|
[求助]如何动态加载位图文件到内存.??
hDc = GetDC(hWnd); hMemDc = CreateCompatibleDC(hDC); hBitmap = LoadBitmap(hInstance,lpBitmapResourceNameOrID); SelectObject(hMemDc,hBitmap); BitBlt(hDc,nXDest,nYDest,nWidth,nHeight,hMemDc,nXSrc,nYSrc,dwRop); ........ ........ ReleaseDC(hWnd,hDc); DeleteObject(hMemDc); |
|
[求助]小菜脱壳求助 附代码
论坛可是不允许请求破解的。包括脱壳,少打了几个字,论坛管理规定有说明。 花指令只要知道花指令是如何干扰正常代码的简单的花指令清除不难(有些精心构造的花指令则不容易清除),难的是清除烦人。 |
|
[求助]push eax 与 sub esp,0x4的问题
从你发的代码上看这样修改没有错,不明白你的程序修改后是哪里开始出错。 |
|
[求助]依然PEID
据说vera 0.15对Aspr壳版本侦察比较准确。 |
|
|
|
[求助]用C++读内存中地址的16进制值
内存数据没有什么ASCII码,所有的数值都是二进制流,你读出来的0x94可以将他看成是十六进制数值0x94,也可以将他看成是一个对应0x94的ASCII码。 |
|
[求助]有个问题想问问大大们...
已阅,不过对这些我也不清楚。 |
|
[己解决]关于CCDebuger大哥《OllyDBG 入门系列(七)汇编功能》有些不懂的地方
1、在Windows开发中,微软为开发者提供的SDK开发包中定义者各种各种的类型ID值应用在不同的地方,这些ID值一般都可以在微软的SDK开发包文档中搜索到。其中SDK开发包中定义了各种消息的ID值,而30h的消息ID值被定义为WM_SETFONT的消息ID,就目前来说,这个消息ID值代表WM_SETFONT消息在所有的微软SDK编程中是固定的(除非以后微软变更消息ID值)。 2、LOGFONT结构在微软的SDK开发包中也有定义,他的大小由结构成员类型和多少来计算(不过,这个CC兄貌似说错了大小,LOGFONT结构的大小应该是60个字节大小)。如下面是SDK开发包中的LOGFONT结构的定义 typedef struct tagLOGFONT { // lf LONG lfHeight; // 0 LONG lfWidth; // 4 LONG lfEscapement; // 8 LONG lfOrientation; // 12 LONG lfWeight; // 16 BYTE lfItalic; // 20 BYTE lfUnderline; // 21 BYTE lfStrikeOut; // 22 BYTE lfCharSet; // 23 BYTE lfOutPrecision; // 24 BYTE lfClipPrecision; // 25 BYTE lfQuality; // 26 BYTE lfPitchAndFamily; // 27 TCHAR lfFaceName[LF_FACESIZE]; // 28 + LF_FACESIZE(32) = 60个字节大小(LF_FACESIZE被微软SDK开发包中定义为32大小) } LOGFONT; 第三、这个是编程中用来填充LOGFONT结构中的数据,这些数据值在SDK开发包中也有定义,你上面的数据转成编程就是代表下面的属性值。 F4FFFFFF lfHeight 00000000 lfWidth 00000000 lfEscapement 00000000 lfOrientation 90010000 lfWeight 00 lfItalic 00 lfUnderline 00 lfStrikeOut 86 lfCharSet 00 lfOutPrecision 00 lfClipPrecision 00 lfQuality 00 lfPitchAndFamily CB CE CC E5 lfFaceName (这个ASCII码是'宋体'字符的ASCII码,也就是说在这个结构中使用宋体字体) // 最后,下面提供微软SDK开发包对LOGFONT结构每个成员的属性说明,前面的数据都是根据微软SDK开发包说明的属性进行填充的。 The LOGFONT structure defines the attributes of a font. typedef struct tagLOGFONT { // lf LONG lfHeight; LONG lfWidth; LONG lfEscapement; LONG lfOrientation; LONG lfWeight; BYTE lfItalic; BYTE lfUnderline; BYTE lfStrikeOut; BYTE lfCharSet; BYTE lfOutPrecision; BYTE lfClipPrecision; BYTE lfQuality; BYTE lfPitchAndFamily; TCHAR lfFaceName[LF_FACESIZE]; } LOGFONT; Members lfHeight Specifies the height, in logical units, of the font's character cell or character. The character height value (also known as the em height) is the character cell height value minus the internal-leading value. The font mapper interprets the value specified in lfHeight in the following manner: Value Meaning > 0 The font mapper transforms this value into device units and matches it against the cell height of the available fonts. 0 The font mapper uses a default height value when it searches for a match. < 0 The font mapper transforms this value into device units and matches its absolute value against the character height of the available fonts. For all height comparisons, the font mapper looks for the largest font that does not exceed the requested size. This mapping occurs when the font is used for the first time. For the MM_TEXT mapping mode, you can use the following formula to specify a height for a font with a given point size: lfHeight = -MulDiv(PointSize, GetDeviceCaps(hDC, LOGPIXELSY), 72); lfWidth Specifies the