|
[调查]询问下上海山丽信息安全有限公司的情况
透明加密那么蛋痛~ |
|
|
|
|
|
[推荐]反键盘记录软件PrivacyKeyboard,超牛,各位大牛都进来试试能不能突破!
测试下面的键盘记录~~ http://www.rootkit.com/download.php?browse=1&user=chpie |
|
[推荐]反键盘记录软件PrivacyKeyboard,超牛,各位大牛都进来试试能不能突破!
SMM IOTrap也记录成功~~ |
|
[推荐]反键盘记录软件PrivacyKeyboard,超牛,各位大牛都进来试试能不能突破!
记录很成功,测试代码,看黑防某期杂志就有~ |
|
[求助]Filedisk创建的虚拟磁盘为何在磁盘管理里面看不到
因为它那所谓的磁盘是DefineDosDevice弄出来,没挂载XX 你要真实虚拟磁盘,还是看tiamo大牛的代码,或者看看别的老外代码(filedisk作者链接到了那个老外) |
|
[求助]怎么复制出正确的代码呢?
使用LDASM的代码版本 // OrgRel 原相对跳转地址 // CurAbs 当前代码绝对地址 // MyAbs 替换代码绝对地址 // CodeLen 跳转代码占据的长度 // 返回值 到替换代码的相对地址 LONG GetRelAddr(LONG OrgRel, ULONG CurAbs, ULONG MyAbs) //, ULONG CodeLen) { ULONG TrgAbs; TrgAbs = CurAbs + OrgRel; // + CodeLen; //目的地址 return TrgAbs - MyAbs; } // 保存原来整个函数的代码 // pCode 用来保存代码的数组的地址 // TrgAddr 要保存的函数的地址 // BufferLength 整个函数占用的大小 VOID BufferCode(PUCHAR pCode, ULONG TrgAddr, ULONG BufferLength) { ULONG cAbs, i; LONG oRel, cRel; PUCHAR pOpcode; LONG CodeLen =0 ; memset(pCode, 0x90, BufferLength); for (i = 0; i < BufferLength; i+=CodeLen) { cAbs = TrgAddr + i; CodeLen = SizeOfCode(pCode,&pOpcode); memcpy(pCode + i,(void *)cAbs,CodeLen); //pCode[i] = *(PUCHAR)cAbs; switch (*(PUCHAR)cAbs) { case 0x0F: //JXX NEAR X if ((*(PUCHAR)(cAbs + 1) >= 0x80)&&(*(PUCHAR)(cAbs + 1) <= 0x8F)) { oRel = *(PLONG)(cAbs + 2); if ((oRel + cAbs + 6 > TrgAddr + BufferLength)|| (oRel + cAbs + 6 < TrgAddr)) //判断跳转是否在过程范围内 { pCode[i + 1] = *(PUCHAR)(cAbs + 1); cRel = GetRelAddr(oRel, cAbs, (ULONG)pCode + i); memcpy(pCode + i + 2, &cRel, sizeof(LONG)); //DbgPrint("JXX: 0x%08X -> 0x%08X", cAbs, (ULONG)pCode + i); //i += sizeof(LONG) + 1; } } break; case 0xE8: //CALL oRel = *(PLONG)(cAbs + 1); if ((oRel + cAbs + 5 > TrgAddr + BufferLength)|| (oRel + cAbs + 5 < TrgAddr)) //判断跳转是否在过程范围内 { cRel = GetRelAddr(oRel, cAbs, (ULONG)pCode + i); memcpy(pCode + i + 1, &cRel, sizeof(LONG)); //DbgPrint("CALL: 0x%08X -> 0x%08X", cAbs, (ULONG)pCode + i); //i += sizeof(LONG); } break; case 0x80: //CMP BYTE PTR X if (*(PUCHAR)(cAbs + 1) == 0x7D) { memcpy(pCode + i + 1, (PVOID)(cAbs + 1), 3); //i += 3; continue; } break; case 0xC2: //RET X if (*(PUSHORT)(cAbs +1) == 0x10) { memcpy(pCode + i + 1, (PVOID)(cAbs + 1), sizeof(USHORT)); //i += sizeof(USHORT); } break; case 0xE9: //JMP oRel = *(PLONG)(cAbs + 1); if (oRel + cAbs > TrgAddr + BufferLength) { cRel = GetRelAddr(oRel, cAbs, (ULONG)pCode + i); memcpy(pCode + i + 1, &cRel, sizeof(LONG)); //i += 4; } break; } if ((*(PUCHAR)cAbs == 0x39)||(*(PUCHAR)cAbs == 0x89)||(*(PUCHAR)cAbs == 0x8D)) { memcpy(pCode + i + 1, (PVOID)(cAbs + 1), sizeof(USHORT)); //i += sizeof(USHORT); continue; } if ((*(PUCHAR)cAbs >= 0x70)&&(*(PUCHAR)cAbs <= 0x7F)&&(*(PUCHAR)(cAbs - 1) != 0xFF)) { oRel = (LONG)(*(PCHAR)(cAbs + 1)); cRel = GetRelAddr(oRel, cAbs, (ULONG)pCode + i); memcpy(pCode + i + 1, &cRel, 1); //i++; continue; } } } |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值