|
|
[原创]Windows平台反调试技术学习
给你推荐一篇老文章,成体系地总结了一堆相关技术,为防止链接失效,刚才测试了一下,还在 Anti-Unpacker Tricks - Peter Ferrie [2008-05-01] a7eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6H3k6X3g2J5M7X3W2W2i4K6u0W2N6s2u0A6M7r3!0V1i4K6u0W2j5$3!0E0i4K6u0r3M7r3q4H3k6i4u0K6i4K6u0r3N6h3&6H3j5h3y4C8k6i4u0K6i4K6u0W2M7r3c8X3 |
|
|
[原创]ida7使用python问题
你已经解决了,我补充一个就此问题的过往讨论 《4.37 Portable IDA+IDAPython》 30cK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6j5%4A6Q4x3X3f1$3x3e0N6Q4x3X3g2U0L8W2)9J5c8Y4m8&6N6r3S2G2L8W2)9J5c8U0t1H3x3U0l9I4x3e0p5^5x3U0t1@1y4W2)9J5k6i4c8^5N6l9`.`. 4.37 Portable IDA+IDAPython 0ceK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6j5%4A6Q4x3X3f1$3x3e0N6Q4x3X3g2U0L8W2)9J5c8Y4m8&6N6r3S2G2L8W2)9J5c8U0t1H3x3U0l9I4x3e0p5^5x3U0t1@1y4W2)9J5k6i4c8^5N6l9`.`. Q: IDA已经绿色化,现在不想让IDA去找安装过的Python,事实上也没安装Python,但又 需要用IDAPython。启动IDA时提示: LoadLibrary(X:\Green\IDA\plugins\idapython3.dll) error: 找不到指定的模块。 X:\Green\IDA\plugins\idapython3.dll: can't load file 启动后底部没有Python命令栏。 A: zyh 2020-11-18 下载便携版Python 137K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2H3P5i4c8Z5L8$3&6Q4x3X3g2G2M7X3N6Q4x3V1k6V1L8%4N6F1L8r3!0S2k6s2y4Q4x3V1j5`. 5ceK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2H3P5i4c8Z5L8$3&6Q4x3X3g2G2M7X3N6Q4x3V1k6V1L8%4N6F1L8r3!0S2k6s2y4Q4x3V1k6J5k6h3I4W2j5i4y4W2i4K6u0r3M7s2W2@1K9r3!0F1i4K6u0V1x3K6V1H3i4K6u0r3 7f9K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2H3P5i4c8Z5L8$3&6Q4x3X3g2G2M7X3N6Q4x3V1k6X3N6s2m8Q4x3V1k6H3P5i4c8Z5L8$3&6Q4x3V1j5K6i4K6u0W2z5g2)9J5k6e0m8Q4x3V1k6H3P5i4c8Z5L8$3&6Q4x3X3b7K6i4K6u0W2z5g2)9J5k6e0m8Q4x3X3c8W2L8h3u0W2k6q4)9J5k6r3q4E0k6o6j5@1i4K6u0W2P5X3W2H3 从python-3.9.0-embed-amd64.zip中析取如下文件: python3.dll python39.dll python39.zip python39._pth _ctypes.pyd libffi-7.dll 复制到IDA根目录,比如: X:\Green\IDA\ 一般情况下已经可以使用IDAPython。如果再有问题,用Process Monitor监控 ida64.exe,补齐缺失的组件。从此随意移动IDA根目录到别处使用。 D: scz 2020-11-19 按前述办法简单处理后,在IDA的Python命令栏已经可以执行很多Python代码,但毕 竟Python环境不完善,有可能在后续使用中碰上问题,见招拆招。 比如,在IDA的Python命令栏输入"import socket",提示: Traceback (most recent call last): File "<string>", line 1, in <module> File "<frozen zipimport>", line 259, in load_module File "socket.py", line 51, in <module> ModuleNotFoundError: No module named '_socket' 此时需要复制如下文件到IDA根目录: _socket.pyd select.pyd 我是怎么知道的呢?愣试是一种办法,我则是用Process Monitor监控便携版 python.exe,在后者中"import socket",看它加载了哪些文件。 偷懒的话,把python-3.9.0-embed-amd64.zip中所有文件复制到IDA根目录好了,一 堆pyd、dll文件。不过IDAPython编程比较特殊,很可能不需要那些库。 