|
[分享]OD寻找程序入口插件
OD应该是停在EP吧。或者CRT _Startup的位置 |
|
[原创]QQ2013最新版 密码记录 原理!!!
是不是说要放到别人的机器上需要让人先运行RemoveProtect |
|
[原创]菜鸟也玩漏洞挖掘(SDEMO 2.0 漏洞挖掘 超简单)
菜鸟竟然也玩漏洞发掘! |
|
[原创]广播?模拟广播
沙发我的 |
|
|
|
[原创]河蟹2
楼主。法务函已发,请查收 |
|
[下载]让32位XP用上大内存
谢谢,从这张图我已经看到了大概, |
|
《Windows内核情景分析》啃完了
我发现那么多书我都没有看完。 |
|
[讨论]看雪论坛能不能加个艾特功能呀
德玛,你还记得我吗,我是埃希啊! |
|
[求助]请问HackShield的生命周期从何而来?
这个不错,如果是剥离了CALLBACK函数应该没有定时调用吧。 |
|
[求助]请问HackShield的生命周期从何而来?
callback没分钟就一次。 |
|
|
|
[原创]Win 7下过盛*大,H*S驱动保护
剥离方法,自己写一个导出ehsvc函数序号的dll,并且每个函数均返回正确的返回值。 而且这个自己写的ehsvcdll必须作为一个自加载dl,而且必须在ehsvc加载之前加载。并且,启动时通过IAT/EAT hook loadlibrary 向程序返回自身的dll句柄。接下来游戏程序通过你的dll句柄查找函数,得到的返回值均是直接返回的正确结果,当遇到HS心跳函数时,直接转发到一个自己写的程序当中,自己的程序相当于一个中介,这个中介主动加载ehsvc.dll,并调用其中的算法,将计算结果返回给游戏,游戏再发送心跳包。 以上是剥离的基本流程。 |
|
|
|
[原创]质因数分解 C语言
收藏了,备用. |
|
[原创]Android Java虚拟机拦截技术分析
Mark: "original" Android Java virtual machine to intercept technical analysis Author: cockroaches. 1 Time: 2013-10-10, 21:44:03 Recent decompiled jinshan drug gangsters, analyze its advertising is how to implement interception function. According to the introduction of jinshan drug gangsters, USES the Java virtual machine to intercept technology, with a curious to study. In the process of check code, will see many hook Java classes, such as ActivityThread, ServiceManager, etc. In the compilation of source code, I mainly tracked about iphonesubinfo intercept service implementation. And test pass through the code and share achievements. 1. The Java virtual machine to intercept technology overall process. 1) first by ptrace injection so to the remote process, for example, jinshan is injected libksrootclient. So to the remote process. 2) in remote process call through ptrace_call libksrootclient in a static method, the method is mainly finished loading encapsulate Java function class jars, and call the class method in jars, finish the hook Java layer in the process of work. As in the loading of the jinshan drug gangsters jars: ksremote jar 2. The key technology 1) so injection So the first step to intercept injection Java virtual machine technology, injection or not determines the success at the back of the interception function. 2) implement interception Java API function module, and export the jar package. Such as mobile phone IMEI/reading if you want to monitor whether ismi, phone number and sim card number. Through source code analysis, access to the information need of TelephonyManager class related method, method of main is by getting iphonesubinfo service class provides functions. So if intercepted by iphonesubinfo service function, can successfully get application whether read equipment information. In Java layer, access to services is by ServiceManager getService method of obtaining, analyzing getService method, this method will first query whether there is any service from sCache, if there is a service that is returned directly. Therefore, if the alteration of sCache iphonesubinfo ibinder references, can realize interception function. 3) through JNI in injection so dynamic loading jars, and implement the key classes of jars, complete Hook Java layer. JNI dynamic loading jars principle can view the posts "Android JNI calling jar package". About android intercept technology in summary: 1. The android API interceptor technology has two modes, one is to intercept C layer API, another kind is to intercept the Java layer API. 2. C layer intercept API In C layer intercepts API interception is the most common research way libbinder. So the ioctl call. In binder communication, user space and kernel space need the ioctl system call, if the system calls, then the argument parsing, can achieve the function of lbe active defense. The premise is must be very familiar with binder mechanism and binder data transmission formats. 3. The Java virtual machine to intercept technology (Java layer intercept) Java layer intercepts the need to realize the key method of interception, the way of intercepting the parameters on a large scale does not need to parse. For example, I in the process of implement interception read imei, simply by intercepting directly returns false, where the Java API application access the imei become null. |
|
求大神解释openssh中数据包的构造过程!!
Writing in the source is not very understand ~ ~ great god to explain From the youdao translation |
|
U盘防拷贝组件工程
Thank you very much for wu on the key technical points of advice! SrcUDiskCpyManager_V2013_1012_1653. Rar I think, five days to get this component. If not from has been achieved in the Demo, out of the corresponding function, is done. folder The specific file folder there any directory file suffix At the request of the Win7X64 issued by demand. At the request of the WinXpX86Sp3 issued by demand. Win7X86 no physical machine, Vmware of Windows not know I see U disk, suspended the platform of the test. Use ApiMonitor can see Win7X64 and win7X86 file operations, call the COM API is the same. * Windows 7 (x86 / x64), Hook COM API, banned by the resource manager to U disk copy files * LsApiHook. DLL: Hook Win32API, the realization of U disk DLP under WinXp Hook function list: CopyFileExW CreateFileW * LsComHookProxy. DLL, Hook COM API, implementation in Windows 7 U disk DLP (x86 / x64) Hook function list: CoCreateInstance, IFileOperation: : CopyItems IFileOperation: : MoveItems IFileOperation: : NewItem IFileOperation: : RenameItem * C + + program invokes the C way of COM interface methods * disable/enable usb drive to copy specific file suffix In the product, with the actual demand of refinement, elaboration strategy, refine the document control. * policies issued, generally is not issued by a control program. * products, specific suffix type of document, to the actual content determination by the PE file, rather than a file suffix [*] software screenshots |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值