|
[招聘]百度国际化招windows驱动开发工程师
楼主从QQ管家跳槽了?还是被开了?还是被高薪挖走了? |
|
[求助]新手求助,RadASM+Kmdkit开发驱动,编译错误
好好的用C写驱动不写,偏偏要用masm,吃饱了撑着。 |
|
[原创]WtoolV2.5 Ring3下的系统辅助工具
皮肤不错,求ring3代码。 |
|
|
|
|
|
|
|
[求助]ring0枚举进程
NTSTATUS LookupProcessByName( IN PCHAR pcProcessName, OUT PEPROCESS *pEprocess ) { NTSTATUS status; ULONG uCount = 0; ULONG uLength = 0; PLIST_ENTRY pListActiveProcess; PEPROCESS pCurrentEprocess = NULL; ULONG ulNextProcess = 0; ULONG g_Offset_Eprocess_Flink; WIN_VER_DETAIL WinVer; char lpszProName[100]; char *lpszAttackProName = NULL; if (!ARGUMENT_PRESENT(pcProcessName) || !ARGUMENT_PRESENT(pEprocess)) { return STATUS_INVALID_PARAMETER; } if (KeGetCurrentIrql() > PASSIVE_LEVEL) { return STATUS_UNSUCCESSFUL; } uLength = strlen(pcProcessName); WinVer = GetWindowsVersion(); switch(WinVer) { case WINDOWS_VERSION_XP: g_Offset_Eprocess_Flink = 0x88; break; case WINDOWS_VERSION_7_7600_UP: case WINDOWS_VERSION_7_7000: g_Offset_Eprocess_Flink = 0xb8; break; case WINDOWS_VERSION_VISTA_2008: g_Offset_Eprocess_Flink = 0x0a0; break; case WINDOWS_VERSION_2K3_SP1_SP2: g_Offset_Eprocess_Flink = 0x98; break; case WINDOWS_VERSION_2K3: g_Offset_Eprocess_Flink = 0x088; break; } if (!g_Offset_Eprocess_Flink){ return STATUS_UNSUCCESSFUL; } pCurrentEprocess = PsGetCurrentProcess(); ulNextProcess =(ULONG) pCurrentEprocess; __try { memset(lpszProName,0,sizeof(lpszProName)); if (uLength > 15) { strncat(lpszProName,pcProcessName,15); } while(1) { lpszAttackProName = NULL; lpszAttackProName = (char *)PsGetProcessImageFileName(pCurrentEprocess); if (uLength > 15) { if (lpszAttackProName && strlen(lpszAttackProName) == uLength) { if(_strnicmp(lpszProName,lpszAttackProName, uLength) == 0) { *pEprocess = pCurrentEprocess; status = STATUS_SUCCESS; break; } } } else { if (lpszAttackProName && strlen(lpszAttackProName) == uLength) { if(_strnicmp(pcProcessName,lpszAttackProName, uLength) == 0) { *pEprocess = pCurrentEprocess; status = STATUS_SUCCESS; break; } } } if ((uCount >= 1) && (ulNextProcess ==(ULONG) pCurrentEprocess)) { *pEprocess = 0x00000000; status = STATUS_NOT_FOUND; break; } pListActiveProcess = (LIST_ENTRY *)((ULONG)pCurrentEprocess + g_Offset_Eprocess_Flink); (ULONG)pCurrentEprocess = (ULONG)pListActiveProcess->Flink; (ULONG)pCurrentEprocess = (ULONG)pCurrentEprocess - g_Offset_Eprocess_Flink; uCount++; } } __except(EXCEPTION_EXECUTE_HANDLER) { KdPrint(("LookupProcessByName:%08x\r\n",GetExceptionCode())); status = STATUS_NOT_FOUND; } return status; } 自己提取。。。 |
|
|
|
|
|
[求助]hook一内核函数之后为啥跳转到一奇怪的地方?
曾经我以为,能否hook IofCallDriver这个函数的人不简单,现在楼主毁了我的三观。 |
|
[原创]Hide your InlineHook in Xuetr、Gmer、RKU、KD(技术解封专题)
隐藏hook技术跟视频教程有什么关系? |
|
[原创]ixer 0.11开源版-一款手工杀毒/Anti-rootkit工具
最近有个写64 ark的想法,温习下64的写法,哥们可否给个QQ? |
|
[原创]Hide your InlineHook in Xuetr、Gmer、RKU、KD(技术解封专题)
这个方法正在使用当中,还不到解封的时候。 |
|
汇编聊天软件,更新版本,界面皮肤 心跳包
楼主好幼稚。。这个破玩意代码量估计不要10万行,居然想找投资。 |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值