|
功能激活类软件的探讨
自个顶一下. |
|
|
|
% 超强灰鸽子vip2005检测器 % 检测原理简单分析
最初由 蓝色光芒 发布 不知道这里的指的"通过对WINDOW的某些配置,它就连接不上"是指什么? 设置某些防火墙访问规则吗?? |
|
% 超强灰鸽子vip2005检测器 % 检测原理简单分析
跟踪"魔兽游戏"木马的密码发送方式 http://skyxnet.blogdriver.com/skyxnet/1009890.html 导读: 如果您的系统不小心感染了某款木马病毒,又不幸的是游戏帐号密码或QQ密码已经被他人盗取. 那么,我们在找出病毒的同时,如果从病毒中找到"种马者"的"联系信息"呢? 如果运气好的话,不仅可以找回丢失的东西,更绝的可以把这些信息交给网络警察,作为举证!! 本论坛链接: http://bbs.pediy.com/showthread.php?s=&threadid=17709 这篇也算是作为分析病毒相关的一部分. 希望对大家有的帮助! |
|
|
|
|
|
跟踪"魔兽游戏"木马的密码发送方式
TO: KYC 不知道你为什么会有这种说法!? 如果是我写的, 我没有必要这么写出来! 哗众取宠? 根本就没这个意思. 再者,是我写的话, 我会加强对这些敏感字符的隐藏! 绝不会简单地在内存中出现类似字眼! |
|
BlowFish 448位加密算法
最初由 南蛮妈妈 发布 EasyCode Boy Plus! v5.5 采用 BlowFish 448位加密算法 对加密的文件进行加密保护! 使用其 "编译EXE"功能对公司的一些文件进行加密后. 我指的就是这个程序哦. |
|
|
|
|
|
Word2000的文件密码保护
期待您的研究成果! |
|
请问有没有一款可以记录动态调试时的堆栈值的软件?
谢谢您的提醒. Run trace 在OllyDbg 1.04中被引进。 这种debug技术的基础非常简单。代码一步步的执行,调试器把各种命令,寄存器和标志放在一个大的循环缓冲区。当异常发生,就可以回溯到前面几步甚至几百上千步,从而分析导致错误的原因。 OllyDbg 1.06极大的提高了run trace的可能性. Run trace显示被修改的寄存器值和保留重要的消息和已知函数的操作数。你可以设置条件中断run trace,概括被跟踪代码,把run trace写入磁盘避免超过内存上限或者比较两次运行,调试self-modified程序,找出上次什么时候命令在某个位置被执行等等。 请记住run trace是非常慢的.。在一个500-MHz的处理器上,OllyDbg没妙能够跟踪最多 2500 (Windows 95)或者5000 (NT)命令. 为了加速run trace,你可以把准线性的代码块(就是不包括调转指令的)标记为一次执行。另一个局限是:OllyDbg不保存可存取内存的内容。 ... 节省自: ollydbg的教学-Run trace ... http://www.pediy.com/bbshtml/BBS5/pediy50407.htm Ctrl+F12--run trace over,一步一步执行程序,不进入函数调用,记录寄存器内容。Run trace不重绘CPU窗口。 |
|
API HOOK 新病毒?
HijackThis日志细解正文(十四):组别――O10 http://it.rising.com.cn/newSite/Channels/Safety/SafetyResourse/Safe_Foundation/200408/05-170016274.htm 1. 项目说明 O10项提示Winsock LSP(Layered Service Provider)“浏览器劫持”。某些间谍软件会修改Winsock 2的设置,进行LSP“浏览器劫持”,所有与网络交换的信息都要通过这些间谍软件,从而使得它们可以监控使用者的信息。著名的如New.Net插件或WebHancer组件,它们是安装一些软件时带来的你不想要的东西。相关的中文信息可参考―― http://tech.sina.com.cn/c/2001-11-19/7274.html 2. 举例 O10 - Hijacked Internet access by New.Net 这是被广告程序New.Net劫持的症状(可以通过“控制面板――添加删除”来卸载)。 O10 - Broken Internet access because of LSP provider `c:\progra~1\common~2\toolbar\cnmib.dll` missing 这一般出现在已清除间谍软件但没有恢复LSP正常状态的情况下。此时,网络连接可能丢失。 O10 - Unknown file in Winsock LSP: c:\program files\newton knows\vmain.dll 这是被广告程序newtonknows劫持的症状,相关信息可参考http://www.pestpatrol.com/PestInfo/n/newtonknows.asp 3. 一般建议 一定要注意,由于LSP的特殊性,单单清除间谍软件而不恢复LSP的正常状态很可能会导致无法连通网络!如果您使用杀毒软件清除间谍程序,可能遇到如上面第二个例子的情况,此时可能无法上网。有时HijackThis在O10项报告网络连接破坏,但其实仍旧可以连通,不过无论如何,修复O10项时一定要小心。 遇到O10项需要修复时,建议使用专门工具修复。 (1)LSPFix http://www.cexx.org/lspfix.htm (2)Spybot-Search&Destroy(上面提到过,但一定要使用最新版) 这两个工具都可以修复此问题,请进一步参考相关教程。 4. 疑难解析 某些正常合法程序(特别是一些杀毒软件)也会在Winsock水平工作。比如 O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwsp.dll 这一项就属于国产杀毒软件KV。所以,在O10项遇到“Unknown file in Winsock LSP”一定要先查询一下,不要一概修复。 |
|
API HOOK 新病毒?