average width, in logical units, of characters in the font. If lfWidth is zero, the aspect ratio of the device is matched against the digitization aspect ratio of the available fonts to find the closest match, determined by the absolute value of the difference. lfEscapement Specifies the angle, in tenths of degrees, between the escapement vector and the x-axis of the device. The escapement vector is parallel to the base line of a row of text. Windows NT: When the graphics mode is set to GM_ADVANCED, you can specify the escapement angle of the string independently of the orientation angle of the string's characters. When the graphics mode is set to GM_COMPATIBLE, lfEscapement specifies both the escapement and orientation. You should set lfEscapement and lfOrientation to the same value. Windows 95: The lfEscapement member specifies both the escapement and orientation. You should set lfEscapement and lfOrientation to the same value. lfOrientation Specifies the angle, in tenths of degrees, between each character's base line and the x-axis of the device. lfWeight Specifies the weight of the font in the range 0 through 1000. For example, 400 is normal and 700 is bold. If this value is zero, a default weight is used. The following values are defined for convenience: Value Weight FW_DONTCARE 0 FW_THIN 100 FW_EXTRALIGHT 200 FW_ULTRALIGHT 200 FW_LIGHT 300 FW_NORMAL 400 FW_REGULAR 400 FW_MEDIUM 500 FW_SEMIBOLD 600 FW_DEMIBOLD 600 FW_BOLD 700 FW_EXTRABOLD 800 FW_ULTRABOLD 800 FW_HEAVY 900 FW_BLACK 900 lfItalic Specifies an italic font if set to TRUE. lfUnderline Specifies an underlined font if set to TRUE. lfStrikeOut Specifies a strikeout font if set to TRUE. lfCharSet Specifies the character set. The following values are predefined: ANSI_CHARSET DEFAULT_CHARSET SYMBOL_CHARSET SHIFTJIS_CHARSET GB2312_CHARSET HANGEUL_CHARSET CHINESEBIG5_CHARSET OEM_CHARSET Windows 95 only: JOHAB_CHARSET HEBREW_CHARSET ARABIC_CHARSET GREEK_CHARSET TURKISH_CHARSET THAI_CHARSET EASTEUROPE_CHARSET RUSSIAN_CHARSET MAC_CHARSET BALTIC_CHARSET The OEM_CHARSET value specifies a character set that is operating-system dependent. You can use the DEFAULT_CHARSET value to allow the name and size of a font to fully describe the logical font. If the specified font name does not exist, a font from any character set can be substituted for the specified font, so you should use DEFAULT_CHARSET sparingly to avoid unexpected results. Fonts with other character sets may exist in the operating system. If an application uses a font with an unknown character set, it should not attempt to translate or interpret strings that are rendered with that font. This parameter is important in the font mapping process. To ensure consistent results, specify a specific character set. If you specify a typeface name in the lfFaceName member, make sure that the lfCharSet value matches the character set of the typeface specified in lfFaceName. lfOutPrecision Specifies the output precision. The output precision defines how closely the output must match the requested font's height, width, character orientation, escapement, pitch, and font type. It can be one of the following values: Value Meaning OUT_CHARACTER_PRECIS Not used. OUT_DEFAULT_PRECIS Specifies the default font mapper behavior. OUT_DEVICE_PRECIS Instructs