|
[讨论]HOOK 方式实现文件透明加密的几个问题
保存时会再次打开你的那个原始文件,此时要考虑是不是再次打开~ |
|
|
|
[讨论]HOOK 方式实现文件透明加密的几个问题
Hook CreateFile Do Redirect And record the handle to list Hook CloseHandle Check handle if in list do the crypt of redirect file and copy to orig file. |
|
|
|
[原创]Antirootkit: CodeWalker
是啊,还是洗洗回家睡了算了~ |
|
[求助]驱动中win32k!GetStyleWindow取Window Style
Atatch to some where and use it~ |
|
|
|
[原创]Antirootkit: CodeWalker
I just made an example like redirecting ntoskrnl.exe to cmd.exe in fact i just use memory dump of the ntoskrnl.exe(i hooked) to xxx.exe and redirect ntoskrnl.exe to xxx.exe then the image in memory and on disk are the same. |
|
[原创]Antirootkit: CodeWalker
In my system,I just do a simple recover driver(only to recover the ntoskrnl.exe),and XXX the ntoskrnl.exe to cmd.exe. then all the hookcheck is wrong. and my codehook is not show at all. 在我的系统中,我用一个只还原ntoskrnl.exe的还原驱动,然后将ntoskrnl.exe换成cmd.exe 之后所有hook检查都显示了错误结果。 而且没有显示出我的hook. |
|
[原创]Antirootkit: CodeWalker
ARK is just an endless thing. |
|
[讨论]发现360的句柄保护的问题
我现在做www.raydown.com |
|
|
|
[原创]Antirootkit: CodeWalker
the VMM Rootkit is also undetected~~ |
|
[原创]Antirootkit: CodeWalker
The MmIsAddressValid is not a safe function in the system which is infected by rootkits. It might return an unreal value to some address. |
|
[原创]Antirootkit: CodeWalker
MmIsAddressValid Hook maybe work~ Or the ShadowWalker+VMM(XCON 2008 xuhao said some thing about protecting kernel memory from scaning with VMM) |
|
[原创]Antirootkit: CodeWalker
貌似我的白菜技术普及说过的... 比如这里的XX~~ http://hi.baidu.com/killvxk/blog/item/5c11f4f85ca0f45f252df2d4.html |
|
|
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值