|
奇怪的远程线程dll注入问题
SetWindowsHookEx的thread id 参数不要写0就可以了 |
|
[求助]《Undocumented Windows 2000 Secrets》中一段代码的疑惑
答案是WIN2000就是这么写的: case SystemProcessInformation: if (SystemInformationLength < sizeof( SYSTEM_PROCESS_INFORMATION)) { return STATUS_INFO_LENGTH_MISMATCH; } Status = ExpGetProcessInformation (SystemInformation, SystemInformationLength, &Length, NULL); if (NT_SUCCESS(Status) && ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = Length; } 只有成功获取了ProcessInfomation才会告诉你返回了多少数据 |
|
|
|
[原创]另类挂钩-RING3数据包监视
DeviceIoControl才是NtDeviceIoControl的wrape 另外mswsock是直接调用ntdeviceiocontrol的,如果你HOOK DEVICEIOCONTROL是拿不到数据的 好好学习基础再出来说话吧 |
|
[原创]另类挂钩-RING3数据包监视
楼上应该看看别人实验的结果~ |
|
[讨论]ExitPorcess退出进程时为什么会出错?[我已经简单的搞定了,设置线程SEH再退一次]
VOID WINAPI ExitProcess( UINT uExitCode ) /*++ Routine Description: The current process can exit using ExitProcess. ExitProcess is the prefered method of exiting an application. This API provides a clean application shutdown. This includes calling all attached DLLs at their instance termination entrypoint. If an application terminates by any other method: - TerminateProcess - TerminateThread of last thread in the process - ExitThread of last thread in the process The DLLs that the process is attached to will not be notified of the process termination. After notifying all DLLs of the process termination, this API terminates the current process as if a call to TerminateProcess(GetCurrentProcess()) were made. Arguments: uExitCode - Supplies the termination status for each thread in the process. Return Value: None. --*/ { NTSTATUS Status; BASE_API_MSG m; PBASE_EXITPROCESS_MSG a = (PBASE_EXITPROCESS_MSG)&m.u.ExitProcess; if ( BaseRunningInServerProcess ) { ASSERT(!BaseRunningInServerProcess); } else { RtlAcquirePebLock(); try { Status = NtTerminateProcess(NULL,(NTSTATUS)uExitCode); LdrShutdownProcess(); #if defined(BUILD_WOW6432) CsrBasepExitProcess(uExitCode); #else a->uExitCode = uExitCode; CsrClientCallServer( (PCSR_API_MSG)&m, NULL, CSR_MAKE_API_NUMBER( BASESRV_SERVERDLL_INDEX, BasepExitProcess ), sizeof( *a ) ); #endif NtTerminateProcess(NtCurrentProcess(),(NTSTATUS)uExitCode); } finally { RtlReleasePebLock(); } } } |
|
[求助]请问什么是ReloadAndRun?
你理解得有问题 |
|
[讨论]ExitPorcess退出进程时为什么会出错?[我已经简单的搞定了,设置线程SEH再退一次]
呵呵 并不是exitprocess出错啊 |
|
[原创]X (还没有取名)
楼主我把我的windows internals4th送你吧~虽然翻得有点破 - - |
|
[原创]X (还没有取名)
寄给360了?楼主,我们没收到啊~你怎么不说联系我 |
|
|
|
[原创]X (还没有取名)
我已经下了,楼主晚了一步,还好我手快 |
|
[原创]X (还没有取名)
居然模拟了VISTA的XAC~呵呵不过看起来驱动BUG还不少~蓝屏不断啊 |
|
[原创]X (还没有取名)
主程序好像加壳了,装完后系统再也起不来了噢 - - |
|
[原创]X (还没有取名)
太强了,无法学习,只能收藏 |
|
|
|
[原创]弱弱的问一下:如何无驱动读写2003系列的物理内存?
ntsystemdebugcontrol不行了,可以试试hotpatch |
|
[求助]关于系统文件和注册表hook的问题
我是说miniport object hijack |
|
[求助]user32.dll地址空间的属性到底是怎么样的?
写内存时跟踪一下kitrap0e 就知道啦 |
|
[求助]user32.dll地址空间的属性到底是怎么样的?
2楼的文章太老了,RING0绕过copyonwrite只要将cr0第16位置0就可以了 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值