|
[原创]伪造句柄,绕过Callback保护
当然不可能,老外的资料早说了,NP有心跳包,你只要劫持了这个就干掉NP了 |
|
VirtualKD双击调试问题
额,不看英文的错,新版VKD下载后,有个选择框,我字面上理解啊(实在不是很懂英语)应该提示如果是WIN10系统的打勾,他自动打勾的,没去除,所以WINDBG连接不到 |
|
VirtualKD双击调试问题
自己解决了 |
|
VirtualKD双击调试问题
.................................... |
|
VirtualKD双击调试问题
。。。 没人回吗 。。。。 |
|
[分享]习语言
其实就是宏定义,开发者也只是当做玩具,再卖点钱,何况现在用C基本都是老人,新人很难去上手这东西,现在多语言平台,除了老人坚守下C C++搞深层开发,新人都学PHP,JAVA,主要是跨平台,易上手也是现在很多软件开发公司的需求造成的,他们怎么可能培养几年的员工学C,等培养出来,员工也跑路,看雪一些老人文章也说了,亲手教会了一个徒弟,等想他帮忙开发东西,他跑了! |
|
[转帖]Telerik Software Pack 04.03.2016 (Win/Mac) DVT
太大了 没有国内的 下载连接 几乎不可能哦 感觉 |
|
[讨论]科锐24 期的有么,准备每天过武汉,后天去看看
明码标价,总比那些所谓的大神出来骗钱好,而且他们教的实打实的东西,没水,就看你自己学不学 |
|
那位朋友帮忙看看为什么驱动卸载不了
没用 汇编写过驱动 给你发个 Easy Code 的驱动代码 你参考下 .Const ECDrvName Equ <ECPDriver> NT_DEVICE_NAME CatStr <"\Device\>,ECDrvName,<"> DOS_DEVICE_NAME CatStr <"\DosDevices\>,ECDrvName,<"> .Data? DEVICE_EXTENSION Struct ;This structure is driver-defined. ;It must be filled depending on ;the driver to be programmed. ;Until filled with necessary ;data, define a DD value in ;order to avoid compiler errors DD ? DEVICE_EXTENSION EndS .Data .Code DriverEntry Proc pDriverObject:PDRIVER_OBJECT, pusRegistryPath:PUNICODE_STRING Local usDeviceName:UNICODE_STRING, usSymbolicLinkName:UNICODE_STRING Local pDeviceObject:PDEVICE_OBJECT Invoke RtlInitUnicodeString, Addr usDeviceName, TextStrW(%NT_DEVICE_NAME) Invoke RtlInitUnicodeString, Addr usSymbolicLinkName, TextStrW(%DOS_DEVICE_NAME) Invoke IoCreateDevice, pDriverObject, SizeOf DEVICE_EXTENSION, Addr usDeviceName, FILE_DEVICE_UNKNOWN, 0, TRUE, Addr pDeviceObject .If Eax != STATUS_SUCCESS Mov Eax, STATUS_DEVICE_CONFIGURATION_ERROR Ret .EndIf Invoke IoCreateSymbolicLink, Addr usSymbolicLinkName, Addr usDeviceName .If Eax != STATUS_SUCCESS Invoke IoDeleteDevice, pDriverObject Mov Eax, STATUS_DEVICE_CONFIGURATION_ERROR Ret .EndIf Mov Eax, pDriverObject Mov [Eax].DRIVER_OBJECT.DriverUnload, Offset DriverUnload Mov [Eax].DRIVER_OBJECT.MajorFunction[IRP_MJ_CREATE * (SizeOf PVOID)], Offset DriverDispatch Mov [Eax].DRIVER_OBJECT.MajorFunction[IRP_MJ_CLOSE * (SizeOf PVOID)], Offset DriverDispatch Mov [Eax].DRIVER_OBJECT.MajorFunction[IRP_MJ_DEVICE_CONTROL * (SizeOf PVOID)], Offset DriverDispatch Mov [Eax].DRIVER_OBJECT.MajorFunction[IRP_MJ_READ * (SizeOf PVOID)], Offset DriverDispatch Mov [Eax].DRIVER_OBJECT.MajorFunction[IRP_MJ_WRITE * (SizeOf PVOID)], Offset DriverDispatch Mov Eax, STATUS_SUCCESS Ret DriverEntry EndP DriverUnload Proc pDriverObject:PDRIVER_OBJECT Local