|
[求助]请大伙帮忙看看,到底是哪个地方有逻辑错误?DLL&Hook
MEMORY_BASIC_INFORMATION mbi = {0}; //将相应的内存地址设为可读写 ::VirtualQueryEx(hProcess, Addr, &mbi, sizeof(MEMORY_BASIC_INFORMATION)); ::VirtualProtectEx(hProcess, mbi.BaseAddress, codeSize, PAGE_EXECUTE_READWRITE, &pOldFlag); //改写LoadLibrary的前8个字节 ::WriteProcessMemory(hProcess, mbi.BaseAddress, lpBuffer, codeSize, &numWrite); if (numWrite != codeSize) { ::MessageBox(NULL, "It's Wrong When Changing Program's Code!", "Error!", MB_OK | MB_ICONWARNING); ::ExitProcess(0); } //将内存属性改回原来的属性 ::VirtualProtectEx(hProcess, mbi.BaseAddress, codeSize, pOldFlag, &mbi.Protect);说点题外话 红色的代码是多余的. |
|
[求助]ce代码注入的问题
.........看成了 Windows CE. |
|
|
|
[求助]某驱动hook NtOpenProcess在200多字节之后该怎么处理呢?
NTSTATUS NtOpenProcess ( __out PHANDLE ProcessHandle, __in ACCESS_MASK DesiredAccess, __in POBJECT_ATTRIBUTES ObjectAttributes, __in_opt PCLIENT_ID ClientId ) /*++ Routine Description: This function opens a handle to a process object with the specified desired access. The object is located either by name, or by locating a thread whose Client ID matches the specified Client ID and then opening that thread's process. Arguments: ProcessHandle - Supplies a pointer to a variable that will receive the process object handle. DesiredAccess - Supplies the desired types of access for the process object. ObjectAttributes - Supplies a pointer to an object attributes structure. If the ObjectName field is specified, then ClientId must not be specified. ClientId - Supplies a pointer to a ClientId that if supplied specifies the thread whose process is to be opened. If this argument is specified, then ObjectName field of the ObjectAttributes structure must not be specified. Return Value: NTSTATUS - Status of call --*/ { HANDLE Handle; KPROCESSOR_MODE PreviousMode; NTSTATUS Status; PEPROCESS Process; PETHREAD Thread; CLIENT_ID CapturedCid={0}; BOOLEAN ObjectNamePresent; BOOLEAN ClientIdPresent; ACCESS_STATE AccessState; AUX_ACCESS_DATA AuxData; ULONG Attributes; PAGED_CODE(); // // Make sure that only one of either ClientId or ObjectName is // present. // PreviousMode = KeGetPreviousMode(); if (PreviousMode != KernelMode) { // // Since we need to look at the ObjectName field, probe // ObjectAttributes and capture object name present indicator. // try { ProbeForWriteHandle (ProcessHandle); ProbeForReadSmallStructure (ObjectAttributes, sizeof(OBJECT_ATTRIBUTES), sizeof(ULONG)); ObjectNamePresent = (BOOLEAN)ARGUMENT_PRESENT (ObjectAttributes->ObjectName); Attributes = ObSanitizeHandleAttributes (ObjectAttributes->Attributes, UserMode); if (ARGUMENT_PRESENT (ClientId)) { ProbeForReadSmallStructure (ClientId, sizeof (CLIENT_ID), sizeof (ULONG)); CapturedCid = *ClientId; ClientIdPresent = TRUE; } else { ClientIdPresent = FALSE; } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } } else { ObjectNamePresent = (BOOLEAN)ARGUMENT_PRESENT (ObjectAttributes->ObjectName); Attributes = ObSanitizeHandleAttributes (ObjectAttributes->Attributes, KernelMode); if (ARGUMENT_PRESENT (ClientId)) { CapturedCid = *ClientId; ClientIdPresent = TRUE; } else { ClientIdPresent = FALSE; } } if (ObjectNamePresent && ClientIdPresent) { return STATUS_INVALID_PARAMETER_MIX; } // // Create an AccessState here, because the caller may have // DebugPrivilege, which requires us to make special adjustments // to his desired access mask. We do this by modifying the // internal fields in the AccessState