|
[原创]小试甲壳
你的兄弟好厉害 |
|
[原创]经历千辛万苦,终极软件保护系统---甲壳终于发布了!
给楼主提供BUG有什么奖励? |
|
[原创]莫拉克代表队CrackMe
哦。。。。。 |
|
|
|
[分享]笨笨雄职场游记(一) 你是否也在迷茫?
3C 不够火 |
|
[分享]笨笨雄职场游记(一) 你是否也在迷茫?
根据林sir的说法,F5不好,RSS订阅才是科学的做法 |
|
[原创]发个贴子:“对抗动态注入”,看能不能求个职位
我是来忽悠的 |
|
[求助]debugactiveprocess 可以同时调试两个进程吗?
可以的,windbg就可以 |
|
|
|
[原创]软件保护壳技术专题 - 变形引擎的构建
完了,cm大赛会有人用你代码参战了 |
|
[原创]发个贴子:“对抗动态注入”,看能不能求个职位
我测试不多,没有大范围使用过,没碰到过失败的情况 |
|
|
|
[原创]发个贴子:“对抗动态注入”,看能不能求个职位
汗,刚刚回来,发现你附件没了。。这也太小气了吧 我的注入方式,献丑一下了 BOOL StartGame(const char *pGamePath, const char *pCmdLine, const char *pInjectDLL) { STARTUPINFO si = {0}; PROCESS_INFORMATION pi = {0}; CONTEXT ctx = {0}; BOOL bRetValue = FALSE; BYTE buf[400] = {0}; DWORD NewEip; DWORD num; DWORD p; DWORD q; if(!pGamePath || !pCmdLine || !pInjectDLL) return FALSE; DWORD pfnLoadLibraryA = (DWORD)GetProcAddress(LoadLibrary("Kernel32"), "LoadLibraryA"); si.cb = sizeof(si); bRetValue = CreateProcessA(pGamePath, (LPSTR)pCmdLine, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &si, &pi); if(!bRetValue) { // 启动失败 DbgString ("启动游戏失败\n"); return bRetValue; } ctx.ContextFlags = CONTEXT_FULL; if(GetThreadContext(pi.hThread, &ctx)) { DbgString ("Context : \neax: %08X\necx: %08X\nedx: %08X\nebx: %08X\nesp: %08X\nebp: %08X\nesi: %08X\nedi: %08X\neip: %08X\n", ctx.Eax, ctx.Ecx, ctx.Edx, ctx.Ebx, ctx.Esp, ctx.Ebp, ctx.Esi, ctx.Edi, ctx.Eip ); } else return bRetValue; //NewEip = (ctx.Esp - sizeof(buf)) & 0xFFFFFFE0; NewEip = (DWORD)VirtualAllocEx(pi.hProcess, NULL, sizeof(buf), MEM_COMMIT, PAGE_EXECUTE_READWRITE); p = 0; buf[p++] = 0x60; // pushad buf[p++] = 0x9C; // pushfd buf[p++] = 0x68; // push xxxxxxxx q = p; p += 4; buf[p++] = 0xE8; // call LoadLibraryA *(DWORD*)&buf[p] = pfnLoadLibraryA - (NewEip + p + 4); p += 4; buf[p++] = 0x9D; // popfd buf[p++] = 0x61; // popad //buf[p++] = 0xB8; // mov eax, //*(DWORD*)&buf[p] = ctx.Eax; //p += 4; //buf[p++] = 0xB9; // mov ecx, //*(DWORD*)&buf[p] = ctx.Ecx; //p += 4; //buf[p++] = 0xBA; // mov edx, //*(DWORD*)&buf[p] = ctx.Edx; //p += 4; //buf[p++] = 0xBB; // mov ebx, //*(DWORD*)&buf[p] = ctx.Ebx; //p += 4; //buf[p++] = 0xBC; // mov esp, //*(DWORD*)&buf[p] = ctx.Esp; //p += 4; //buf[p++] = 0xBD; // mov ebp, //*(DWORD*)&buf[p] = ctx.Ebp; //p += 4; //buf[p++] = 0xBE; // mov esi, //*(DWORD*)&buf[p] = ctx.Esi; //p += 4; //buf[p++] = 0xBF; // mov edi, //*(DWORD*)&buf[p] = ctx.Edi; //p += 4; buf[p++] = 0xE9; // jmp [orgeip] *(DWORD*)&buf[p] = ctx.Eax - (NewEip + p + 4); p += 4; p ++; strcpy((char*)&buf[p], pInjectDLL); *(DWORD*)&buf[q] = NewEip + p; //VirtualProtectEx(pi.hProcess, (LPVOID)NewEip, sizeof(buf), PAGE_EXECUTE_READWRITE, &num); WriteProcessMemory(pi.hProcess, (LPVOID)NewEip, (LPCVOID)buf, sizeof(buf), &num); FlushInstructionCache(pi.hProcess, (LPVOID)NewEip, sizeof(buf)); ctx.Eax = NewEip; // SetThreadContext(pi.hThread, &ctx); ResumeThread(pi.hThread); CloseHandle(pi.hThread); CloseHandle(pi.hProcess); return TRUE; } |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值