|
杀死自己的进程再重新启动自己(delphi语句)
楼上就貌似是传说中的ASM了 |
|
[求助]如何读取一个文本文件的特定内容?
#include <windows.h> int StrEqual(const char* deststr, const char *srcstr); int FindText(LPVOID lpAddr, int memsize, LPCSTR lpKeyWord); int FindSpecText(LPCSTR lpFileName, LPCSTR lpKeyWord); int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { if(0 <= FindSpecText("test.txt", "一个简单的字符串查找程序")) MessageBox(NULL, "Find it", "Test", 0); return 0; } int StrEqual(const char* deststr, const char *srcstr) { int len = strlen(srcstr); for(int i = 0; i < len; i++) { if(deststr[i] != srcstr[i]) return -1; } return 0; } int FindText(LPVOID lpAddr, int memsize, LPCSTR lpKeyWord) { if(NULL == lpAddr || NULL == lpKeyWord || 0 == memsize) return -1; int len = strlen(lpKeyWord); for(int i = 0; i < memsize - len; i++) { if(0 == StrEqual((LPCSTR)lpAddr + i, lpKeyWord)) return i; } return -1; } int FindSpecText(LPCSTR lpFileName, LPCSTR lpKeyWord) { int iret = 0; HANDLE hFile = INVALID_HANDLE_VALUE; HANDLE hMapFile = NULL; LPVOID lpMap = NULL; __try { hFile = CreateFile(lpFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if(INVALID_HANDLE_VALUE == hFile) { iret = -1; __leave; } hMapFile = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL); if(NULL == hMapFile) { iret = -1; __leave; } lpMap = MapViewOfFile(hMapFile, FILE_MAP_READ, 0, 0, 0); if(NULL == lpMap) { iret = -1; __leave; } iret = FindText(lpMap, GetFileSize(hFile, NULL), lpKeyWord); } __finally { if(lpMap != NULL) UnmapViewOfFile(lpMap); if(hMapFile != NULL) CloseHandle(hMapFile); if(hFile != INVALID_HANDLE_VALUE) CloseHandle(hFile); } return iret; } |
|
一个关于madCodeHook开发包的问题!
小弟最近在学习c++,哈哈,等转正之后做一个。。 |
|
[原创]发一个键盘记录器--附源码
晕,又一个看帖子不仔细的。。。 2000和98没有试过,但是在xp下,qq输入也是可以获取的,哎。 [QQ用户登录]:Numeric keypad 1 key [QQ用户登录]:Numeric keypad 2 key [QQ用户登录]:Numeric keypad 3 key [QQ用户登录]:Numeric keypad 4 key [QQ用户登录]:Numeric keypad 5 key [QQ用户登录]:Numeric keypad 6 key [QQ用户登录]:Numeric keypad 7 key [QQ用户登录]:Numeric keypad 8 key [QQ用户登录]:Numeric keypad 9 key [QQ用户登录]:ENTER key 要仔细看msdn啊。 |
|
|
|
[原创]发一个键盘记录器--附源码
楼上,没试怎么知道。 虽然我肯定该方法可以做到这一点,但是为了推翻楼上的判断,还是在控制台下试了下,我按了六个键,结果如下: [D:\WINDOWS\system32\cmd.exe]:A [D:\WINDOWS\system32\cmd.exe]:A [D:\WINDOWS\system32\cmd.exe]:C [D:\WINDOWS\system32\cmd.exe]:C [D:\WINDOWS\system32\cmd.exe]:D [D:\WINDOWS\system32\cmd.exe]:D ctrl + alt +del,键盘上的快速功能键也可以。 |
|
[讨论]使用类会使编出来的EXE大小增加的程度是多少?
我觉得c++只是让编译器更忙了。 在产生的执行文件上和c相同,他们最后产生的都只是符号名和其对应的实体而已。 c++只是在编写阶段方便了程序员,使我们能更集中注意力去关心具体的实现,而把那些重复的,容易导致错误的事情交给编译器去处理。 |
|
.........关于绕行HOOK ,跳过API拦截的讨论..........
