x6f 0x0 0x6e 0x0 0x5c 0x0 0x54" "0x0 0x6f 0x0 0x6f 0x0 0x6c 0x0 0x73 0x0 0x3b" "0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50 0x0 0x72" "0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61 0x0 0x6d" "0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c 0x0 0x65" "0x0 0x73 0x0 0x5c 0x0 0x4d 0x0 0x69 0x0 0x63" "0x0 0x72 0x0 0x6f 0x0 0x73 0x0 0x6f 0x0 0x66" "0x0 0x74 0x0 0x20 0x0 0x56 0x0 0x69 0x0 0x73" "0x0 0x75 0x0 0x61 0x0 0x6c 0x0 0x20 0x0 0x53" "0x0 0x74 0x0 0x75 0x0 0x64 0x0 0x69 0x0 0x6f" "0x0 0x5c 0x0 0x56 0x0 0x43 0x0 0x39 0x0 0x38" "0x0 0x5c 0x0 0x62 0x0 0x69 0x0 0x6e 0x0 0x3b" "0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50 0x0 0x72" "0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61 0x0 0x6d" "0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c 0x0 0x65" "0x0 0x73 0x0 0x5c 0x0 0x53 0x0 0x74 0x0 0x6f" "0x0 0x72 0x0 0x6d 0x0 0x49 0x0 0x49 0x0 0x5c" "0x0 0x43 0x0 0x6f 0x0 0x64 0x0 0x65 0x0 0x63" "0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50" "0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61" "0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c" "0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x53 0x0 0x74" "0x0 0x6f 0x0 0x72 0x0 0x6d 0x0 0x49 0x0 0x49" "0x0 0x0 0x0 0x50 0x0 0x41 0x0 0x54 0x0 0x48" "0x0 0x45 0x0 0x58 0x0 0x54 0x0 0x3d 0x0 0x2e" "0x0 0x43 0x0 0x4f 0x0 0x4d 0x0 0x3b 0x0 0x2e" "0x0 0x45 0x0 0x58 0x0 0x45 0x0 0x3b 0x0 0x2e" "0x0 0x42 0x0 0x41 0x0 0x54 0x0 0x3b 0x0 0x2e" "0x0 0x43 0x0 0x4d 0x0 0x44 0x0 0x3b 0x0 0x2e" "0x0 0x56 0x0 0x42 0x0 0x53 0x0 0x3b 0x0 0x2e" "0x0 0x56 0x0 0x42 0x0 0x45 0x0 0x3b 0x0 0x2e" "0x0 0x4a 0x0 0x53 0x0 0x3b 0x0 0x2e 0x0 0x4a" "0x0 0x53 0x0 0x45 0x0 0x3b 0x0 0x2e 0x0 0x57" "0x0 0x53 0x0 0x46 0x0 0x3b 0x0 0x2e 0x0 0x57" "0x0 0x53 0x0 0x48 0x0 0x3b 0x0 0x2e 0x0 0x42" "0x0 0x4f 0x0 0x58 0x0 0x0 0x0 0x50 0x0 0x52" "0x0 0x4f 0x0 0x43 0x0 0x45 0x0 0x53 0x0 0x53" "0x0 0x4f 0x0 0x52 0x0 0x5f 0x0 0x41 0x0 0x52" "0x0 0x43 0x0 0x48 0x0 0x49 0x0 0x54 0x0 0x45" "0x0 0x43 0x0 0x54 0x0 0x55 0x0 0x52 0x0 0x45" "0x0 0x3d 0x0 0x78 0x0 0x38 0x0 0x36 0x0 0x0" "0x0 0x50 0x0 0x52 0x0 0x4f 0x0 0x43 0x0 0x45" "0x0 0x53 0x0 0x53 0x0 0x4f 0x0 0x52 0x0 0x5f" "0x0 0x49 0x0 0x44 0x0 0x45 0x0 0x4e 0x0 0x54" "0x0 0x49 0x0 0x46 0x0 0x49 0x0 0x45 0x0 0x52" "0x0 0x3d 0x0 0x78 0x0 0x38 0x0 0x36 0x0 0x20" "0x0 0x46 0x0 0x61 0x0 0x6d 0x0 0x69 0x0 0x6c" "0x0 0x79 0x0 0x20 0x0 0x31 0x0 0x35 