usSymbolicLinkName:UNICODE_STRING Invoke RtlInitUnicodeString, Addr usSymbolicLinkName, TextStrW(%DOS_DEVICE_NAME) Invoke IoDeleteSymbolicLink, Addr usSymbolicLinkName Mov Eax, pDriverObject Invoke IoDeleteDevice, [Eax].DRIVER_OBJECT.DeviceObject Ret DriverUnload EndP DriverDispatch Proc Uses Ecx Edx pDeviceObject:PDEVICE_OBJECT, pIrp:PIRP Local Status:NTSTATUS, Info:DWord, IO_S_L:DWord Local RBufPtr:DWord ; Buffer Local RBufLen:SDWord ; Buffer Len Mov Info, 0H Mov Eax, pIrp Mov Eax, [Eax]._IRP.Tail.Overlay.CurrentStackLocation Mov IO_S_L, Eax Movzx Eax, [Eax].IO_STACK_LOCATION.MajorFunction .If Eax == IRP_MJ_CREATE Mov Status, STATUS_SUCCESS .ElseIf Eax == IRP_MJ_CLOSE Mov Status, STATUS_SUCCESS .ElseIf Eax == IRP_MJ_DEVICE_CONTROL Mov Status, STATUS_SUCCESS .ElseIf Eax == IRP_MJ_READ Mov Eax, pIrp Move RBufPtr, [Eax]._IRP.UserBuffer ; Buff Ptr Mov Eax, IO_S_L Move RBufLen, [Eax].IO_STACK_LOCATION.Parameters.Read.dwLength ; READ Out Buff Len Invoke RtlZeroMemory, RBufPtr, RBufLen Invoke GetProcess, RBufPtr, RBufLen Mov Info, Eax ; RBufLen Mov Status, STATUS_SUCCESS .ElseIf Eax == IRP_MJ_WRITE Mov Status, STATUS_SUCCESS .Else Mov Status, STATUS_NOT_IMPLEMENTED .EndIf Mov Eax, pIrp Mov Ecx, Status Mov [Eax]._IRP.IoStatus.Status, Ecx Mov Ecx, Info Mov [Eax]._IRP.IoStatus.Information, Ecx Invoke IoCompleteRequest, pIrp, IO_NO_INCREMENT Mov Eax, Status Ret DriverDispatch EndP GetProcess Proc RBufPtr:DWord, RBufLen:DWord Local BufLenReq:SDWord, BufLen:SDWord, BufPtr:DWord Local Result:SDWord Mov Result, -1 Mov BufLenReq, 0 Invoke ZwQuerySystemInformation, SystemProcessInformation, NULL, NULL, Addr BufLenReq .If (BufLenReq <= 0) Mov BufLenReq, 32768 .EndIf Shl BufLenReq, 1 ;BufLenReq * 2 (Por seguridad) Move BufLen, BufLenReq Invoke ExAllocatePool, NonPagedPool, BufLen .If Eax != 0 Mov BufPtr, Eax Invoke ZwQuerySystemInformation, SystemProcessInformation, BufPtr, BufLen, Addr BufLenReq .If Eax == STATUS_INFO_LENGTH_MISMATCH .ElseIf Eax != 0 .Else Mov Eax, BufLenReq .If Eax < RBufLen Mov Result, Eax Invoke RtlMoveMemory, RBufPtr, BufPtr, BufLenReq .EndIf .EndIf Invoke ExFreePool, BufPtr .EndIf Mov Eax, Result Ret GetProcess EndP End DriverEntry |
|
那位朋友帮忙看看为什么驱动卸载不了
额 看到了 。。。。。 |
|
[求助]请问在mdebug中如何找到上一级调用
mdebug 这么强大了吗。。。。 看你那帐号 2004的 谁敢小看啊 哈哈 |
|
[讨论]windows内核安全开发的市场走势
你能用手机玩游戏24小时不断吗?你能让手机游戏的画面堪比PC吗,你能用昂贵的流量做你PC端一切再做的事吗?如果这些都不能,何来桌端没落一说,一切都是国内的投机客炒作,前几年的云端,现在VR ,基本是投机的市场化运做 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值