|
[求助][求助]种了病毒,麻烦大家帮我看看它是什么病毒,做了什么
这个老掉牙的病毒,现在还有人中啊 |
|
|
|
[原创]FUTO_enhanced点滴笔记
古老的还是算了,,,来点新颖的,,, |
|
|
|
[求助]能不能在模块入口处使OD断下
有设置的,,,, |
|
[求助]改变文件的结构
你问得太多了,,,而且你的问题象是你没有尝试过解决就问一样,,,最后一次答你,,,然后不再回这个帖了,,, DEBUG方式编译的好象是有重定位表的,,,自己看编译器和链接器帮助,输入/?就可以查看了,,,在BIN文件夹里面 |
|
[求助]如何翻录黑鹰教程
自学成材,,,要看就自己找书找资料看,,,看雪这里这么多文章,,,看完都差不多了,,, |
|
[求助]改变文件的结构
问题的关键是有没有重定位表,,,只要有,你爱怎么玩怎么玩,,,但是一般EXE的RELEASE编译方式,默认是不带重定位表的,,, |
|
PEID的困惑
特征码是一样的 |
|
预告
观望中~~~~~~~ |
|
[求助]改变文件的结构
除非PE有重定位表,,,否则指针全部都会指错,, |
|
[学习]Unlock WinLicense Hardware dependent lock
来学习了,,,,,,, |
|
[求助]多线程的exe该如何破解??
CreateThread The CreateThread function creates a thread to execute within the virtual address space of the calling process. To create a thread that runs in the virtual address space of another process, use the CreateRemoteThread function. HANDLE CreateThread( LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags, LPDWORD lpThreadId ); Parameters lpThreadAttributes [in] Pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle can be inherited by child processes. If lpThreadAttributes is NULL, the handle cannot be inherited. The lpSecurityDescriptor member of the structure specifies a security descriptor for the new thread. If lpThreadAttributes is NULL, the thread gets a default security descriptor. The ACLs in the default security descriptor for a thread come from the primary token of the creator. Windows XP/2000/NT: The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the creator. This behavior changed with Windows XP SP2 and Windows Server 2003. dwStackSize [in] Initial size of the stack, in bytes. The system rounds this value to the nearest page. If this parameter is zero, the new thread uses the default size for the executable. For more information, see Thread Stack Size. lpStartAddress [in] Pointer to the application-defined function to be executed by the thread and represents the starting address of the thread. For more information on the thread function, see ThreadProc. lpParameter [in] Pointer to a variable to be passed to the thread. dwCreationFlags [in] Flags that control the creation of the thread. If the CREATE_SUSPENDED flag is specified, the thread is created in a suspended state, and will not run until the ResumeThread function is called. If this value is zero, the thread runs immediately after creation. If the STACK_SIZE_PARAM_IS_A_RESERVATION flag is specified, the dwStackSize parameter specifies the initial reserve size of the stack. Otherwise, dwStackSize specifies the commit size. Windows 2000/NT and Windows Me/98/95: The STACK_SIZE_PARAM_IS_A_RESERVATION flag is not supported. lpThreadId [out] Pointer to a variable that receives the thread identifier. If this parameter is NULL, the thread identifier is not returned. Windows Me/98/95: This parameter may not be NULL. |
|
[求助]在驱动中验注册信息的求助
那个是设备名,不是驱动名,用DEVICETREE(DDK里面的一个工具)可以查到对应的SYS |
|
[求助]请问谁能介绍一下IDA中create function 的相关选项功能,载入.h文件的功能,设置函数定义的功能,谢谢
http://www.pediy.com/practise/IDA.htm 先看看这个吧。能解答你部分问题 |
|
[原创]Magic DVD Ripper 5.2.1 build 2的算法分析(高手略过)
仅作鼓励~~~~~~~LZ还是玩点高级点的东西吧 |
|
[求助]脱脱老王的2007.4.11壳的问题
不是高低手的问题,坦白说,谁有时间,只要懂逆向,有耐心都可以随便搞~~~ 1年,OR,2年? 问题是没事谁会去花时间搞那个东西?就为了让你一个人称赞吗? 自己事情自己做~~~除非你根本就不会反汇编 |
|
[求助]请教如何对抗内存校验
插件不清楚,实现原理方面如下~~~ 不过通过拦截页异常(貌似是INT 0X0E) 可以做到这个效果 详细可以看看这篇文章 http://bbs.pediy.com/showthread.php?t=56689 或者直接参考INTEL的开发者文档关于内存管理的部分 如果要简单的实现也可以,把所有代码段的页属性改成PAGE_EXECUTE 接管对应的异常,并从预先备分的数据中读取未被修改的代码 希望能帮上点忙 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值