同一个层次的hook之间的竞争只能靠加载的先后顺序了. 除非,呵呵:) 不明白楼主到底是怎么被Hook的,是你Hook住了WriteProcessMemory还是什么? |
|
[讨论]怎样将程序挂起?
进程则类似于一个容器.什么进程空间、线程体、内核变量、线程上下文等等都属于进程一部分. 线程是唯一的活动体,指令都在其中.如果要挂起一个进程,则要挂起所有的线程. 所以,枚举出进程中所有的线程,SuspendThread(tid); |
|
[求助]问下大家,关于FileHandle的问题.
#define OBJ_FILE 0x1c//猜测是这个.. #define OBJ_SOCKET 0x1a//据说这个时socket,但是又好像不是.. 不同系统下,这些值都不同. Sp2下 #define OBJECT_TYPE_SOCKET 0x1C // 2000: 0x1A |
|
[求助]怎么样调用其他程序中的函数?
应该要把指令拷贝到自己的进程空间吧... 只是可能不知道指令的大小了. 同时他程序代码里面若是存在其他符号(非栈上),那基本上就不能运行.除非你得把他的call啊,全局变量,只读字符串全部换成你自己的地址... |
|
如何获得本地程序向服务器发出的SQL语句
可以通过sniffer pro来袖探他的数据.... |
|
[求助]如何持续监视注册表?
ntdll.dll导出的,通过int 2e进入内核,在系统服务列表(SDT)中有对应的相同名字的函数入口. typedef NTSTATUS (__stdcall * PFN_ZWSETVALUEKEY)( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName, IN ULONG TitleIndex, IN ULONG type1, IN PVOID Data, IN ULONG DataSize ); 我有一个程序就是监视注册表的,你可以看看:) http://redcoder.blog.sohu.com/14217977.html |
|
请教一个进程保护技术
你用icesword看看SSDT中的变化就知道了...象NTOpenProcess... |
|
[调查]windows核心编程有必要看吗
最初由 baqiang 发布 不要跟小马过河一样的哦,呵呵. 不管什么评价,自己去看看就知道了. |
|
[求助]利用win32汇编写http协议的程序问题
建议楼主看看RFC文档,实在不行可以装个袖探器简单分析下自己机器上 HTTP协议的格式. 然后在用winsock去进行数据的封装和发送. 关键是对协议的认识和利用. 这是我以前写的一个web服务端程序的核心http协议处理部分,主要就是处理客户端提交get或者post数据的过程.比如get 的时候要提取出对方要读取的文件名,然后读到内存,发送到对方.或者对方post的数据,读到内存,写入相关的文件. 这个过程是很有意思的:)完整的代码见http://redcoder.blog.sohu.com/10845511.html DWORD WINAPI Recv_Send_Thread( DWORD* pindex ) { char recvmem[1024]; char TimeFmr[] = "%d,%d/%d/%d %d:%d:%d GMT"; char MimeType[]="%s/%s"; char outtime[50]; char Type[40]; DWORD socketindex = *( (DWORD *)pindex ); int errorcode = 0; DWORD sendbt=0; char headers[500]; char hdrFmtNor[]= "HTTP/1.0 200 OK\r\n" "Server: KIKI's Web Server\r\n" "Date: %s\r\n" "Accept-Ranges: bytes\r\n" "Content-Length: %d\r\n" "Content-Type: %s\r\n\r\n"; char hdrFmtDown[]= "HTTP/1.0 206 Partial content\r\n" "Server: KIKI's Web Server\r\n" "Date: %s\r\n" "Accept-Ranges: bytes\r\n" "Content-Length: %d\r\n" "Content-Type: %s\r\n\r\n"; memset( recvmem , 0 ,1024 ); errorcode = recv( TranSock[socketindex] , recvmem , 1024 , 0 ); if( errorcode == SOCKET_ERROR || errorcode == 0 ) {printf( "Recv Error: %d\n" , WSAGetLastError() ); //printf("----------------------------------------" // "----------------------------------------"); closesocket( TranSock[socketindex] ); TranSock[socketindex] = 0; return -1; } wsprintf( outtime , TimeFmr , currenttime.wDayOfWeek, currenttime.wDay, currenttime.wMonth , currenttime.wYear , currenttime.wHour , currenttime.wMinute , currenttime.wSecond); printf( "%s\n" , recvmem ); HANDLE fp; char sendfile[1400]; char filename[50] = "index.htm"; char tempname[10] = "index.htm"; DWORD i = 0; DWORD dwRead = 0; int len; memset( sendfile , 0 , 1400 ); strcpy( filename , tempname ); if(strlen(recvmem) < 5) { printf("这是一组恶意数据\n\n"); closesocket(TranSock[socketindex]); TranSock[socketindex] = 0; return -1; } if( recvmem[5]!