|
[求助]这段汇编为何有错误?
invoke RtlZeroMemory,addr stProcess,sizeof stProcess ;清空stProcess,不然进程会重叠 mov stProcess.dwSize,sizeof stProcess invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,addr stProcess ;开始历遍快照 mov hSnapShot,eax invoke Process32First,hSnapShot,addr stProcess;历遍第一个进程 .while eax invoke CompareString,LOCALE_USER_DEFAULT,NORM_IGNORECASE,CTXT("iexplore.exe"),-1,addr stProcess.szExeFile,-1 .if eax==2 push stProcess.th32ProcessID pop pid .endif invoke Process32Next,hSnapShot,addr stProcess .endw |
|
|
|
[求助]如何在对话框里显示一张bmp图片?
2楼,你给的代码不怎么懂看.......... |
|
[求助]这段汇编为何有错误?
可以考虑用快照来解决 |
|
|
|
[求助]关于列表对话框
貌似是关于 ImageList_ 类的函数..........期待ing~~ |
|
[求助]关于列表对话框
偷偷顶一下期待大大 |
|
[原创]管道应用之捕获控制台程序信息
可以用多线程 |
|
|
|
[求助]关于列表对话框
为什么我的代码都是这样同一个图表的呢? 测试代码: ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ; 在ListView中增加一个列 ; _hWinView = 句柄 ; 输入:_dwColumn = 增加的列编号 ; _dwWidth = 列的宽度 ; _lpszHead = 列的标题字符串 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> _ListViewAddColumn proc _hWinView,_dwColumn,_dwWidth,_lpszHead local @stLVC:LV_COLUMN local hIml:DWORD local hIcon1:DWORD local hIcon2:DWORD local hIcon3:DWORD invoke ImageList_Create,16,16,ILC_MASK or ILC_COLOR24,1,10 mov hIml,eax invoke LoadIcon,hInstance,10000 mov hIcon1,eax invoke ImageList_AddIcon,hIml,eax ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> invoke LoadIcon,hInstance,10001 mov hIcon2,eax invoke ImageList_AddIcon,hIml,eax invoke DestroyIcon,hIcon1 invoke DestroyIcon,hIcon2 invoke SendMessage,_hWinView,LVM_SETIMAGELIST,LVSIL_SMALL,hIml ; mov eax,LVS_EX_FULLROWSELECT or LVS_EX_GRIDLINES or LVS_EX_SUBITEMIMAGES ; invoke SendMessage,_hWinView,LVM_SETEXTENDEDLISTVIEWSTYLE,0,eax invoke RtlZeroMemory,addr @stLVC,sizeof LV_COLUMN mov @stLVC.imask,LVCF_FMT or LVCF_TEXT or LVCF_WIDTH or LVCF_SUBITEM mov @stLVC.fmt,LVCFMT_LEFT push _lpszHead pop @stLVC.pszText mov @stLVC.cchTextMax,SIZEOF _lpszHead push _dwWidth pop @stLVC.lx mov @stLVC.iSubItem,1 invoke SendMessage,_hWinView,LVM_INSERTCOLUMN,_dwColumn,addr @stLVC invoke SendMessage,_hWinView,LVM_SETEXTENDEDLISTVIEWSTYLE,LVS_EX_GRIDLINES or LVS_EX_FULLROWSELECT,LVS_EX_GRIDLINES or LVS_EX_FULLROWSELECT ret _ListViewAddColumn endp ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> |
|
|
|
API调用[求助]
你可以自己修改函数,然后列举出其他内容...这里我仅仅列举了dll |
|
API调用[求助]
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ;从一个进程的PID枚举其加载的dll ;入口参数:进程PID ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> EunmProcess proc PID:LPSTR local ModuleEntry32:MODULEENTRY32 local sfi:SHFILEINFO local szMuodel[1025]:DWORD invoke SendDlgItemMessage,hWinMain,IDC_Module,LB_RESETCONTENT,0,0 invoke RtlZeroMemory,addr ModuleEntry32,sizeof ModuleEntry32;清空内存 mov ModuleEntry32.dwSize,sizeof ModuleEntry32 invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,PID mov hModuleSnap,eax invoke Module32First,hModuleSnap,addr ModuleEntry32 .if eax==NULL invoke GetLastError invoke wsprintf,addr szOut,addr error,eax invoke MessageBox,NULL,addr szOut,NULL,MB_ICONSTOP .elseif .while eax invoke SHGetFileInfo,addr ModuleEntry32.szExePath, FILE_ATTRIBUTE_NORMAL,addr sfi,sizeof SHFILEINFO ,\ SHGFI_USEFILEATTRIBUTES or SHGFI_DISPLAYNAME or SHGFI_ICON or SHGFI_SMALLICON invoke wsprintf,addr szMuodel,addr szDll,\ addr ModuleEntry32.szExePath,addr ModuleEntry32.modBaseAddr,addr ModuleEntry32.modBaseSize invoke SendDlgItemMessage,hWinMain,IDC_Module,LB_ADDSTRING,0,addr szMuodel push ModuleEntry32.th32ModuleID pop ModulePID invoke Module32Next,hModuleSnap,addr ModuleEntry32 .endw .endif ret EunmProcess endp ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> |
