|
[翻译]Exploit编写系列教程第二篇: 栈溢出——跳至shellcode
现在普通人好像不好再找到漏洞写exploit了吧? |
|
[求助]我每天都挂论坛5小时以上没家KX金币
光挂是没用啊,这个不像QQ,因为论坛的网页没作自动异步上传客户机状态的功能。你得要定时刷新,时间间隔几分钟一次就可以。 |
|
[求助]还是脱壳的艺术2.4 Debugger Interrupts中问题
谢谢,我先看看你贴的那个贴子里的代码部分。 |
|
[求助]还是脱壳的艺术2.4 Debugger Interrupts中问题
我从网上搜到的几个例子都是这样写的,我就不明白了,第3句为什么那样写,esp值根本没有指向新的例外处理过程,网上估计是一个抄一个,烦啊,有谁知道?1,2即便调整顺序,esp值也不是指向新例程地址,而只是指向堆栈区,弄不懂,请达人出来分析下。看过本站脱壳的艺术的说下。 |
|
[求助]还是脱壳的艺术2.4 Debugger Interrupts中问题
懂的前辈们指点下,实在不明白 |
|
[求助]还是脱壳的艺术2.4 Debugger Interrupts中问题
有明白的请指教一下! |
|
[求助]context.eax的位置b0来得没道理啊
非常感谢Mitt,我相当然的乎略了那个100多字节的结构,认为它是一个dw.受教了。 |
|
[求助]context.eax的位置b0来得没道理啊
Mitt,你说的对,我看的就是x86的。你上面那个是用什么工具看的?下面贴出来: typedef struct _CONTEXT { // // The flags values within this flag control the contents of // a CONTEXT record. // // If the context record is used as an input parameter, then // for each portion of the context record controlled by a flag // whose value is set, it is assumed that that portion of the // context record contains valid context. If the context record // is being used to modify a threads context, then only that // portion of the threads context will be modified. // // If the context record is used as an IN OUT parameter to capture // the context of a thread, then only those portions of the thread's // context corresponding to set flags will be returned. // // The context record is never used as an OUT only parameter. // DWORD ContextFlags; // // This section is specified/returned if CONTEXT_DEBUG_REGISTERS is // set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT // included in CONTEXT_FULL. // DWORD Dr0; DWORD Dr1; DWORD Dr2; DWORD Dr3; DWORD Dr6; DWORD Dr7; // // This section is specified/returned if the // ContextFlags word contians the flag CONTEXT_FLOATING_POINT. // FLOATING_SAVE_AREA FloatSave; // // This section is specified/returned if the // ContextFlags word contians the flag CONTEXT_SEGMENTS. // DWORD SegGs; DWORD SegFs; DWORD SegEs; DWORD SegDs; // // This section is specified/returned if the // ContextFlags word contians the flag CONTEXT_INTEGER. // DWORD Edi; DWORD Esi; DWORD Ebx; DWORD Edx; DWORD Ecx; DWORD Eax; // // This section is specified/returned if the // ContextFlags word contians the flag CONTEXT_CONTROL. // DWORD Ebp; DWORD Eip; DWORD SegCs; // MUST BE SANITIZED DWORD EFlags; // MUST BE SANITIZED DWORD Esp; DWORD SegSs; // // This section is specified/returned if the ContextFlags word // contains the flag CONTEXT_EXTENDED_REGISTERS. // The format and contexts are processor specific // BYTE ExtendedRegisters[MAXIMUM_SUPPORTED_EXTENSION]; } CONTEXT; typedef CONTEXT *PCONTEXT; 从上面看,怎么数eax位置都不是b0。 |
|
[求助]context.eax的位置b0来得没道理啊
忘了问你,你这个是用什么工具显示出来的,我也去看下 |
|
[求助]context.eax的位置b0来得没道理啊
首先谢谢楼上,请问你这段是出自那个版本的操作系统?我看winnt.h,为何为这个对不上? |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值