the font mapper to choose a Device font when the system contains multiple fonts with the same name. OUT_OUTLINE_PRECIS Windows NT: This value instructs the font mapper to choose from TrueType and other outline-based fonts.Windows 95: This value is not used. OUT_RASTER_PRECIS Instructs the font mapper to choose a raster font when the system contains multiple fonts with the same name. OUT_STRING_PRECIS This value is not used by the font mapper, but it is returned when raster fonts are enumerated. OUT_STROKE_PRECIS Windows NT: This value is not used by the font mapper, but it is returned when TrueType, other outline-based fonts, and vector fonts are enumerated. Windows 95: This value is used to map vector fonts, and is returned when TrueType or vector fonts are enumerated. OUT_TT_ONLY_PRECIS Instructs the font mapper to choose from only TrueType fonts. If there are no TrueType fonts installed in the system, the font mapper returns to default behavior. OUT_TT_PRECIS Instructs the font mapper to choose a TrueType font when the system contains multiple fonts with the same name. Applications can use the OUT_DEVICE_PRECIS, OUT_RASTER_PRECIS, and OUT_TT_PRECIS values to control how the font mapper chooses a font when the operating system contains more than one font with a given name. For example, if an operating system contains a font named Symbol in raster and TrueType form, specifying OUT_TT_PRECIS forces the font mapper to choose the TrueType version. Specifying OUT_TT_ONLY_PRECIS forces the font mapper to choose a TrueType font, even if it must substitute a TrueType font of another name. lfClipPrecision Specifies the clipping precision. The clipping precision defines how to clip characters that are partially outside the clipping region. It can be one or more of the following values: Value Meaning CLIP_DEFAULT_PRECIS Specifies default clipping behavior. CLIP_CHARACTER_PRECIS Not used. CLIP_STROKE_PRECIS Not used by the font mapper, but is returned when raster, vector, or TrueType fonts are enumerated.Windows NT: For compatibility, this value is always returned when enumerating fonts. CLIP_MASK Not used. CLIP_EMBEDDED You must specify this flag to use an embedded read-only font. CLIP_LH_ANGLES When this value is used, the rotation for all fonts depends on whether the orientation of the coordinate system is left-handed or right-handed. If not used, device fonts always rotate counterclockwise, but the rotation of other fonts is dependent on the orientation of the coordinate system.For more information about the orientation of coordinate systems, see the description of the nOrientation parameter CLIP_TT_ALWAYS Not used. lfQuality Specifies the output quality. The output quality defines how carefully the graphics device interface (GDI) must attempt to match the logical-font attributes to those of an actual physical font. It can be one of the following values: Value Meaning DEFAULT_QUALITY Appearance of the font does not matter. DRAFT_QUALITY Appearance of the font is less important than when PROOF_QUALITY is used. For GDI raster fonts, scaling is enabled, which means that more font sizes are available, but the quality may be lower. Bold, italic, underline, and strikeout fonts are synthesized if necessary. PROOF_QUALITY Character quality of the