|
FileMoniotor1.0 for ring3
对成品没多大兴趣..... |
|
[推荐]MoveFileEx可以移动正在运行的程序文件
就算感染了Explorer.exe,系统也会自动恢复的貌似 |
|
[原创]管道应用之捕获控制台程序信息
每一次在捕捉控制台输出之前,应该先把命令回显的地方清空比较好点 丢个汇编版本滴: .386 .model flat, stdcall option casemap :none ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ; Include 文件定义 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> include windows.inc include user32.inc includelib user32.lib include kernel32.inc includelib kernel32.lib ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ; Equ 等值定义 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ICO_MAIN equ 1000h ;图标 DLG_CMD equ 911 IDC_CmdShell equ 9011 IDC_CreateCmdShell equ 9012 IDC_JieGuo equ 9013 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ; 数据段 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> .data? hInstance dd ? szBuff db 1024 dup(?) sat SECURITY_ATTRIBUTES<?> startupinfo STARTUPINFO<?> pinfo PROCESS_INFORMATION<?> lpBuff db 1024 dup(?) bytesRead DWORD ? ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ; 代码段 ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> .code ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> _ProcDlgCmd proc uses ebx edi esi hWnd,wMsg,wParam,lParam local hRead,hWrite,hwndEdit mov eax,wMsg .if eax == WM_CLOSE invoke EndDialog,hWnd,NULL .elseif eax == WM_INITDIALOG invoke LoadIcon,hInstance,ICO_MAIN invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax .elseif eax == WM_COMMAND mov eax,wParam .if ax == IDC_CreateCmdShell invoke RtlZeroMemory,addr szBuff,sizeof szBuff invoke GetDlgItemText,hWnd,IDC_CmdShell,addr szBuff,sizeof szBuff invoke GetDlgItem,hWnd,IDC_JieGuo mov hwndEdit,eax mov sat.nLength,sizeof SECURITY_ATTRIBUTES mov sat.bInheritHandle,TRUE mov sat.lpSecurityDescriptor,NULL invoke CreatePipe,addr hRead,addr hWrite,addr sat,0 .if eax==NULL mov eax,FALSE ret .endif mov startupinfo.cb,sizeof STARTUPINFO invoke GetStartupInfo,addr startupinfo push hWrite pop startupinfo.hStdOutput ;用管道的写端代替控制台程序的输出端以便得到输出的信息 push hWrite pop startupinfo.hStdError mov startupinfo.dwFlags,STARTF_USESHOWWINDOW or STARTF_USESTDHANDLES mov startupinfo.wShowWindow,SW_HIDE; invoke CreateProcess,NULL,addr szBuff,NULL,NULL,TRUE,NULL,NULL,NULL,addr startupinfo,addr pinfo .if eax==NULL mov eax,FALSE ret .endif invoke CloseHandle,hWrite .while TRUE invoke RtlZeroMemory,addr lpBuff,sizeof lpBuff invoke ReadFile,hRead,addr lpBuff,1023,addr bytesRead,NULL .if eax==NULL ret .endif invoke SendMessage,hwndEdit,EM_SETSEL,-1,0 invoke SendMessage,hwndEdit,EM_REPLACESEL,FALSE,addr lpBuff .endw invoke CloseHandle,hWrite .endif .else mov eax,FALSE ret .endif mov eax,TRUE ret _ProcDlgCmd endp ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> start: invoke GetModuleHandle,NULL mov hInstance,eax invoke DialogBoxParam,hInstance,DLG_CMD,NULL,offset _ProcDlgCmd,NULL invoke ExitProcess,NULL ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> end start |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值