=32 ) { memset(filename,0,50); for(i=5;recvmem[i]!=32;i++) filename[i-5]=recvmem[i]; } for( i=0 ; i<50 ; i++ ) if( (filename[i]==':') || (filename[i]=='*') || (filename[i]=='%') ) {printf( "Time:%s\n%s企图请求的页面文件:%s.\n\n" , outtime , inet_ntoa(client[socketindex].sin_addr) , filename ); printf("\n--------------------------------------" "------------------------------------------"); closesocket(TranSock[socketindex]); TranSock[socketindex] = 0; return -1; } i=0; DWORD j=0 ; DWORD start; char size[32]; memset(size,0,32); while(i != 1024) {if(recvmem[i] == '=') {i++; while(recvmem[i]!='-') {size[j] = recvmem[i]; i++; j++; } break; } else i++; } if(size[0] == 0) start = 0; else start = atol(size); printf("range:%d\n",start); fp = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, (LPSECURITY_ATTRIBUTES)NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if( fp == INVALID_HANDLE_VALUE ) {printf( "%s open file: %s error!\n" , inet_ntoa( client[socketindex].sin_addr ) , filename ); printf( "--------------------------------------------------------------------------------" ); closesocket( TranSock[socketindex] ); TranSock[socketindex] = 0; return -1; } i = GetFileSize(fp,NULL); j = i / 1400; len = strlen( filename ); if((filename[len-3]=='h'&&filename[len-2]=='t'&&filename[len-1]=='m')||\ (filename[len-3]=='H'&&filename[len-2]=='T'&&filename[len-1]=='M')||\ (filename[len-4]=='h'&&filename[len-3]=='t'&&filename[len-2]=='m'&&filename[len-1]=='l')||\ (filename[len-4]=='H'&&filename[len-3]=='T'&&filename[len-2]=='M'&&filename[len-1]=='L')||\ (filename[len-5]=='s'&&filename[len-4]=='h'&&filename[len-3]=='t'&&filename[len-2]=='m'&&filename[len-1]=='l')||\ (filename[len-5]=='S'&&filename[len-4]=='H'&&filename[len-3]=='T'&&filename[len-2]=='M'&&filename[len-1]=='L')) wsprintf(Type,MimeType,"text","html"); else if( (filename[len-3]=='j'&&filename[len-2]=='p'&&filename[len-1]=='g')||\ (filename[len-3]=='J'&&filename[len-2]=='P'&&filename[len-1]=='G')||\ (filename[len-3]=='j'&&filename[len-2]=='p'&&filename[len-1]=='e')||\ (filename[len-3]=='J'&&filename[len-2]=='P'&&filename[len-1]=='E')||\ (filename[len-4]=='j'&&filename[len-3]=='p'&&filename[len-2]=='e'&&filename[len-1]=='g')||\ (filename[len-4]=='J'&&filename[len-3]=='P'&&filename[len-2]=='E'&&filename[len-1]=='G')) wsprintf(Type,MimeType,"image","jpeg"); else if( (filename[len-3]=='g'&&filename[len-2]=='i'&&filename[len-1]=='f')||\ (filename[len-3]=='G'&&filename[len-2]=='I'&&filename[len-1]=='F')) wsprintf(Type,MimeType,"image","gif"); else