0x0 0x20" "0x0 0x4d 0x0 0x6f 0x0 0x64 0x0 0x65 0x0 0x6c" "0x0 0x20 0x0 0x37 0x0 0x39 0x0 0x20 0x0 0x53" "0x0 0x74 0x0 0x65 0x0 0x70 0x0 0x70 0x0 0x69" "0x0 0x6e 0x0 0x67 0x0 0x20 0x0 0x32 0x0 0x2c" "0x0 0x20 0x0 0x41 0x0 0x75 0x0 0x74 0x0 0x68" "0x0 0x65 0x0 0x6e 0x0 0x74 0x0 0x69 0x0 0x63" "0x0 0x41 0x0 0x4d 0x0 0x44 0x0 0x0 0x0 0x50" "0x0 0x52 0x0 0x4f 0x0 0x43 0x0 0x45 0x0 0x53" "0x0 0x53 0x0 0x4f 0x0 0x52 0x0 0x5f 0x0 0x4c" "0x0 0x45 0x0 0x56 0x0 0x45 0x0 0x4c 0x0 0x3d" "0x0 0x31 0x0 0x35 0x0 0x0 0x0 0x50 0x0 0x52" "0x0 0x4f 0x0 0x43 0x0 0x45 0x0 0x53 0x0 0x53" "0x0 0x4f 0x0 0x52 0x0 0x5f 0x0 0x52 0x0 0x45" "0x0 0x56 0x0 0x49 0x0 0x53 0x0 0x49 0x0 0x4f" "0x0 0x4e 0x0 0x3d 0x0 0x34 0x0 0x66 0x0 0x30" "0x0 0x32 0x0 0x0 0x0 0x50 0x0 0x72 0x0 0x6f" "0x0 0x67 0x0 0x72 0x0 0x61 0x0 0x6d 0x0 0x46" "0x0 0x69 0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x3d" "0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50 0x0 0x72" "0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61 0x0 0x6d" "0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c 0x0 0x65" "0x0 0x73 0x0 0x0 0x0 0x53 0x0 0x45 0x0 0x53" "0x0 0x53 0x0 0x49 0x0 0x4f 0x0 0x4e 0x0 0x4e" "0x0 0x41 0x0 0x4d 0x0 0x45 0x0 0x3d 0x0 0x43" "0x0 0x6f 0x0 0x6e 0x0 0x73 0x0 0x6f 0x0 0x6c" "0x0 0x65 0x0 0x0 0x0 0x53 0x0 0x79 0x0 0x73" "0x0 0x74 0x0 0x65 0x0 0x6d 0x0 0x44 0x0 0x72" "0x0 0x69 0x0 0x76 0x0 0x65 0x0 0x3d 0x0 0x43" "0x0 0x3a 0x0 0x0 0x0 0x53 0x0 0x79 0x0 0x73" "0x0 0x74 0x0 0x65 0x0 0x6d 0x0 0x52 0x0 0x6f" "0x0 0x6f 0x0 0x74 0x0 0x3d 0x0 0x43 0x0 0x3a" "0x0 0x5c 0x0 0x57 0x0 0x49 0x0 0x4e 0x0 0x44" "0x0 0x4f 0x0 0x57 0x0 0x53 0x0 0x0 0x0 0x54" "0x0 0x45 0x0 0x4d 0x0 0x50 0x0 0x3d 0x0 0x43" "0x0 0x3a 0x0 0x5c 0x0 0x44 0x0 0x4f 0x0 0x43" "0x0 0x55 0x0 0x4d 0x0 0x45 0x0 0x7e 0x0 0x31" "0x0 0x5c 0x0 0x41 0x0 0x44 0x0 0x4d 0x0 0x49" "0x0 0x4e 0x0 0x49 0x0 0x7e 0x0 0x31 0x0 0x5c" "0x0 0x4c 0x0 0x4f 0x0 0x43 0x0 0x41 0x0 0x4c" "0x0 0x53 0x0 0x7e 0x0 0x31 0x0 0x5c 0x0 0x54" "0x0 0x65 0x0 0x6d 0x0 0x70 0x0 0x0 0x0 0x54" "0x0 0x4d 0x0 0x50 0x0 0x3d 0x0 0x43 0x0 0x3a" "0x0 0x5c 0x0 0x44 0x0 0x4f 0x0 0x43 0x0 0x55" "0x0 0x4d 0x0 0x45 0x0 0x7e 0x0 0x31 0x0 0x5c" "0x0 0x41 0x0 0x44 0x0 0x4d 0x0 0x49 0x0 0x4e" "0x0 0x49 0x0 0x7e 0x0 0x31 0x0 0x5c 0x0 0x4c" "0x0 0x4f 0x0 0x43 0x0 0x41 0x0 0x4c 0x0 0x53" "0x0 0x7e 0x0 0x31 0x0 0x5c 0x0 0x54 0x0 0x65" "0x0 0x6d 0x0 0x70 0x0 0x0 0x0 0x55 0x0 0x53" "0x0 0x45 0x0 0x52 