|
[原创]简单inline hook ObReferenceObjectByHandle保护进程和屏蔽文件执行
照你那么说岂不是所有驱动程序都要自己分非分页内存.....一般不会拉....如果你要保险..也可以lock下....反正在我机器试了那么多次没事... |
|
[原创]DKOM Benefits and Drawbacks
继续努力...加油... |
|
[原创]简单inline hook ObReferenceObjectByHandle保护进程和屏蔽文件执行
谢谢sudami ........OldObReferenceObjectByHandle这应该是个地址吧....但inline hook后....ObReferenceObjectByHandle地址没变....只是前面几个字节变了... |
|
[原创]简单inline hook ObReferenceObjectByHandle保护进程和屏蔽文件执行
的确/////使用被自己HOOK的函数的确是比较麻烦....我也想不到更好的办法....呵呵 |
|
[华章公司]《Windows编程循序渐进》宣传活动,暨第一届软件设计大赛(所有奖项已揭晓)
俺39号。。就选择39号 |
|
[分享]codeproject驱动教程翻译
今天我就翻译下第三,第四吧....看有没时间翻译完 |
|
[分享]codeproject驱动教程翻译
随便拉.....我最近刚好想补下英语....课本是看不下就看这些教程.......呵呵....后面的越来越精彩哦..还有网络部分的..... |
|
[分享]codeproject驱动教程翻译
这个教程不错...呵呵..俺有空也想翻译下 |
|
[求助]我有一个地址,例如0x1111,怎么才能在这个地址写上一堆数据??
char* p=(char*)0x1111;--------------->>>>这样定义 char* s = "abcdefg"; p=s;------------------------------>>>>赋值 printf("%s\n",p); |
|
[求助]siverif.exe判断签名的原理?
不是吧....注意WCHAR的处理就行 |
|
[求助]siverif.exe判断签名的原理?
其实这种问题自己google就好 |
|
[求助]siverif.exe判断签名的原理?
BOOL CheckFileTrust( LPCWSTR lpFileName ) { BOOL bRet = FALSE; WINTRUST_DATA wd = { 0 }; WINTRUST_FILE_INFO wfi = { 0 }; WINTRUST_CATALOG_INFO wci = { 0 }; CATALOG_INFO ci = { 0 }; HCATADMIN hCatAdmin = NULL; if ( !CryptCATAdminAcquireContext( &hCatAdmin, NULL, 0 ) ) { return FALSE; } HANDLE hFile = CreateFileW( lpFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL ); if ( INVALID_HANDLE_VALUE == hFile ) { CryptCATAdminReleaseContext( hCatAdmin, 0 ); return FALSE; } DWORD dwCnt = 100; BYTE byHash[100]; CryptCATAdminCalcHashFromFileHandle( hFile, &dwCnt, byHash, 0 ); CloseHandle( hFile ); LPWSTR pszMemberTag = new WCHAR[dwCnt * 2 + 1]; for ( DWORD dw = 0; dw < dwCnt; ++dw ) { wsprintfW( &pszMemberTag[dw * 2], L"%02X", byHash[dw] ); } HCATINFO hCatInfo = CryptCATAdminEnumCatalogFromHash( hCatAdmin, byHash, dwCnt, 0, NULL ); if ( NULL == hCatInfo ) { wfi.cbStruct = sizeof( WINTRUST_FILE_INFO ); wfi.pcwszFilePath = lpFileName; wfi.hFile = NULL; wfi.pgKnownSubject = NULL; wd.cbStruct = sizeof( WINTRUST_DATA ); wd.dwUnionChoice = WTD_CHOICE_FILE; wd.pFile = &wfi; wd.dwUIChoice = WTD_UI_NONE; wd.fdwRevocationChecks = WTD_REVOKE_NONE; wd.dwStateAction = WTD_STATEACTION_IGNORE; wd.dwProvFlags = WTD_SAFER_FLAG; wd.hWVTStateData = NULL; wd.pwszURLReference = NULL; } else { CryptCATCatalogInfoFromContext( hCatInfo, &ci, 0 ); wci.cbStruct = sizeof( WINTRUST_CATALOG_INFO ); wci.pcwszCatalogFilePath = ci.wszCatalogFile; wci.pcwszMemberFilePath = lpFileName; wci.pcwszMemberTag = pszMemberTag; wd.cbStruct = sizeof( WINTRUST_DATA ); wd.dwUnionChoice = WTD_CHOICE_CATALOG; wd.pCatalog = &wci; wd.dwUIChoice = WTD_UI_NONE; wd.fdwRevocationChecks = WTD_STATEACTION_VERIFY; wd.dwProvFlags = 0; wd.hWVTStateData = NULL; wd.pwszURLReference = NULL; } GUID action = WINTRUST_ACTION_GENERIC_VERIFY_V2; HRESULT hr = WinVerifyTrust( NULL, &action, &wd ); bRet = SUCCEEDED( hr ); if ( NULL != hCatInfo ) { CryptCATAdminReleaseCatalogContext( hCatAdmin, hCatInfo, 0 ); } CryptCATAdminReleaseContext( hCatAdmin, 0 ); delete[] pszMemberTag; return bRet; } |
|
[讨论][分享]win32汇编经验点滴
俺发现我们学计算机很像...你也是学生吧..... |
|
[已解决]NtQueryVirtualMemory 问题
下面是摘我以前的文章的一段::: : : 从ntdll.dll获得索引比如NtQueueApcThread, .text:7C92E23D mov eax, 0B4h ; NtQueueApcThread .text:7C92E242 mov edx, 7FFE0300h .text:7C92E247 call dword ptr [edx] .text:7C92E249 retn 14h 好了,记下0B4h #pragma pack(1) typedef struct ServiceDescriptorEntry { unsigned int *ServiceTableBase; unsigned int *ServiceCounterTableBase; unsigned int NumberOfServices; unsigned char *ParamTableBase; } ServiceDescriptorTableEntry_t, *PServiceDescriptorTableEntry_t; #pragma pack() extern "C"__declspec(dllimport) ServiceDescriptorTableEntry_t KeServiceDescriptorTable; typedef NTSTATUS (*NTQUEUEAPCTHREAD)( IN HANDLE ThreadHandle, IN PIO_APC_ROUTINE ApcRoutine, IN PVOID ApcRoutineContext OPTIONAL, IN PIO_STATUS_BLOCK ApcStatusBlock OPTIONAL, IN ULONG ApcReserved OPTIONAL ); NTQUEUEAPCTHREAD NtQueueApcThread; : : : NtQueueApcThread =*(KeServiceDescriptorTable.ServiceTableBase + 0x0B4); |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值