|
[原创]创建流氓的快捷方式[带源码]
各种假IE快捷方式,然后各种双击。 |
|
[求助]蓝了几次,帮我看下那里错了?EPROCESS隐藏进程
应该是改链表的地方错了 改成这样试试: PLIST_ENTRY bList,fList; bList=pHeadList->Blink; fList=pHeadList->Flink; bList->Flink=fList; fList->Blink=bList; 第一次循环pHeadList也没有初始化,虽然第一次不会是taskmgr.exe |
|
|
|
[求助]关于匿名管道与CMD通信的问题
把自己的进程附加到CMD的Console上去,再自己刷新,不知道行不行 |
|
[求助]KeUpdateSystemTime 是如何更新的
KeUpdateSystemTime更新GetTickCount的值 |
|
[灌水]试累累兮亦繁忙,哥我一去今复还!
LZ实习顺利阿 |
|
[求助]高手解惑!!有关EXE文件大小和占用内存情况!!
对齐。。。。。。。 |
|
|
|
[求助]关于驱动读写其他进程地址空间的问题,让我郁闷很久了
KeStackAttachProcess |
|
[求助]问一个IDT表不能读的问题。
进Ring0 |
|
[求助]问一个IDT表不能读的问题。
Ring0地址 你要能在Ring3直接访问那就牛X了 |
|
[求助]如何替换exe图标?
http://msdn.microsoft.com/en-us/library/ms648008(VS.85).aspx |
|
[原创]写了个驱动,隐藏cmd.exe进程(高手别看)
楼主在真机上试。。。。 |
|
[分享]采用关闭句柄的方式去掉程序多开的限制
查询的句柄指向的是NamedPipe就会卡死 |
|
|
|
[求助]ntddk.h中定义的函数,怎么看实现
lkd> dt _DRIVER_OBJECT 89dcee20 nt!_DRIVER_OBJECT +0x000 Type : 4 +0x002 Size : 168 +0x004 DeviceObject : 0x89cce770 _DEVICE_OBJECT +0x008 Flags : 0x92 +0x00c DriverStart : 0xb9e47000 +0x010 DriverSize : 0x8c400 +0x014 DriverSection : 0x89e64a78 +0x018 DriverExtension : 0x89dceec8 _DRIVER_EXTENSION +0x01c DriverName : _UNICODE_STRING "\FileSystem\Ntfs" +0x024 HardwareDatabase : 0x8067c260 _UNICODE_STRING "\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM" +0x028 FastIoDispatch : 0xb9e667a0 _FAST_IO_DISPATCH +0x02c DriverInit : 0xb9ecc184 long Ntfs!GsDriverEntry+0 +0x030 DriverStartIo : (null) +0x034 DriverUnload : (null) +0x038 MajorFunction : [28] 0xb9e6cc01 long Ntfs!NtfsFsdCreate+0 lkd> dt _FAST_IO_DISPATCH b9e667a0 nt!_FAST_IO_DISPATCH +0x000 SizeOfFastIoDispatch : 0x70 +0x004 FastIoCheckIfPossible : 0xb9e80eda unsigned char Ntfs!NtfsFastIoCheckIfPossible+0 +0x008 FastIoRead : 0xb9e67b57 unsigned char Ntfs!NtfsCopyReadA+0 +0x00c FastIoWrite : 0xb9e86448 unsigned char Ntfs!NtfsCopyWriteA+0 +0x010 FastIoQueryBasicInfo : 0xb9e6d48e unsigned char Ntfs!NtfsFastQueryBasicInfo+0 +0x014 FastIoQueryStandardInfo : 0xb9e6bf7e unsigned char Ntfs!NtfsFastQueryStdInfo+0 +0x018 FastIoLock : 0xb9e870f2 unsigned char Ntfs!NtfsFastLock+0 +0x01c FastIoUnlockSingle : 0xb9e871f8 unsigned char Ntfs!NtfsFastUnlockSingle+0 +0x020 FastIoUnlockAll : 0xb9ec06ae unsigned char Ntfs!NtfsFastUnlockAll+0 +0x024 FastIoUnlockAllByKey : 0xb9ec07f3 unsigned char Ntfs!NtfsFastUnlockAllByKey+0 +0x028 FastIoDeviceControl : (null) +0x02c AcquireFileForNtCreateSection : 0xb9e6783a void Ntfs!NtfsAcquireForCreateSection+0 +0x030 ReleaseFileForNtCreateSection : 0xb9e67881 void Ntfs!NtfsReleaseForCreateSection+0 +0x034 FastIoDetachDevice : (null) +0x038 FastIoQueryNetworkOpenInfo : 0xb9eaee1d unsigned char Ntfs!NtfsFastQueryNetworkOpenInfo+0 +0x03c AcquireForModWrite : 0xb9e73a10 long Ntfs!NtfsAcquireFileForModWrite+0 +0x040 MdlRead : 0xb9eaef31 unsigned char Ntfs!NtfsMdlReadA+0 +0x044 MdlReadComplete : 0x804e9b14 unsigned char nt!FsRtlMdlReadCompleteDev+0 +0x048 PrepareMdlWrite : 0xb9eaf2ab unsigned char Ntfs!NtfsPrepareMdlWriteA+0 +0x04c MdlWriteComplete : 0x8056bbec unsigned char nt!FsRtlMdlWriteCompleteDev+0 +0x050 FastIoReadCompressed : (null) +0x054 FastIoWriteCompressed : (null) +0x058 MdlReadCompleteCompressed : (null) +0x05c MdlWriteCompleteCompressed : (null) +0x060 FastIoQueryOpen : 0xb9e6bdb8 unsigned char Ntfs!NtfsNetworkOpenCreate+0 +0x064 ReleaseForModWrite : (null) +0x068 AcquireForCcFlush : 0xb9e676e2 long Ntfs!NtfsAcquireFileForCcFlush+0 +0x06c ReleaseForCcFlush : 0xb9e67708 long Ntfs!NtfsReleaseFileForCcFlush+0 |
|
[求助]ntddk.h中定义的函数,怎么看实现
lkd> !drvobj ntfs Driver object (89dcee20) is for: \FileSystem\Ntfs Driver Extension List: (id , addr) Device Object list: 89cce770 89b2b020 898f5770 89e11590 89dc8f18 lkd> !drvobj 89dcee20 2 Driver object (89dcee20) is for: \FileSystem\Ntfs DriverEntry: b9ecc184 Ntfs!GsDriverEntry DriverStartIo: 00000000 DriverUnload: 00000000 AddDevice: 00000000 Dispatch routines: [00] IRP_MJ_CREATE b9e6cc01 Ntfs!NtfsFsdCreate [01] IRP_MJ_CREATE_NAMED_PIPE 804f5544 nt!IopInvalidDeviceRequest [02] IRP_MJ_CLOSE b9e6c0ea Ntfs!NtfsFsdClose [03] IRP_MJ_READ b9e49f3b Ntfs!NtfsFsdRead [04] IRP_MJ_WRITE b9e48b57 Ntfs!NtfsFsdWrite [05] IRP_MJ_QUERY_INFORMATION b9e6d2b9 Ntfs!NtfsFsdDispatchWait [06] IRP_MJ_SET_INFORMATION b9e4a618 Ntfs!NtfsFsdSetInformation [07] IRP_MJ_QUERY_EA b9e6d2b9 Ntfs!NtfsFsdDispatchWait [08] IRP_MJ_SET_EA b9e6d2b9 Ntfs!NtfsFsdDispatchWait [09] IRP_MJ_FLUSH_BUFFERS b9e86ec8 Ntfs!NtfsFsdFlushBuffers [0a] IRP_MJ_QUERY_VOLUME_INFORMATION