to achieve the effect // we desire. // Status = SeCreateAccessState( &AccessState, &AuxData, DesiredAccess, &PsProcessType->TypeInfo.GenericMapping ); if ( !NT_SUCCESS(Status) ) { return Status; } // // Check here to see if the caller has SeDebugPrivilege. If // he does, we will allow him any access he wants to the process. // We do this by clearing the DesiredAccess in the AccessState // and recording what we want him to have in the PreviouslyGrantedAccess // field. // // Note that this routine performs auditing as appropriate. // if (SeSinglePrivilegeCheck( SeDebugPrivilege, PreviousMode )) { if ( AccessState.RemainingDesiredAccess & MAXIMUM_ALLOWED ) { AccessState.PreviouslyGrantedAccess |= PROCESS_ALL_ACCESS; } else { AccessState.PreviouslyGrantedAccess |= ( AccessState.RemainingDesiredAccess ); } AccessState.RemainingDesiredAccess = 0; } if (ObjectNamePresent) { // // Open handle to the process object with the specified desired access, // set process handle value, and return service completion status. // Status = ObOpenObjectByName( ObjectAttributes, PsProcessType, PreviousMode, &AccessState, 0, NULL, &Handle ); SeDeleteAccessState( &AccessState ); if ( NT_SUCCESS(Status) ) { try { *ProcessHandle = Handle; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); } } return Status; } if ( ClientIdPresent ) { Thread = NULL; if (CapturedCid.UniqueThread) { Status = PsLookupProcessThreadByCid( &CapturedCid, &Process, &Thread ); if (!NT_SUCCESS(Status)) { SeDeleteAccessState( &AccessState ); return Status; } } else { Status = PsLookupProcessByProcessId( CapturedCid.UniqueProcess, &Process ); if ( !NT_SUCCESS(Status) ) { SeDeleteAccessState( &AccessState ); return Status; } } // // OpenObjectByAddress // Status = ObOpenObjectByPointer( Process, Attributes, &AccessState, 0, PsProcessType, PreviousMode, &Handle ); SeDeleteAccessState( &AccessState ); if (Thread) { ObDereferenceObject(Thread); } ObDereferenceObject(Process); if (NT_SUCCESS (Status)) { try { *ProcessHandle = Handle; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); } } return Status; } return STATUS_INVALID_PARAMETER_MIX; } LZ 最好学着用google 否则google公司的超级计算机闲着也是闲着,可惜了. |
|
[求助]交流写文件琐的思路觉,欢迎讨论
安装Vista 启动 BitLocker功能。 |
|
|
|
[下载]Rootkit Hook 专题(CHM版)
跟上...... |
|
[求助]如何保护自己的进程不被注入,内存不被恶意读取?
喜欢 shoooo的 头像 |
|
|
|
[求助]请问下在exe文件添加新的DLL那种技术叫什么
叫做PEDiy |
|
[求助]C++如何取数组个数并提取每个数组值?
// TutArrayTest.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include <stdlib.h> #include <string> #include <vector> int _tmain(int argc, _TCHAR* argv[]) { printf("usage : \r\n" "type 'exit' to end the program \r\n" "type 'size' to list the elementnumber of the array \r\n" "type 'list' to list all elements within the array \r\n" "overwise add a new element in to the array \r\n"); std::vector<std::string> strarray; for(;;) { std::string str; char buffer[1024]; gets_s(buffer); str = buffer; if(str == "exit") break; else if(str == "size"){ printf("%d \r\n",strarray.size()); }else if(str == "list"){ for(unsigned int i = 0;i < strarray.size();i++){ printf("Index[%d] = %s\r\n",i,strarray[i].c_str()); } }else{ strarray.push_back(str); puts("new element added"); } } system("PAUSE"); return 0; } 我帮你写了一个示例代码 很好的演示了 数组的用法。其实不必易难多少 只是LZ对类库不熟悉罢了。 |
|
[求助]C++如何取数组个数并提取每个数组值?
动态数组和静态数组是不一样的 LZ不要搞混了。 要使用动态Array 你可以考虑用MFC 的CArray类 当然 C++ STL的东西也可以的。 看来地球上还有比我稍微菜一点的人。 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值