if( (filename[len-3]=='c'&&filename[len-2]=='s'&&filename[len-1]=='s')||\ (filename[len-3]=='C'&&filename[len-2]=='S'&&filename[len-1]=='S')) wsprintf(Type,MimeType,"text","css"); else if( (filename[len-3]=='t'&&filename[len-2]=='x'&&filename[len-1]=='t')||\ (filename[len-3]=='T'&&filename[len-2]=='X'&&filename[len-1]=='T')) wsprintf(Type,MimeType,"text","plain"); else if( (filename[len-3]=='p'&&filename[len-2]=='d'&&filename[len-1]=='f')||\ (filename[len-3]=='P'&&filename[len-2]=='D'&&filename[len-1]=='F')) wsprintf(Type,MimeType,"application","pdf"); else if( (filename[len-3]=='s'&&filename[len-2]=='w'&&filename[len-1]=='f')||\ (filename[len-3]=='S'&&filename[len-2]=='W'&&filename[len-1]=='F')||\ (filename[len-3]=='c'&&filename[len-2]=='a'&&filename[len-1]=='b')||\ (filename[len-3]=='C'&&filename[len-2]=='A'&&filename[len-1]=='B')) wsprintf(Type,MimeType,"application","x-shockwave-flash"); else if( (filename[len-3]=='d'&&filename[len-2]=='o'&&filename[len-1]=='c')||\ (filename[len-3]=='D'&&filename[len-2]=='O'&&filename[len-1]=='C')||\ (filename[len-3]=='d'&&filename[len-2]=='o'&&filename[len-1]=='t')||\ (filename[len-3]=='D'&&filename[len-2]=='O'&&filename[len-1]=='T')) wsprintf(Type,MimeType,"application","msword"); else if( (filename[len-3]=='h'&&filename[len-2]=='l'&&filename[len-1]=='p')||\ (filename[len-3]=='H'&&filename[len-2]=='L'&&filename[len-1]=='P')||\ (filename[len-3]=='c'&&filename[len-2]=='h'&&filename[len-1]=='m')||\ (filename[len-3]=='C'&&filename[len-2]=='H'&&filename[len-1]=='M')) wsprintf(Type,MimeType,"application","mshelp"); else if( (filename[len-3]=='x'&&filename[len-2]=='l'&&filename[len-1]=='s')||\ (filename[len-3]=='X'&&filename[len-2]=='L'&&filename[len-1]=='S')||\ (filename[len-3]=='x'&&filename[len-2]=='l'&&filename[len-1]=='a')||\ (filename[len-3]=='X'&&filename[len-2]=='L'&&filename[len-1]=='A')) wsprintf(Type,MimeType,"application","msexcel"); else if( (filename[len-3]=='p'&&filename[len-2]=='p'&&filename[len-1]=='t')||\ (filename[len-3]=='P'&&filename[len-2]=='P'&&filename[len-1]=='T')||\ (filename[len-3]=='p'&&filename[len-2]=='p'&&filename[len-1]=='z')||\ (filename[len-3]=='P'&&filename[len-2]=='P'&&filename[len-1]=='T')||\ (filename[len-3]=='p'&&filename[len-2]=='p'&&filename[len-1]=='s')||\ (filename[len-3]=='P'&&filename[len-2]=='P'&&filename[len-1]=='S')||\ (filename[len-3]=='p'&&filename[len-2]=='o'&&filename[len-1]=='t')||\ (filename[len-3]=='P'&&filename[len-2]=='O'&&filename[len-1]=='T')) wsprintf(Type,MimeType,"application","mspowerpoint"); else if( (filename[len-3]=='b'&&filename[len-2]=='i'&&filename[len-1]=='n')||\ (filename[len-3]=='B'&&filename[len-2]=='I'&&filename[len-1]=='N')||\ (filename[len-3]=='e'&&filename[len-2]=='x'&&filename[len-1]=='e')||\ (filename[len-3]=='E'&&filename[len-2]=='X'&&filename[len-1]=='E')||\ (filename[len-3]=='c'&&filename[len-2]=='o'&&filename[len-1]=='m')||\ (filename[len-3]=='C'&&filename[len-2]=='O'&&filename[len-1]=='M')||\ (filename[len-3]=='d'&&filename[len-2]=='l'&&filename[len-1]=='l')||\ (filename[len-3]=='D'&&filename[len-2]=='L'&&filename[len-1]=='L')||\ (filename[len-5]=='c'&&filename[len-4]=='l'&&filename[len-3]=='a'&&filename[len-2]=='s'&&filename[len-1]=='s')||\ (filename[len-5]=='C'&&filename[len-4]=='L'&&filename[len-3]=='A'&&filename[len-2]=='S'&&filename[len-1]=='S')) wsprintf(Type,MimeType,"application","octet-stream"); else if( (filename[len-3]=='a'&&filename[len-2]=='v'&&filename[len-1]=='i')||\ (filename[len-3]=='A'&&filename[len-2]=='V'&&filename[len-1]=='I')) wsprintf(Type,MimeType,"video","x-msvideo"); else wsprintf(Type,MimeType,"*","*"); if(start == 0) wsprintf(headers, hdrFmtNor, (const char*)outtime, i ,Type); else wsprintf(headers, hdrFmtDown, (const char*)outtime, i-start ,Type); printf( "Time:%s\n%s企图请求的页面文件:%s . 使用的套接字ID:Socket[%d]\n" , outtime , inet_ntoa(client[socketindex].sin_addr) , filename, socketindex ); sendbt = send( TranSock[socketindex] , headers , strlen(headers) , 0 ); if(-1 == SetFilePointer(fp,start,NULL,FILE_BEGIN)) {printf("SetFilePointer Error :%d\n",GetLastError()); closesocket( TranSock[socketindex] ); TranSock[socketindex] = 0; CloseHandle(fp); return -1; } do{ BOOL fRead = ReadFile(fp, sendfile, 1400, &dwRead, NULL); if(fRead == FALSE) { printf("读取文件错误!文件名:%s\n" , filename); closesocket( TranSock[socketindex] ); TranSock[socketindex] = 0; CloseHandle(fp); return -1; } else if(fRead && dwRead) { sendbt = send( TranSock[socketindex] , sendfile , 1400 , 0 ); if( sendbt == SOCKET_ERROR ) {printf("Send Error:%d!\n",GetLastError()); closesocket( TranSock[socketindex] ); TranSock[socketindex] = 0; CloseHandle(fp); return -1; } memset(sendfile , 0 , 1400); } else { sendbt = send( TranSock[socketindex] , sendfile , j , 0 ); if( sendbt == SOCKET_ERROR ) {printf("Send Error:%d!\n",GetLastError()); closesocket( TranSock[socketindex] ); CloseHandle(fp); TranSock[socketindex] = 0; return -1; } } }while(dwRead == 1400); printf( "Socket[%d]数据传输完毕!\n\n" , socketindex ); CloseHandle(fp); closesocket( TranSock[socketindex] ); TranSock[socketindex] = 0; return 0; } |
|
|
|
[求助]卡巴斯基的监控进程注入 是怎么实现的?
注入的方法多种多样, 大部分都使用了OpenProcess -- WriteProcessMemory -- CreateRemoteThread 等关键api. Hook的方法多种多样,可以修改调用的时机,可以修改调用的参数,可以修改调用的返回值... |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值