font is more important than exact matching of the logical-font attributes. For GDI raster fonts, scaling is disabled and the font closest in size is chosen. Although the chosen font size may not be mapped exactly when PROOF_QUALITY is used, the quality of the font is high and there is no distortion of appearance. Bold, italic, underline, and strikeout fonts are synthesized if necessary. lfPitchAndFamily Specifies the pitch and family of the font. The two low-order bits specify the pitch of the font and can be one of the following values: DEFAULT_PITCH FIXED_PITCH VARIABLE_PITCH Bits 4 through 7 of the member specify the font family and can be one of the following values: FF_DECORATIVE FF_DONTCARE FF_MODERN FF_ROMAN FF_SCRIPT FF_SWISS The proper value can be obtained by using the Boolean OR operator to join one pitch constant with one family constant. Font families describe the look of a font in a general way. They are intended for specifying fonts when the exact typeface desired is not available. The values for font families are as follows: Value Meaning FF_DECORATIVE Novelty fonts. Old English is an example. FF_DONTCARE Don't care or don't know. FF_MODERN Fonts with constant stroke width (monospace), with or without serifs. Monospace fonts are usually modern. Pica, Elite, and CourierNew?are examples. FF_ROMAN Fonts with variable stroke width (proportional) and with serifs. MS?Serif is an example. FF_SCRIPT Fonts designed to look like handwriting. Script and Cursive are examples. FF_SWISS Fonts with variable stroke width (proportional) and without serifs. MS?Sans Serif is an example. lfFaceName A null-terminated string that specifies the typeface name of the font. The length of this string must not exceed 32 characters, including the null terminator. The EnumFontFamilies function can be used to enumerate the typeface names of all currently available fonts. If lfFaceName is an empty string, GDI uses the first font that matches the other specified attributes. |
|
[求助]一句 C 代码 转成 Delphi
而且,你的汇编代码也转换错了,应该是这样才对: function GetPE(ibase:dword):DWORD;stdcall var ibaseDD:DWORD; asm mov eax,ibase // 下面两句是#define ibaseDD *(PDWORD)&ibase代码的汇编 mov ibaseDD,eax mov eax,ibaseDD // 这一句当程序被编译成EXE之后其实是mov eax,[ebp-4] mov ecx,[eax+$3c] mov edx,ibase // 这一句当程序被编译成EXE之后其实是mov edx,[ebp+8] mov eax,[edx+ecx] end; begin ShowMessage(GetPE(ibase)); //这样调用 end; |
|
[求助]一句 C 代码 转成 Delphi
我给的代码没有错,只是你给的代码不完整。你完整的代码我估计是这样的: ibase变量保存着的是PE文件的ImageBase基地址。所以 #define ibaseDD *(PDWORD)&ibase 这个操作就是将ibase变量类型强制转换为PDWORD指针,并将ibase保存着的PE文件ImageBase地址传给ibaseDD变量。如你可以测试测试下面的代码得出的结果应该和你得出的结果是相同的。 var ibaseDD:DWORD; ibase:DWORD; begin ibase := hInstance; // 我这里是测试,所以将自己的程序的hInstance基地址传给ibase变量 ibaseDD := PDWORD(@ibase)^; // 这里是转换你前面的代码。 ShowMessage(IntToStr(DWORD(PDWORD(ibaseDD + DWORD(pImageDosHeader(ibaseDD)._lfanew))^))); // 这里显示17744的值 end; |
|
[求助]一句 C 代码 转成 Delphi
#define ibaseDD *(PDWORD)&ibase var ibaseDD:DWORD; begin ibaseDD := PDWORD(@ibase)^; end; |
|
[求助]带三个操作数的imul指令怎么搞?
edi = edi * 6B == edi = 1EF * 6B是等于CEE5没错。-_-!实在不清楚你的6CC6是如何算出来的。 |
|
[讨论]输入表是否会自动为API加上A或W?
SHELL32.dll有有三个这样的函数,除了加上A和W的,还有一个没有加A的这个函数。 |
|
[求助]重定位问题?
push了[hiocp],代码里已经写的清楚了(ebx是修正重定位用的,你可以不用去看他)。 |
|
[求助]重定位问题?
call是使用相对偏移进行Call的,自己的代码在相对偏移方面不管将代码注入到哪里都是不会改变的,所以自己的call方法可以直接call。 |
|
[求助]VC++ 的变量!!!!