0x0 0x44 0x0 0x4f 0x0 0x4d" "0x0 0x41 0x0 0x49 0x0 0x4e 0x0 0x3d 0x0 0x43" "0x0 0x46 0x0 0x35 0x0 0x37 0x0 0x35 0x0 0x34" "0x0 0x39 0x0 0x36 0x0 0x46 0x0 0x33 0x0 0x37" "0x0 0x38 0x0 0x34 0x0 0x36 0x0 0x33 0x0 0x0" "0x0 0x55 0x0 0x53 0x0 0x45 0x0 0x52 0x0 0x4e" "0x0 0x41 0x0 0x4d 0x0 0x45 0x0 0x3d 0x0 0x41" "0x0 0x64 0x0 0x6d 0x0 0x69 0x0 0x6e 0x0 0x69" "0x0 0x73 0x0 0x74 0x0 0x72 0x0 0x61 0x0 0x74" "0x0 0x6f 0x0 0x72 0x0 0x0 0x0 0x55 0x0 0x53" "0x0 0x45 0x0 0x52 0x0 0x50 0x0 0x52 0x0 0x4f" "0x0 0x46 0x0 0x49 0x0 0x4c 0x0 0x45 0x0 0x3d" "0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x44 0x0 0x6f" "0x0 0x63 0x0 0x75 0x0 0x6d 0x0 0x65 0x0 0x6e" "0x0 0x74 0x0 0x73 0x0 0x20 0x0 0x61 0x0 0x6e" "0x0 0x64 0x0 0x20 0x0 0x53 0x0 0x65 0x0 0x74" "0x0 0x74 0x0 0x69 0x0 0x6e 0x0 0x67 0x0 0x73" "0x0 0x5c 0x0 0x41 0x0 0x64 0x0 0x6d 0x0 0x69" "0x0 0x6e 0x0 0x69 0x0 0x73 0x0 0x74 0x0 0x72" "0x0 0x61 0x0 0x74 0x0 0x6f 0x0 0x72 0x0 0x0" "0x0 0x56 0x0 0x53 0x0 0x38 0x0 0x30 0x0 0x43" "0x0 0x4f 0x0 0x4d 0x0 0x4e 0x0 0x54 0x0 0x4f" "0x0 0x4f 0x0 0x4c 0x0 0x53 0x0 0x3d 0x0 0x43" "0x0 0x3a 0x0 0x5c 0x0 0x50 0x0 0x72 0x0 0x6f" "0x0 0x67 0x0 0x72 0x0 0x61 0x0 0x6d 0x0 0x20" "0x0 0x46 0x0 0x69 0x0 0x6c 0x0 0x65 0x0 0x73" "0x0 0x5c 0x0 0x4d 0x0 0x69 0x0 0x63 0x0 0x72" "0x0 0x6f 0x0 0x73 0x0 0x6f 0x0 0x66 0x0 0x74" "0x0 0x20 0x0 0x56 0x0 0x69 0x0 0x73 0x0 0x75" "0x0 0x61 0x0 0x6c 0x0 0x20 0x0 0x53 0x0 0x74" "0x0 0x75 0x0 0x64 0x0 0x69 0x0 0x6f 0x0 0x20" "0x0 0x38 0x0 0x5c 0x0 0x43 0x0 0x6f 0x0 0x6d" "0x0 0x6d 0x0 0x6f 0x0 0x6e 0x0 0x37 0x0 0x5c" "0x0 0x54 0x0 0x6f 0x0 0x6f 0x0 0x6c 0x0 0x73" "0x0 0x5c 0x0 0x0 0x0 0x77 0x0 0x69 0x0 0x6e" "0x0 0x64 0x0 0x69 0x0 0x72 0x0 0x3d 0x0 0x43" "0x0 0x3a 0x0 0x5c 0x0 0x57 0x0 0x49 0x0 0x4e" "0x0 0x44 0x0 0x4f 0x0 0x57 0x0 0x53 0x0 0x0" "0x0 0x57 0x0 0x4e 0x0 0x45 0x0 0x54 0x0 0x42" "0x0 0x41 0x0 0x53 0x0 0x45 0x0 0x3d 0x0 0x46" "0x0 0x3a 0x0 0x5c 0x0 0x57 0x0 0x49 0x0 0x4e" "0x0 0x44 0x0 0x44 0x0 0x4b 0x0 0x5c 0x0 0x33" "0x0 0x37 0x0 0x39 0x0 0x30 0x0 0x2e 0x0 0x31" "0x0 0x38 0x0 0x33 0x0 0x30 0x0 0x0 0x0 0x5f" "0x0 0x41 0x0 0x43 0x0 0x50 0x0 0x5f 0x0 0x4c" "0x0 0x49 0x0 0x42 0x0 0x3d 0x0 0x43 0x0 0x3a" "0x0 0x5c 0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67" "0x0 0x72 0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46" "0x0 0x69 0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c" "0x0 0x4d 0x0 0x69 0x0 0x63 0x0 0x72 0x0 