Winsock Fix 工具的帮助说明中提到: To Repair Winsock/Tcp in Win9x - Me manually do this: open Network settings 1.) Remove all protocols or everything EXCEPT leave the NIC Adapter 2.) Click Apply Close the Properties box, but on reboot notice, hit Cancel...do not reboot! 3.) Open Regedit and delete these keys: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VXD\Dhcp HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VXD\Dhcpoptions HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VXD\MSTCP HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VXD\Winsock2 also ..scroll down delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock2 close regedit 4.) Open Network Properties again, and Click ADD - PROTOCOL - MicroSoft/TCPIP **should Add Client for MS Networks Automatically** Have your Windows CD ready or the CAB files, Reboot and Should be good. NOTE: Simply removing the Protocols in Network settings will not work because those registry entries stay, even if you have no network at all. Once deleted, putting the TCP/IP protocol back in , basically rebuilds the TCP from scratch, it is the same as when Windows was first installed clean. Also any speed patches to TcpRWin values MTU will be reset back to Windows defaults. Windows 95 may not have all these keys available, just delete whichever ones are matching this desciption. Additional Windows 95 info for Trouble Repairing Tcp: __________________________________________________________________________ With the Winsock2 update installed, you may need to have the Update uninstalled first, if the above process does not work, and you get errors such as "Tcp not installed" or running "Winipcfg.exe" brings up "Fatal Error" look for the folder "C:\Windows\ws2bakup". if it exists, From Run Box type "C:\Windows\ws2bakup\delw2reg.exe addafvxd" Next Reboot to Dos mode, at C:\> prompt type "cd Windows\ws2bakup" once at that Directory type "ws2bakup.bat". When the process is finished, reboot normally and you should be restored to original winsock/Tcp files. Check for IP and internet Connection, If need be try the manual fix from this stage. You would then reinstall the Winsock2 upgrade, once everything is back up and running. Windows 2000/XP __________________________________________________________________________ With Windows 2000 and XP, this was not possible, due to the fact that TCP could not be removed or uninstalled, and even if the Winsock keys in the registry were deleted, they will recreate themselves, but with no relevant data, therefore making them useless. Some research in this matter, it was found, that these Winsock Registry keys were not unique to any particular machine.... meaning they could be transplanted from a working computer, to a broken one. Other factors can play a part in successfully restoring these winsock values, such as disabling the network adapter before the import of the new Registry keys. Also with Windows XP came the very handy "netsh.exe" with the commandline to Reset TCP. Although this will reset TCP settings, also removing any tweaks and other modifications done, it does not touch the registry Winsock keys. The most common symptom would be a Valid IP address, but no ability to view any Web pages, as well as the "0.0.0.0" IP address symptom and Various Socket Errors. Manually Fix: 1.) From the commandline enter the following: Netsh ip int reset resetlog.txt 2.) These 2 Registry keys will need to be replaced with known good ones. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock2 The "Hosts" file. This file (having no extension) and residing in "C:\Windows\Hosts" for Windows 95 - Me versions and "WINDOWS\system32\drivers\etc\Hosts" for Windows XP. Often this file (blank by default) can become littered with entries, and again, after the removal of Third Party Advertising Clients, that were installed as bundled software with many P2P file Sharing programs, this "Hosts" file retains entries that may be no longer valid. Generally resulting in some web pages and Domains coming up "Blank". ____________________________________________________________________________ The Winsockfix Utility will: 1.) Detect your current Operating System 2.) Release the IP address, taking you "Offline" 3.) Reset the TCP stack using Netsh.exe (Windows XP only) 4.) Delete the current Registry TCP and Winsock Values 5.) Import new "Working" Registry Values 6.) Backup any Current "Hosts" file 7.) Replace the "Hosts" file with a default one 8.) Reboot the Computer ____________________________________________________________________________ No one should rely on "Quick Fixes" to resolve their connection issues, only by taking responsibilty for the software you allow to be installed, can you protect yourself from re-occurring problems. A Google search for information relating to "SpyWare" can usually point you in the right direction to get information on the Program you wish to install or Try. Chances are there will be many reviews of it, and you get a feel for the type of program it is,and what some of the issues with it will be from other peoples opinions. An understanding of why some programs are "Free" in cost,but you end up paying with damage to your system settings, Background running Programs, whose only purpose is to plaque the User with non-stop Pop-up advertising, and an overall drain on system resources. ____________________________________________________________________________ WinsockFix was written and designed by: Option^Explicit Software Solutions cc Theron Skryba Winnipeg, Manitoba Canada Comments email techcd@shaw.ca ____________________________________________________________________________ Additional ERD backup Utilities not written or supported by myself are 1.)ERUNT - The Emergency Recovery Utility NT FreeWare Written by Lars Hederer http://home.t-online.de/home/lars.hederer/erunt 2.)ERU - Emergency Recovery Utility by Microsoft Microsoft Corporation |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值