|
|
|
[求助]如何检测某一指定进程是否被关闭?
GetExitCodeProcess |
|
[求助]如何检测一个进程当前的状态
GetExitCodeProcess可以不? |
|
[求助]现在的网络游戏外挂主要指的什么?
劫持DX或OpenGL的DLL,做穿墙外挂。 |
|
[推荐]反键盘记录软件PrivacyKeyboard,超牛,各位大牛都进来试试能不能突破!
实验完毕,使用GetAsyncKeyState方法突破。 |
|
[求助]老问题 DKOM隐藏进程的恢复
现在基本都是多核的机子,cli并不一定能阻止线程切换。 |
|
|
|
[原创]NtUserGetThreadState的用法收集
翻了下2k的代码。这家伙作用真多: ULONG_PTR NtUserGetThreadState( IN USERTHREADSTATECLASS ThreadState) { PTHREADINFO ptiCurrent = PtiCurrentShared(); BEGINRECV_SHARED(ULONG_PTR, 0); switch (ThreadState) { case UserThreadStateFocusWindow: retval = (ULONG_PTR)HW(ptiCurrent->pq->spwndFocus); break; case UserThreadStateActiveWindow: retval = (ULONG_PTR)HW(ptiCurrent->pq->spwndActive); break; case UserThreadStateCaptureWindow: retval = (ULONG_PTR)HW(ptiCurrent->pq->spwndCapture); break; case UserThreadStateDefaultImeWindow: retval = (ULONG_PTR)HW(ptiCurrent->spwndDefaultIme); break; case UserThreadStateDefaultInputContext: retval = (ULONG_PTR)PtoH(ptiCurrent->spDefaultImc); break; case UserThreadStateImeCompatFlags: UserAssert(ptiCurrent->ppi != NULL); retval = (DWORD)(ptiCurrent->ppi->dwImeCompatFlags); break; case UserThreadStatePreviousKeyboardLayout: retval = (ULONG_PTR)(ptiCurrent->hklPrev); break; case UserThreadStateIsWinlogonThread: // Client IMM checks if the process is Login; // to prevent switching dictionaries, etc. // LATER: gpidLogin per WinStation ? retval = (DWORD)(GetCurrentProcessId() == gpidLogon); break; case UserThreadStateIsConImeThread: UserAssert(ptiCurrent->rpdesk != NULL); retval = (DWORD)(PtiFromThreadId(ptiCurrent->rpdesk->dwConsoleIMEThreadId) == ptiCurrent); break; case UserThreadStateInputState: retval = (DWORD)_GetInputState(); break; case UserThreadStateCursor: retval = (ULONG_PTR)PtoH(ptiCurrent->pq->spcurCurrent); break; case UserThreadStateChangeBits: retval = ptiCurrent->pcti->fsChangeBits; break; case UserThreadStatePeekMessage: /* * Update the last read time so that hung app painting won't occur. */ SET_TIME_LAST_READ(ptiCurrent); retval = (DWORD)FALSE; break; case UserThreadStateExtraInfo: retval = ptiCurrent->pq->ExtraInfo; break; case UserThreadStateInSendMessage: if (ptiCurrent->psmsCurrent != NULL) { if (ptiCurrent->psmsCurrent->ptiSender != NULL) { retval = ISMEX_SEND; } else if (ptiCurrent->psmsCurrent->flags & (SMF_CB_REQUEST | SMF_CB_REPLY)) { retval = ISMEX_CALLBACK; } else { retval = ISMEX_NOTIFY; } if (ptiCurrent->psmsCurrent->flags & SMF_REPLY) { retval |= ISMEX_REPLIED; } } else { retval = ISMEX_NOSEND; } break; case UserThreadStateMessageTime: retval = ptiCurrent->timeLast; break; case UserThreadStateIsForeground: retval = (ptiCurrent->pq == gpqForeground); break; case UserThreadConnect: retval = TRUE; break; default: RIPMSG1(RIP_WARNING, "NtUserGetThreadState invalid ThreadState:%#x", ThreadState); MSGERROR(0); } ENDRECV_SHARED(); } |
|
[原创]NtUserGetThreadState的用法收集
貌似标志 = 6 是 GetCursor |
|
[求助]有没有人研究过0x10000放的是啥东西?
PEB在0x7ffdX000里 |
|
[原创]用移动梦网整人的方法
我胆子偏小,不敢搞这玩意儿 |
|
[求助]关于窗口枚举
任务管理器还会判断使用InternalGetWindowText是否能得到窗口名,而且窗口名不能是Program Manager,是的话就不显示。 楼主的头像让我想念火焰纹章了…… |
|
[原创]ring0注入ring3的一种新方法
谢谢指点!学习了! |
|
[求助]谁能推荐本有ZwWriteFile之类的文件操作内容的书
可以看下楚狂人的《Windows驱动编程基础教程》 |
|
|
|
[原创]ring0注入ring3的一种新方法
这个方法和SetThreadContext法差不多 |
|
[原创]ring0注入ring3的一种新方法
我想在ring0中调用ring3的函数…… |
|
[原创]Hook ObReferenceObjectByHandle的另一种框架
主要是为了效率啦,这个函数系统调用很频繁的…… |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值