0x6f" "0x0 0x73 0x0 0x6f 0x0 0x66 0x0 0x74 0x0 0x20" "0x0 0x56 0x0 0x69 0x0 0x73 0x0 0x75 0x0 0x61" "0x0 0x6c 0x0 0x20 0x0 0x53 0x0 0x74 0x0 0x75" "0x0 0x64 0x0 0x69 0x0 0x6f 0x0 0x5c 0x0 0x56" "0x0 0x43 0x0 0x39 0x0 0x38 0x0 0x5c 0x0 0x4c" "0x0 0x49 0x0 0x42 0x0 0x3b 0x0 0x43 0x0 0x3a" "0x0 0x5c 0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67" "0x0 0x72 0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46" "0x0 0x69 0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c" "0x0 0x4d 0x0 0x69 0x0 0x63 0x0 0x72 0x0 0x6f" "0x0 0x73 0x0 0x6f 0x0 0x66 0x0 0x74 0x0 0x20" "0x0 0x56 0x0 0x69 0x0 0x73 0x0 0x75 0x0 0x61" "0x0 0x6c 0x0 0x20 0x0 0x53 0x0 0x74 0x0 0x75" "0x0 0x64 0x0 0x69 0x0 0x6f 0x0 0x5c 0x0 0x56" "0x0 0x43 0x0 0x39 0x0 0x38 0x0 0x5c 0x0 0x4d" "0x0 0x46 0x0 0x43 0x0 0x5c 0x0 0x4c 0x0 0x49" "0x0 0x42 0x0 0x0 0x0 0x5f 0x0 0x41 0x0 0x43" "0x0 0x50 0x0 0x5f 0x0 0x50 0x0 0x41 0x0 0x54" "0x0 0x48 0x0 0x3d 0x0 0x43 0x0 0x3a 0x0 0x5c" "0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72" "0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69" "0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x4d" "0x0 0x69 0x0 0x63 0x0 0x72 0x0 0x6f 0x0 0x73" "0x0 0x6f 0x0 0x66 0x0 0x74 0x0 0x20 0x0 0x56" "0x0 0x69 0x0 0x73 0x0 0x75 0x0 0x61 0x0 0x6c" "0x0 0x20 0x0 0x53 0x0 0x74 0x0 0x75 0x0 0x64" "0x0 0x69 0x0 0x6f 0x0 0x5c 0x0 0x43 0x0 0x6f" "0x0 0x6d 0x0 0x6d 0x0 0x6f 0x0 0x6e 0x0 0x5c" "0x0 0x4d 0x0 0x53 0x0 0x44 0x0 0x65 0x0 0x76" "0x0 0x39 0x0 0x38 0x0 0x5c 0x0 0x42 0x0 0x69" "0x0 0x6e 0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c" "0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72" "0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69" "0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x4d" "0x0 0x69 0x0 0x63 0x0 0x72 0x0 0x6f 0x0 0x73" "0x0 0x6f 0x0 0x66 0x0 0x74 0x0 0x20 0x0 0x56" "0x0 0x69 0x0 0x73 0x0 0x75 0x0 0x61 0x0 0x6c" "0x0 0x20 0x0 0x53 0x0 0x74 0x0 0x75 0x0 0x64" "0x0 0x69 0x0 0x6f 0x0 0x5c 0x0 0x56 0x0 0x43" "0x0 0x39 0x0 0x38 0x0 0x5c 0x0 0x42 0x0 0x49" "0x0 0x4e 0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c" "0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72" "0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69" "0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x4d" "0x0 0x69 0x0 0x63 0x0 0x72 0x0 0x6f 0x0 0x73" "0x0 0x6f 0x0 0x66 0x0 0x74 0x0 0x20 0x0 0x56" "0x0 0x69 0x0 0x73 0x0 0x75 0x0 