没有写过这方面的代码,所以,我也没办法回答你这个问题。 |
|
[求助]c++ 在SDK下动态创建按钮和编辑框
#include <windows.h> HINSTANCE g_hInstance; HWND hEdit, hButton; LRESULT CALLBACK WindowProc( HWND hwnd, // handle to window UINT uMsg, // message identifier WPARAM wParam, // first message parameter LPARAM lParam // second message parameter ); int WINAPI WinMain( HINSTANCE hInstance, // handle to current instance HINSTANCE hPrevInstance, // handle to previous instance LPSTR lpCmdLine, // command line int nCmdShow // show state ) { g_hInstance = hInstance; WNDCLASS ws; ws.cbClsExtra=0; ws.cbWndExtra=0; ws.hbrBackground=(HBRUSH)GetStockObject(WHITE_BRUSH); ws.hCursor=LoadCursor(NULL,IDC_ARROW); ws.hIcon=LoadIcon(NULL,IDI_APPLICATION); ws.hInstance=hInstance; ws.lpszClassName="学习"; ws.lpszMenuName=NULL; ws.style=CS_HREDRAW|CS_VREDRAW; ws.lpfnWndProc=WindowProc; RegisterClass(&ws); HWND hwnd; int x,y; x=(GetSystemMetrics(SM_CXFULLSCREEN))/2-100; y=(GetSystemMetrics(SM_CYFULLSCREEN))/2-50; hwnd=CreateWindow("学习","hello word!",WS_OVERLAPPEDWINDOW&~WS_MAXIMIZEBOX,x,y,200,100,0,0,hInstance,0); ShowWindow(hwnd,SW_NORMAL); UpdateWindow(hwnd); MSG msg; while (GetMessage(&msg,NULL,0,0)) { TranslateMessage(&msg); DispatchMessage(&msg); } return 0; } LRESULT CALLBACK WindowProc( HWND hwnd, // handle to window UINT uMsg, // message identifier WPARAM wParam, // first message parameter LPARAM lParam // second message parameter ) { switch (uMsg) { case WM_CREATE: hEdit = CreateWindowEx(0,"Edit","Edit",WS_VISIBLE | WS_CHILD,10,10,50,20,hwnd,(HMENU)1000,g_hInstance,NULL); hButton = CreateWindowEx(0,"Button","Button",WS_VISIBLE | WS_CHILD,15,30,35,20,hwnd,(HMENU)1001,g_hInstance,NULL); break; case WM_CLOSE: if (IDYES==MessageBox(0,"是否关闭?","提示",MB_YESNO)) { DestroyWindow(hwnd); } break; case WM_DESTROY: PostQuitMessage(0); break; default: return DefWindowProc(hwnd,uMsg,wParam,lParam); } return 0; } |
|
[求助]softice 的bmsg 断 wm_create
很久没有用SoftICE了,他的命令用法都忘的差不多了。 试试拦载SendMessage和PostMessage两个函数吧。如: bpx SendMessageA if (*esp->8==WM_CREATE) bpx PostMessageA if (*esp->8==WM_CREATE) 当程序断下后,esp+4就是窗口的hWnd了。之后就可以使用bmsg hWnd WM_CREATE了命令了。 |
|
[求助]修改PE返回原入口点的问题?
unsigned char writeline[18]={ 0x6a,0x40,0x6a,0x0,0x6a,0x0,0x6a,0x0,0xe8,0x01,0x0,0x0,0x0,0xe9,0x0,0x0,0x0,0x0 }; 加15主要是定位到writeline代码的第15个字节后要修改writeline[15]后面的数据地址。也就是要修改这里面的数据(红色部分):unsigned char writeline[18]={ 0x6a,0x40,0x6a,0x0,0x6a,0x0,0x6a,0x0,0xe8,0x01,0x0,0x0,0x0,0xe9,0x0,0x0,0x0,0x0 }; 取反主要是为jmp向前跳还是向后跳而决定的,你的代码因为新入口地址在老入口地址前面,jmp要往后面跳,所以必须将双方的偏移地址取反才行,如果新入口地址在老入口地址后面,那就不必取反了。 |
|
[讨论]问个关于写注册机的问题.
将需要计算的数据地址记下,在计算的时候用记下的数据地址来进行计算,而读取地址的上的密码内容数据则以你的地址读取出来的内容为准。 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值