|
Hook过滤架构搭建,仿照360
哦第一次发长段的没经验谢谢了! |
|
Hook过滤架构搭建,仿照360
这,第一次发怎么格式变了.........预览还好好的怎么发出来,间距这么大啊悲剧 |
|
[Windows源码分析](一)初始化内核与执行体子系统
搬板凳来了! |
|
问个进程过滤问题
ms并不是所有它带的程序都签名额,像记事本,用ms的签名校验都报没有签名。 |
|
问个进程过滤问题
谢谢各位的意见 MD5还不错,放用户层做MD5计算通信的话,延迟会比较大吧? |
|
菜鸟的第一步实战SSDT HOOK实现文件隐藏
呵其实那种语言都一样,我喜欢汇编的感觉........ |
|
调试驱动问题........
包得BUG: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: c0000005, The exception code that was not handled Arg2: 806a2ead, The address that the exception occurred at Arg3: f9c3a714, Exception Record Address Arg4: f9c3a410, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx" FAULTING_IP: nt!MmInitSystem+1356 806a2ead 6683784005 cmp word ptr [eax+40h],5 EXCEPTION_RECORD: f9c3a714 -- (.exr 0xfffffffff9c3a714) ExceptionAddress: 806a2ead (nt!MmInitSystem+0x00001356) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000040 Attempt to read from address 00000040 CONTEXT: f9c3a410 -- (.cxr 0xfffffffff9c3a410) eax=00000000 ebx=8055c1e0 ecx=00000000 edx=f970c000 esi=8198aa08 edi=8055c1c0 eip=806a2ead esp=f9c3a7dc ebp=f9c3a838 iopl=0 nv up ei pl nz ac po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010212 nt!MmInitSystem+0x1356: 806a2ead 6683784005 cmp word ptr [eax+40h],5 ds:0023:00000040=???? Resetting default scope DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE PROCESS_NAME: System ERROR_CODE: (NTSTATUS) 0xc0000005 - "0x%08lx" EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 00000040 READ_ADDRESS: 00000040 FOLLOWUP_IP: nt!MmInitSystem+1356 806a2ead 6683784005 cmp word ptr [eax+40h],5 BUGCHECK_STR: 0x7E LAST_CONTROL_TRANSFER: from 806a2771 to 806a2ead STACK_TEXT: f9c3a838 806a2771 00000001 80087000 00000000 nt!MmInitSystem+0x1356 f9c3adac 8057beff 80087000 00000000 00000000 nt!Phase1Initialization+0x520 f9c3addc 804f98ea 806a22fa 80087000 00000000 nt!PspSystemThreadStartup+0x34 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!MmInitSystem+1356 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt DEBUG_FLR_IMAGE_TIMESTAMP: 498c1a18 STACK_COMMAND: .cxr 0xfffffffff9c3a410 ; kb IMAGE_NAME: memory_corruption FAILURE_BUCKET_ID: 0x7E_nt!MmInitSystem+1356 BUCKET_ID: 0x7E_nt!MmInitSystem+1356 Followup: MachineOwner --------- |
|
调试驱动问题........
出现个新问题.......怎么现在我WINDBG和虚拟机连上后就是WAIT TO connet 在虚拟机回车选择DEBUG后,WINDBG断下,然后我点G运行OS,结果虚拟机就直接蓝屏.....,以前没这情况啊,现在根本进不去了只要运行就直接蓝屏这什么意思? |
|
求助驱动调试问题
连是连上了可在虚拟机中加载驱动的时候报错 Module load completed but symbols could not be loaded for myCallGate.sys Breakpoint 1's offset expression evaluation failed. Check for invalid symbols or bad syntax. WaitForEvent失败 myCallGate.sys这个是我要调试的。汇编写得没符号文件啊?要怎么办啊 |
|
求助驱动调试问题
源文件是驱动的文件还是代码文件啊?映像文件又设置什么? |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值