D: scz 2020-11-20 IDAPython可能会去找这些注册表项: -------------------------------------------------------------------------- Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\Python\PythonCore\3.9\InstallPath] @="C:\\Python39\\" "ExecutablePath"="C:\\Python39\\python.exe" "WindowedExecutablePath"="C:\\Python39\\pythonw.exe" [HKEY_CURRENT_USER\SOFTWARE\Python\PythonCore\3.9\PythonPath] @="C:\\Python39\\Lib\\;C:\\Python39\\DLLs\\" -------------------------------------------------------------------------- 找不着时有其他尝试。便携版Python肯定没有这些注册表项,安装版Python有。 Q: IDA 7.6 SP1已经绿色化。按前述办法将Python相关文件置于IDA相关目录,启动时告 警: WARNING: Python 3 is not configured (Python3TargetDLL value is not set). Please run idapyswitch to select a Python 3 install. IDA 7.5系列无此问题。 A: scz 2021-05-01 IDA 7.6相比IDA 7.5在寻找Python解释引擎的套路上有变,后者会尝试当前目录,前 者不会。7.6有个idapyswitch.exe用于处理此事,如欲使用当前目录下的Python引擎, 可以这样: $ idapyswitch.exe --force-path .\python3.dll 它实际设置注册表项 -------------------------------------------------------------------------- Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\Hex-Rays\IDA] "Python3TargetDLL"=".\\python39.dll" -------------------------------------------------------------------------- reg.exe delete "HKCU\SOFTWARE\Hex-Rays\IDA" /v "Python3TargetDLL" /f reg.exe add "HKCU\SOFTWARE\Hex-Rays\IDA" /v "Python3TargetDLL" /t REG_SZ /d ".\python39.dll" /f reg.exe query "HKCU\SOFTWARE\Hex-Rays\IDA" /v "Python3TargetDLL" |
|
|
|
|
|
[原创]VMP完整源码大放送
谢谢分享 |
|
|
[原创]用RSA-Tools破解RSA-1024..
欧拉定理 若a、n>1都是正整数,且gcd(a,n)=1,则: a^φ(n)≡1(mod n) a^(φ(n)+1)≡a(mod n) 上述运算成立的充要条件里并未要求n为合数,RSA只是欧拉定理很小的一次应用。当n是单素数时,存在符合欧拉定理的情形。 |
|
|
[分享]IDA_Patch_KEYGEN源码
你别跟他吵了,我看过几次他的发言,感觉精神状态不稳定,非常冲,再吵下去,可能影响你的心情。 |
|
|
linux端口复用,可以做的加我
可以参考一下这两个东西 sshttp f17K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6K6N6r3g2S2L8s2c8Z5i4K6u0r3M7%4y4Z5N6s2c8H3 sslh - ssl/ssh multiplexer 2fbK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4u0#2N6s2y4U0K9r3I4W2i4K6u0W2L8X3g2@1i4K6u0r3N6r3g2U0K9q4)9J5c8Y4y4K6L8r3S2Q4x3X3g2K6K9s2c8E0L8l9`.`. |
|
|
解一个简单的RSA题目
你可以自己加,我不想加,没有为什么
最后于 2023-10-5 17:41
被scz编辑
,原因:
|
|
|
|
|
|
|
|
|
|
|
|
[求助]Win11下如何调试服务
windbg帮助(debugger.chm) Debugging Techniques Specialized Debugging Techniques Debugging a Service Application Choosing the Best Method Preparing to Debug the Service Application Debugger Operation Remote Debugging Remote Debugging Through the Debugger Activating a Debugging Server Activating a Debugging Client Controlling a Remote Debugging Session 官方文档是最好的,你可能没有完整地看上面这几段内容。就算用IFEO,为了调试服务启动阶段,需要用到"Debugging Server",这是个严格术语,对应"-server"参数。 |
|
|
[原创]分享正规的有效数字签名证书
谢谢分享 |
|
|
|
|
|
[原创]DTrace 研究
没想到DTrace有在Windows上出现的一天,真是活久见。学习了,谢谢分享。 |
glopen
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
勋章
兑换勋章
证书
证书查询 >
能力值
