|
[求助]为什么在winxp系统中,驱动程序中的__try{} __except{}无效?
Which Exceptions Can Be Trapped Gary Nebbett researched the question of which exceptions can be trapped with the structured exception mechanism and reported his results in a newsgroup post several years ago. In summary, the following exceptions will be caught when they occur at IRQL less than or equal to DISPATCH_LEVEL (note that some of these are specific to the Intel x86 processor): a. Anything signaled by ExRaiseStatus and related functions b. Attempt to dereference invalid pointer to user-mode memory c. Debug or breakpoint exception d. Integer overflow (INTO instruction) e. Invalid opcode Note that a reference to an invalid kernel-mode pointer leads directly to a bug check and can’t be trapped. Likewise, a divide-by-zero exception or a BOUND instruction exception leads to a bug check. |
|
|
|
[求助]请教一个关于windbg符号文件的文题
设置环境变量或者.sympath自己指定 set _NT_SYMBOL_PATH=d:\SYMBOLS 在帮助文件里搜_NT_SYMBOL_PATH,先看帮助文件,再考虑网上的那啥。 |
|
[已解决]VC内嵌汇编时抛异常的问题
不同语言产生的EXE,其进程空间布局不可能一样的。前面那位的答案以及他的猜测都没有问题。这类问题,不调试,没意义。 |
|
|
|
[求助]求助,MingWin32 GCC V3.X [ZIP SFX] * 是什么东西?
[QUOTE=linzhihuey;456602]我用PEID 检测一个管理软件,检测到的是MingWin32 GCC V3.X [ZIP SFX] * ,这是什么东西呢?软件的基本情况是软件给10天的免费用期,注册时弹出一个框,叫你打开license的文件.这个怎么破解??[/QUOTE] 第一个问题的答案是这个 http://www.mingw.org/ http://sourceforge.net/project/showfiles.php?group_id=2435 我编译出来的qemu-system-ppc.exe的PEiD显示就是 MingWin32 - Dev C++ v4.x (h) * |
|
[原创]IOS ShellCode And Exploition Techniques
是前ISS雇员lynn在BlackHat 2005上的一次演讲。一是受到Cisco的法律层面的阻挠,二是受到ISS方面的阻挠,但最本质的是lynn本人不想扩散有价值的信息,这三个原因致使这份演讲稿没有它标题里忽悠的有意思。属于鸡肋性质的。还不如FX曾经给出的那些文档更有意义些。不过lynn这次演讲给全世界即将开展IOS攻击研究的人一剂强心针,因为这是第一次有人公开声称获取了15级的shell,而之前至少浮在水面的研究人员最多是通过改写config文件获取控制,无法热获取15级的shell。不过对于地下世界的(尤指苏联佬、德国佬)IOS攻击研究人员,lynn带来的是裂缝。 |
|
[求助]注入到svchost.exe不能调用MessageBox
看MSDN,MessageBox第四形参或上一个MB_SERVICE_NOTIFICATION |
|
[原创]PE文件格式学习小结 之 校验和的计算
这个,不应该太迷信网络搜索,事实上MSDN里的介绍就足够了。 |
|
[求助]怎么拦截IIS的访问?
你是在用户态拦的吧,你对付的是高版本的IIS吧,那是在内核里直接处理了80/TCP。有个驱动,应该是叫http.sys,在用户态拦不到的。 |
|
[求助]关于RSA的私匙和公匙,2个互换是否会影响强度?
从某种角度说,对加密强度会有一些影响的,但抛开猜测出e的可能,则对加密强度没有影响。 虽然你的主贴里的两个操作是完全等价的操作。但一般e出于提高RSA效率的考虑,会是一些比较常见的选择,大多数人会选择那些书中的推荐值(3、17、65537等等),而不是自己去随机选取与(p-1)(q-1)互素的其它值。除非你选了很特别的e,否则在反过来(指将e保密,却公开d)的情形下,别人会猜出e的。你为什么要反过来?你确认你的e是很特别的,别人从未见过的,不易猜出的? 可以抵抗已知明文攻击。 |
|
|
|
[求助]帮我构造一个windbg条件断点语句!