0x61 0x0 0x6c" "0x0 0x20 0x0 0x53 0x0 0x74 0x0 0x75 0x0 0x64" "0x0 0x69 0x0 0x6f 0x0 0x5c 0x0 0x43 0x0 0x6f" "0x0 0x6d 0x0 0x6d 0x0 0x6f 0x0 0x6e 0x0 0x5c" "0x0 0x54 0x0 0x4f 0x0 0x4f 0x0 0x4c 0x0 0x53" "0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50" "0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61" "0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c" "0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x4d 0x0 0x69" "0x0 0x63 0x0 0x72 0x0 0x6f 0x0 0x73 0x0 0x6f" "0x0 0x66 0x0 0x74 0x0 0x20 0x0 0x56 0x0 0x69" "0x0 0x73 0x0 0x75 0x0 0x61 0x0 0x6c 0x0 0x20" "0x0 0x53 0x0 0x74 0x0 0x75 0x0 0x64 0x0 0x69" "0x0 0x6f 0x0 0x5c 0x0 0x43 0x0 0x6f 0x0 0x6d" "0x0 0x6d 0x0 0x6f 0x0 0x6e 0x0 0x5c 0x0 0x54" "0x0 0x4f 0x0 0x4f 0x0 0x4c 0x0 0x53 0x0 0x5c" "0x0 0x57 0x0 0x49 0x0 0x4e 0x0 0x4e 0x0 0x54" "0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x57" "0x0 0x49 0x0 0x4e 0x0 0x44 0x0 0x4f 0x0 0x57" "0x0 0x53 0x0 0x5c 0x0 0x73 0x0 0x79 0x0 0x73" "0x0 0x74 0x0 0x65 0x0 0x6d 0x0 0x33 0x0 0x32" "0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x57" "0x0 0x49 0x0 0x4e 0x0 0x44 0x0 0x4f 0x0 0x57" "0x0 0x53 0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c" "0x0 0x57 0x0 0x49 0x0 0x4e 0x0 0x44 0x0 0x4f" "0x0 0x57 0x0 0x53 0x0 0x5c 0x0 0x53 0x0 0x79" "0x0 0x73 0x0 0x74 0x0 0x65 0x0 0x6d 0x0 0x33" "0x0 0x32 0x0 0x5c 0x0 0x57 0x0 0x62 0x0 0x65" "0x0 0x6d 0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c" "0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72" "0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69" "0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x43" "0x0 0x6f 0x0 0x6d 0x0 0x6d 0x0 0x6f 0x0 0x6e" "0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c 0x0 0x65" "0x0 0x73 0x0 0x5c 0x0 0x54 0x0 0x65 0x0 0x6c" "0x0 0x65 0x0 0x63 0x0 0x61 0x0 0x20 0x0 0x53" "0x0 0x68 0x0 0x61 0x0 0x72 0x0 0x65 0x0 0x64" "0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c 0x0 0x50" "0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72 0x0 0x61" "0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69 0x0 0x6c" "0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x53 0x0 0x74" "0x0 0x6f 0x0 0x72 0x0 0x6d 0x0 0x49 0x0 0x49" "0x0 0x5c 0x0 0x43 0x0 0x6f 0x0 0x64 0x0 0x65" "0x0 0x63 0x0 0x3b 0x0 0x43 0x0 0x3a 0x0 0x5c" "0x0 0x50 0x0 0x72 0x0 0x6f 0x0 0x67 0x0 0x72" "0x0 0x61 0x0 0x6d 0x0 0x20 0x0 0x46 0x0 0x69" "0x0 0x6c 