|
[求助]ZwCreateUserProcess第10个参数结构
// private typedef enum _PS_ATTRIBUTE_NUM { PsAttributeParentProcess, // in HANDLE PsAttributeDebugPort, // in HANDLE PsAttributeToken, // in HANDLE PsAttributeClientId, // out PCLIENT_ID PsAttributeTebAddress, // out PTEB * PsAttributeImageName, // in PWSTR PsAttributeImageInfo, // out PSECTION_IMAGE_INFORMATION PsAttributeMemoryReserve, // in PPS_MEMORY_RESERVE PsAttributePriorityClass, // in UCHAR PsAttributeErrorMode, // in ULONG PsAttributeStdHandleInfo, // 10, in PPS_STD_HANDLE_INFO PsAttributeHandleList, // in PHANDLE PsAttributeGroupAffinity, // in PGROUP_AFFINITY PsAttributePreferredNode, // in PUSHORT PsAttributeIdealProcessor, // in PPROCESSOR_NUMBER PsAttributeUmsThread, // ? in PUMS_CREATE_THREAD_ATTRIBUTES PsAttributeMitigationOptions, // in UCHAR PsAttributeMax } PS_ATTRIBUTE_NUM; // begin_rev #define PsAttributeValue(Number, Thread, Input, Unknown) \ (((Number) & PS_ATTRIBUTE_NUMBER_MASK) | \ ((Thread) ? PS_ATTRIBUTE_THREAD : 0) | \ ((Input) ? PS_ATTRIBUTE_INPUT : 0) | \ ((Unknown) ? PS_ATTRIBUTE_UNKNOWN : 0)) #define PS_ATTRIBUTE_PARENT_PROCESS \ PsAttributeValue(PsAttributeParentProcess, FALSE, TRUE, TRUE) #define PS_ATTRIBUTE_DEBUG_PORT \ PsAttributeValue(PsAttributeDebugPort, FALSE, TRUE, TRUE) #define PS_ATTRIBUTE_TOKEN \ PsAttributeValue(PsAttributeToken, FALSE, TRUE, TRUE) #define PS_ATTRIBUTE_CLIENT_ID \ PsAttributeValue(PsAttributeClientId, TRUE, FALSE, FALSE) #define PS_ATTRIBUTE_TEB_ADDRESS \ PsAttributeValue(PsAttributeTebAddress, TRUE, FALSE, FALSE) #define PS_ATTRIBUTE_IMAGE_NAME \ PsAttributeValue(PsAttributeImageName, FALSE, TRUE, FALSE) #define PS_ATTRIBUTE_IMAGE_INFO \ PsAttributeValue(PsAttributeImageInfo, FALSE, FALSE, FALSE) #define PS_ATTRIBUTE_MEMORY_RESERVE \ PsAttributeValue(PsAttributeMemoryReserve, FALSE, TRUE, FALSE) #define PS_ATTRIBUTE_PRIORITY_CLASS \ PsAttributeValue(PsAttributePriorityClass, FALSE, TRUE, FALSE) #define PS_ATTRIBUTE_ERROR_MODE \ PsAttributeValue(PsAttributeErrorMode, FALSE, TRUE, FALSE) #define PS_ATTRIBUTE_STD_HANDLE_INFO \ PsAttributeValue(PsAttributeStdHandleInfo, FALSE, TRUE, FALSE) #define PS_ATTRIBUTE_HANDLE_LIST \ PsAttributeValue(PsAttributeHandleList, FALSE, TRUE, FALSE) #define PS_ATTRIBUTE_GROUP_AFFINITY \ PsAttributeValue(PsAttributeGroupAffinity, TRUE, TRUE, FALSE) #define PS_ATTRIBUTE_PREFERRED_NODE \ PsAttributeValue(PsAttributePreferredNode, FALSE, TRUE, FALSE) #define PS_ATTRIBUTE_IDEAL_PROCESSOR \ PsAttributeValue(PsAttributeIdealProcessor, TRUE, TRUE, FALSE) #define PS_ATTRIBUTE_MITIGATION_OPTIONS \ PsAttributeValue(PsAttributeMitigationOptions, FALSE, TRUE, TRUE) // end_rev // begin_private typedef struct _PS_ATTRIBUTE { //这个结构里怎么没有连接上边PS_ATTRIBUTE_NUM的指针呢 ULONG Attribute; SIZE_T Size; union { ULONG Value; PVOID ValuePtr; //这个是指向哪里的,上边的哪个结构吗 }; PSIZE_T ReturnLength; } PS_ATTRIBUTE, *PPS_ATTRIBUTE; typedef struct _PS_ATTRIBUTE_LIST { SIZE_T TotalLength; PS_ATTRIBUTE Attributes[1]; } PS_ATTRIBUTE_LIST, *PPS_ATTRIBUTE_LIST; |
|
[求助]ZwCreateUserProcess第10个参数结构
Win7没有这个函数,而且还要open到那个属性才得到的的句柄,才能正确返回是不 |
|
[求助]jvcl和jedi一样吗,jvcl里边JwaNative,JwaWinType这些单元变成什么了
老大,希望能得到你的答复,谢谢指教 |
|
神武游戏的防读取内存机制
这个游戏的技术很猥琐,限制多开客户端的方法也很猥琐,破解多开之后,能多开正常玩游戏,但是不让与本机的游戏人物组队。这个怎么处理分析它。 |
|
[分享]手机伪造上海某小区房门的门卡
读完第一行我就晕了,最近研究的东西太杂了 |
|
19KX币了,帮忙翻译下C代码转到delphi
恩sunday function PosEx(KeyStr, TextStr: string): Integer; var I: Integer; KeyLen, BuffLen: Integer; function Match(N: Integer): Boolean; var J: Integer; begin Result := True; for J := 0 to KeyLen - 1 do if TextStr[J + N] <> KeyStr[J + 1] then begin Result := False; Exit; end; end; begin Result := 0; I := 1; KeyLen := Length(KeyStr); BuffLen := Length(TextStr); while not Match(I) do begin if I > BuffLen then Break; if Pos(TextStr[I + KeyLen], KeyStr) <> 0 then begin I := I + 1 + KeyLen - Pos(TextStr[I + KeyLen], KeyStr); end else begin I := I + KeyLen; end; end; if Match(I) then Result := I; end; |
|
[原创]非静态成员函数定位及HOOK以DirectX内部成员函数为例
一个程序加载了,d3d9,d3d9_41,d3d8thk,通常情况下HOOK哪个dll优化CPU. |
|
[求助]jvcl和jedi一样吗,jvcl里边JwaNative,JwaWinType这些单元变成什么了
老大把delphi X64那个HOOK码发我份行吗,14年以后那个 我买VPN之后又买个VPS上谷歌,为了下你的代码,弄了一天才发现google哪里没有下载按钮。真心感谢。 1934240485@qq.com |
|
[原创]代码注入器源码献上
这个能干什么坏事 |
|
ZwQueryInformationProcess获取路径名是乱码,大哥大哥来看看
UNICODE_STRING When the ProcessInformationClass parameter is ProcessImageFileName, the buffer pointed to by the ProcessInformation parameter should be large enough to hold a UNICODE_STRING structure as well as the string itself. The string stored in the Buffer member is the name of the image file. If the buffer is too small, the function fails with the STATUS_INFO_LENGTH_MISMATCH error code and the ReturnLength parameter is set to the required buffer size. sizeof(pbi)写成1000,调试看到buffer里为路径名,不是乱码了。可是会报错啊 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值