[QUOTE=birdEEI;440129]现在知道一个程序通过更改SEH来实现跳转,但是不知道在哪里更改的我的SEH链。dd fs:[0]可以得到第SEH链表头,假设该地址为a,a+4为第一个处理函数的地址。现在需要当a+4处的内容被更改为b的时候下断点,不会构造语句,帮忙一下。[/QUOTE] ba w 4 a+4 "j (poi(a+4)==b) '';'gc'" |
|
如何计算大于65个字符串的MD5值????
MD5的C代码那不满天飞。你还上这里来找,真是!@#$%^&* /* * 示例代码中假设int型是32-bit的 */ /************************************************************************ * * * Head File * * * ************************************************************************/ #include <stdio.h> #include <stdlib.h> /************************************************************************ * * * Macro * * * ************************************************************************/ /* * F, G, H and I are basic MD5 functions */ #define F( x, y, z ) ( ( ( x ) & ( y ) ) | ( ( ~x ) & ( z ) ) ) #define G( x, y, z ) ( ( ( x ) & ( z ) ) | ( ( y ) & ( ~z ) ) ) #define H( x, y, z ) ( ( x ) ^ ( y ) ^ ( z ) ) #define I( x, y, z ) ( ( y ) ^ ( ( x ) | ( ~z ) ) ) #define ROTATE_LEFT( x, n ) ( ( ( x ) << ( n ) ) | ( ( x ) >> ( 32 - ( n ) ) ) ) /* * FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 * Rotation is separate from addition to prevent recomputation */ #define FF( a, b, c, d, x, s, ac ) \ { \ ( a ) += F( ( b ), ( c ), ( d ) ) + ( x ) + ( unsigned int )( ac ); \ ( a ) = ROTATE_LEFT( ( a ), ( s ) ); \ ( a ) += ( b ); \ } #define GG( a, b, c, d, x, s, ac ) \ { \ ( a ) += G( ( b ), ( c ), ( d ) ) + ( x ) + ( unsigned int )( ac ); \ ( a ) = ROTATE_LEFT( ( a ), ( s ) ); \ ( a ) += ( b ); \ } #define HH( a, b, c, d, x, s, ac ) \ { \ ( a ) += H( ( b ), ( c ), ( d ) ) + ( x ) + ( unsigned int )( ac ); \ ( a ) = ROTATE_LEFT( ( a ), ( s ) ); \ ( a ) += ( b ); \ } #define II( a, b, c, d, x, s, ac ) \ { \ ( a ) += I( ( b ), ( c ), ( d ) ) + ( x ) + ( unsigned int )( ac ); \ ( a ) = ROTATE_LEFT( ( a ), ( s ) ); \ ( a ) += ( b ); \ } /* * Data structure for MD5 (Message-Digest) computation */ typedef struct { /* * number of _bits_ handled mod 2^64 */ unsigned int i[2]; /* * scratch buffer */ unsigned int buf[4]; /* * input buffer */ unsigned char in[64]; /* * actual digest after MD5Final call */ unsigned char digest[16]; } MD5_CTX; /************************************************************************ * * * Function Prototype * * * ************************************************************************/ static void md5 ( unsigned char *in, unsigned int insize, unsigned char *out ); static void MD5Final ( MD5_CTX *mdContext ); static void MD5Init ( MD5_CTX *mdContext ); static void MD5Update ( MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen ); static void Transform ( unsigned int *buf, unsigned int *in ); /************************************************************************ * * * Static Global Var * * * ************************************************************************/ /************************************************************************/ static void md5 ( unsigned char *in, unsigned int insize, unsigned char *out ) { #define MD5_BUFSIZE 4096 unsigned char buf[ MD5_BUFSIZE ]; MD5_CTX mdbuf; unsigned char *p; unsigned int