0x0 0x65 0x0 0x73 0x0 0x5c 0x0 0x53" "0x0 0x74 0x0 0x6f 0x0 0x72 0x0 0x6d 0x0 0x49" "0x0 0x49 0x0 0x0 0x0 0x5f 0x0 0x4d 0x0 0x53" "0x0 0x44 0x0 0x45 0x0 0x56 0x0 0x5f 0x0 0x42" "0x0 0x4c 0x0 0x44 0x0 0x5f 0x0 0x45 0x0 0x4e" "0x0 0x56 0x0 0x5f 0x0 0x3d 0x0 0x31 0x0 0x0" "0x0 0x5f 0x0 0x5f 0x0 0x43 0x0 0x4f 0x0 0x4d" "0x0 0x50 0x0 0x41 0x0 0x54 0x0 0x5f 0x0 0x4c" "0x0 0x41 0x0 0x59 0x0 0x45 0x0 0x52 0x0 0x3d" "0x0 0x45 0x0 0x6e 0x0 0x61 0x0 0x62 0x0 0x6c" "0x0 0x65 0x0 0x4e 0x0 0x58 0x0 0x53 0x0 0x68" "0x0 0x6f 0x0 0x77 0x0 0x55 0x0 0x49 0x0 0x20" "0x0 0x0 0x0"}; ..... |
|
[半原创]贴点内核态中创建用户态进程的代码
创建user process的同时是需要创建user thread的 |
|
[半原创]贴点内核态中创建用户态进程的代码
前一阵在黑防发了个类似的 typedef struct _PBASE_CREATEPROCESS_MSG { HANDLE hProcess; HANDLE hThread; DWORD dwProcessId; DWORD dwThreadId; DWORD CreationFlags; CLIENT_ID DebuggerClientId; DWORD VdmBinaryType; }BASE_CREATEPROCESS_MSG ,*PBASE_CREATEPROCESS_MSG; typedef struct _BASE_API_MSG { PORT_MESSAGE h; PCSR_CAPTURE_HEADER CaptureBuffer; CSR_API_NUMBER ApiNumber; ULONG ReturnValue; ULONG Reserved; union { BASE_CREATEPROCESS_MSG CreateProcess; } u; } BASE_API_MSG, *PBASE_API_MSG; BASE_API_MSG BaseApiMsg={0}; PBASE_CREATEPROCESS_MSG BaseCreateProcessMsg=NULL; //..... // notify csrss of process's creation // without notifying csrss, what we got is merely a 0xC0000124 error ( through csr's messagebox ) RtlZeroMemory(&BaseApiMsg,sizeof(BASE_API_MSG)); BaseCreateProcessMsg=&BaseApiMsg.u.CreateProcessW; BaseCreateProcessMsg->dwProcessId=(ULONG)ClientId.UniqueProcess; BaseCreateProcessMsg->dwThreadId=(ULONG)ClientId.UniqueThread; BaseCreateProcessMsg->hProcess=ProcessHandle; BaseCreateProcessMsg->hThread=ThreadHandle; // other fields remain 0 // call server Status=CsrClientCallServer((PCSR_API_MESSAGE)&BaseApiMsg,NULL,CSR_MAKE_API_NUMBER(BASESRV_SERVERDLL_INDEX,BasepCreateProcess),sizeof(BASE_API_MSG)); if (!NT_SUCCESS(Status)) { ZwTerminateProcess(ProcessHandle,Status); ZwClose(ProcessHandle); ZwTerminateThread(ThreadHandle,Status); ZwClose(ThreadHandle); return Status; } |
|
[求助]ring3 遍历系统内核线程
支持楼主 bs#4 哈哈~ |
|
|
|
[原创]世界上最小的下载者,qihoocom来鄙视我吧 - 申精
楼上没有幽默细胞 |
|
[求助]派遣函数调用是否在发起者线程中执行?
异步IO的话调用了Dispatch之后不会WaitForSingleObject,同步IO在调用了Dispatch如果Dispatch返回STATUS_PENDING的话会WaitForSingleObject(kernel中) |
|
|
|
[求助]VB如何获得dll的基址
读一下PEB就是了 |
|
[求助]有关scsi硬盘的io扇区问题
嗯。LogicalBlock就是SectorOffset |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值