b9e6d404 Ntfs!NtfsFsdDispatch [0b] IRP_MJ_SET_VOLUME_INFORMATION b9e6d404 Ntfs!NtfsFsdDispatch [0c] IRP_MJ_DIRECTORY_CONTROL b9e6efbd Ntfs!NtfsFsdDirectoryControl [0d] IRP_MJ_FILE_SYSTEM_CONTROL b9e71758 Ntfs!NtfsFsdFileSystemControl [0e] IRP_MJ_DEVICE_CONTROL b9e6d404 Ntfs!NtfsFsdDispatch [0f] IRP_MJ_INTERNAL_DEVICE_CONTROL 804f5544 nt!IopInvalidDeviceRequest [10] IRP_MJ_SHUTDOWN b9e5b5af Ntfs!NtfsFsdShutdown [11] IRP_MJ_LOCK_CONTROL b9ec0aa3 Ntfs!NtfsFsdLockControl [12] IRP_MJ_CLEANUP b9e6cab8 Ntfs!NtfsFsdCleanup [13] IRP_MJ_CREATE_MAILSLOT 804f5544 nt!IopInvalidDeviceRequest [14] IRP_MJ_QUERY_SECURITY b9e6d404 Ntfs!NtfsFsdDispatch [15] IRP_MJ_SET_SECURITY b9e6d404 Ntfs!NtfsFsdDispatch [16] IRP_MJ_POWER 804f5544 nt!IopInvalidDeviceRequest [17] IRP_MJ_SYSTEM_CONTROL 804f5544 nt!IopInvalidDeviceRequest [18] IRP_MJ_DEVICE_CHANGE 804f5544 nt!IopInvalidDeviceRequest [19] IRP_MJ_QUERY_QUOTA b9e6d2b9 Ntfs!NtfsFsdDispatchWait [1a] IRP_MJ_SET_QUOTA b9e6d2b9 Ntfs!NtfsFsdDispatchWait [1b] IRP_MJ_PNP b9e897f0 Ntfs!NtfsFsdPnp Fast I/O routines: FastIoCheckIfPossible b9e80eda Ntfs!NtfsFastIoCheckIfPossible FastIoRead b9e67b57 Ntfs!NtfsCopyReadA FastIoWrite b9e86448 Ntfs!NtfsCopyWriteA FastIoQueryBasicInfo b9e6d48e Ntfs!NtfsFastQueryBasicInfo FastIoQueryStandardInfo b9e6bf7e Ntfs!NtfsFastQueryStdInfo FastIoLock b9e870f2 Ntfs!NtfsFastLock FastIoUnlockSingle b9e871f8 Ntfs!NtfsFastUnlockSingle FastIoUnlockAll b9ec06ae Ntfs!NtfsFastUnlockAll FastIoUnlockAllByKey b9ec07f3 Ntfs!NtfsFastUnlockAllByKey AcquireFileForNtCreateSection b9e6783a Ntfs!NtfsAcquireForCreateSection ReleaseFileForNtCreateSection b9e67881 Ntfs!NtfsReleaseForCreateSection FastIoQueryNetworkOpenInfo b9eaee1d Ntfs!NtfsFastQueryNetworkOpenInfo AcquireForModWrite b9e73a10 Ntfs!NtfsAcquireFileForModWrite MdlRead b9eaef31 Ntfs!NtfsMdlReadA MdlReadComplete 804e9b14 nt!FsRtlMdlReadCompleteDev PrepareMdlWrite b9eaf2ab Ntfs!NtfsPrepareMdlWriteA MdlWriteComplete 8056bbec nt!FsRtlMdlWriteCompleteDev FastIoQueryOpen b9e6bdb8 Ntfs!NtfsNetworkOpenCreate AcquireForCcFlush b9e676e2 Ntfs!NtfsAcquireFileForCcFlush ReleaseForCcFlush b9e67708 Ntfs!NtfsReleaseFileForCcFlush |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值