|
[原创]Antirootkit: CodeWalker
*** Fatal System Error: 0x00000050 (0xF79E6998,0x00000000,0xF52796D8,0x00000003) Driver at fault: *** cmcantirootkit.sys - Address F52796D8 base at F526E000, DateStamp 4925140b . Break instruction exception - code 80000003 (first chance) A fatal system error has occurred. Debugger entered on first try; Bugcheck callbacks have not been invoked. A fatal system error has occurred. Connected to Windows XP 2600 x86 compatible target, ptr64 FALSE Loading Kernel Symbols |
|
[原创]Antirootkit: CodeWalker
Chinese English . sorry for may poor English. I haven't study it for more than two years... |
|
[原创]Antirootkit: CodeWalker
I am wondering if your proc is worthiness to reserve. |
|
[原创]Antirootkit: CodeWalker
good job! but I found some problems with your program 1. when I want to skip Scanning Hidden file. I pushed down on the "skip" Button, but It dose not work. 2. your code HOOK scan module is so weak that It can not detect my inline hook. I think you just scan functions that are exported by ntoskrnl/ntkrnlpa...,but there are still many undocumneted APIs you had missed. here is the result: 3. "Hidden Module",is also not strong enough, My virus proc bypass it easily. 4. "Process Module", can't kill my protected EXE. DKOM+inline... 5. other.... |
|
[讨论]发现360的句柄保护的问题
R大哥~~ |
|
[分享]HOOK SwapContext 枚举隐藏进程(学习笔记4)
thanks~~ |
|
|
|
[原创]反破解技巧 - 随机密码
但是你的病毒代码在解密之前已经是固定了的呀. 那样的话解密密匙也是固定的了. DecodeKey: db 0 <--- 这里的密匙能随机生成,但是病毒主体已经被固定的密匙加密了呀. 有啥用? 或许我没理解清楚,还请指点~~~ |
|
[分享]HOOK SwapContext 枚举隐藏进程(学习笔记4)
res=(PCHAR)(Thread->Tcb.KernelStack); KernelStack 是当前线程的内核栈. 我记得里面偏移0x0C是EBP. 好像没有一个对应的结构啊. 难道必须用windbg动态跟踪吗? LZ若有KernelStack 的结构,麻烦贴一下呀~~ 写得不错,学习啦~ |
|
[求助]什么是CPU的分配粒度?????
就是不想告诉你呗. |
|
|
|
|
|
|
|
|
|
[求助]驱动开发可以实现些什么
可以写病毒,可以写安全软件,可以赚钱. |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值