|
|
|
[下载]APIMonitor v1.2.1.83
Great! |
|
[原创]对抗瑞星文件监控 恢复fsd
补充一下所用到的结构: typedef enum _SYSTEM_INFORMATION_CLASS { SystemBasicInformation, SystemProcessorInformation, SystemPerformanceInformation, SystemTimeOfDayInformation, SystemNotImplemented1, SystemProcessesAndThreadsInformation, SystemCallCounts, SystemConfigurationInformation, SystemProcessorTimes, SystemGlobalFlag, SystemNotImplemented2, SystemModuleInformation, SystemLockInformation, SystemNotImplemented3, SystemNotImplemented4, SystemNotImplemented5, SystemHandleInformation, SystemObjectInformation, SystemPagefileInformation, SystemInstructionEmulationCounts, SystemInvalidInfoClass1, SystemCacheInformation, SystemPoolTagInformation, SystemProcessorStatistics, SystemDpcInformation, SystemNotImplemented6, SystemLoadImage, SystemUnloadImage, SystemTimeAdjustment, SystemNotImplemented7, SystemNotImplemented8, SystemNotImplemented9, SystemCrashDumpInformation, SystemExceptionInformation, SystemCrashDumpStateInformation, SystemKernelDebuggerInformation, SystemContextSwitchInformation, SystemRegistryQuotaInformation, SystemLoadAndCallImage, SystemPrioritySeparation, SystemNotImplemented10, SystemNotImplemented11, SystemInvalidInfoClass2, SystemInvalidInfoClass3, SystemTimeZoneInformation, SystemLookasideInformation, SystemSetTimeSlipEvent, SystemCreateSession, SystemDeleteSession, SystemInvalidInfoClass4, SystemRangeStartInformation, SystemVerifierInformation, SystemAddVerifier, SystemSessionProcessesInformation } SYSTEM_INFORMATION_CLASS; typedef struct _SYSTEM_MODULE_INFORMATION { ULONG Reserved[2]; PVOID Base; ULONG Size; ULONG Flags; USHORT Index; USHORT Unknown; USHORT LoadCount; USHORT ModuleNameOffset; CHAR ImageName[256]; } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION; |
|
[原创]对抗瑞星文件监控 恢复fsd
楼主对fastfat.sys的暴力搜索范围是不是小了点,(143360也就是0x23000h) ?? 以下是Ida的代码显示: INIT:0002F953 mov dword ptr [esi+34h], offset byte_11914 INIT:0002F95A mov dword ptr [esi+38h], offset loc_17C8A INIT:0002F961 mov dword ptr [esi+40h], offset loc_147C8 INIT:0002F968 mov dword ptr [esi+44h], offset loc_1060A INIT:0002F96F mov dword ptr [esi+48h], offset loc_10AED INIT:0002F976 mov dword ptr [esi+4Ch], offset loc_1B958 INIT:0002F97D mov dword ptr [esi+50h], offset loc_1E821 INIT:0002F984 mov dword ptr [esi+54h], offset loc_2738A INIT:0002F98B mov dword ptr [esi+58h], offset loc_26D49 INIT:0002F992 mov dword ptr [esi+5Ch], offset loc_20BBE INIT:0002F999 mov dword ptr [esi+60h], offset loc_21331 INIT:0002F9A0 mov dword ptr [esi+64h], offset loc_2F4F4 INIT:0002F9A7 mov dword ptr [esi+80h], offset loc_142FD INIT:0002F9B1 mov dword ptr [esi+68h], offset loc_17B37 INIT:0002F9B8 mov dword ptr [esi+6Ch], offset loc_13948 INIT:0002F9BF mov dword ptr [esi+7Ch], offset loc_2DC4A INIT:0002F9C6 mov dword ptr [esi+70h], offset loc_1D46B INIT:0002F9CD mov dword ptr [esi+78h], offset loc_2E79D INIT:0002F9D4 mov dword ptr [esi+0A4h], offset loc_2E1DB |
|
[求助]一段汇编代码的疑惑!
谢谢楼上的解答,经验证确实是这样! |
|
[原创]山丽公司招聘软件开发人才
那薪资怎么样呢? |
|
招聘软件安全工程师(网游客户端安全方面)--上海
6k在上海有点捉襟见肘了, |
|
[原创]山丽公司招聘软件开发人才
确实就是安铁诺杀毒 |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值