i, j; MD5Init( &mdbuf ); i = insize; p = in; for ( ; ; ) { if ( i > MD5_BUFSIZE ) { for ( j = 0; j < MD5_BUFSIZE; j++ ) { buf[j] = p[j]; } MD5Update( &mdbuf, buf, MD5_BUFSIZE ); i -= MD5_BUFSIZE; p += MD5_BUFSIZE; } else { for ( j = 0; j < i; j++ ) { buf[j] = p[j]; } MD5Update( &mdbuf, buf, i ); break; } } /* end of for */ MD5Final( &mdbuf ); for ( i = 0; i < 16; i++ ) { out[i] = mdbuf.digest[i]; } return; } /* end of md5 */ /* * MD5Final terminates the message-digest computation and ends with the * desired message digest in mdContext->digest[0..15] */ static void MD5Final ( MD5_CTX *mdContext ) { unsigned int in[16]; int mdi; unsigned int i, ii; unsigned int padLen; unsigned char PADDING[64] = { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; /* * save number of bits */ in[14] = mdContext->i[0]; in[15] = mdContext->i[1]; /* * compute number of bytes mod 64 */ mdi = ( int )( ( mdContext->i[0] >> 3 ) & 0x3F ); /* * pad out to 56 mod 64 */ padLen = ( mdi < 56 ) ? ( 56 - mdi ) : ( 120 - mdi ); MD5Update( mdContext, PADDING, padLen ); /* * append length in bits and transform */ for ( i = 0, ii = 0; i < 14; i++, ii += 4 ) { in[i] = ( ( ( unsigned int )mdContext->in[ii+3] ) << 24 ) | ( ( ( unsigned int )mdContext->in[ii+2] ) << 16 ) | ( ( ( unsigned int )mdContext->in[ii+1] ) << 8 ) | ( ( unsigned int )mdContext->in[ii] ); } Transform ( mdContext->buf, in ); /* * store buffer in digest */ for ( i = 0, ii = 0; i < 4; i++, ii += 4 ) { mdContext->digest[ii] = ( unsigned char )( mdContext->buf[i] & 0xFF); mdContext->digest[ii+1] = ( unsigned char )( ( mdContext->buf[i] >> 8 ) & 0xFF ); mdContext->digest[ii+2] = ( unsigned char )( ( mdContext->buf[i] >> 16 ) & 0xFF ); mdContext->digest[ii+3] = ( unsigned char )( ( mdContext->buf[i] >> 24 ) & 0xFF ); } /* end of for */ return; } /* end of MD5Final */ /* * MD5Init initializes the message-digest context mdContext. * All fields are set to zero */ static void MD5Init ( MD5_CTX *mdContext ) { mdContext->i[0] = mdContext->i[1] = ( unsigned int )0; /* * Load magic initialization constants */ mdContext->buf[0] = ( unsigned int )0x67452301; mdContext->buf[1] = ( unsigned int )0xefcdab89; mdContext->buf[2] = ( unsigned int )0x98badcfe; mdContext->buf[3] = ( unsigned int )0x10325476; return; } /* end of MD5Init */ /* * MD5Update updates the message-digest context to account for the * presence of each of the characters inBuf[0..inLen-1] in the message * whose digest is being computed. */ static void MD5Update ( MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen ) { unsigned int in[16]; int mdi; unsigned int i, ii; /* * compute number of bytes mod 64 */ mdi = ( int )( ( mdContext->i[0] >> 3 ) & 0x3F ); if ( ( mdContext->i[0] + ( ( unsigned int )inLen << 3 ) ) < mdContext->i[0] ) { mdContext->i[1]++; } mdContext->i[0] += ( ( unsigned int )inLen << 3 ); mdContext->i[1] += ( ( unsigned int )inLen >> 29 ); while ( inLen-- ) { /* * add new character to buffer, increment mdi */ mdContext->in[ mdi++ ] = *inBuf++; /* * transform if necessary */ if ( mdi == 0x40 ) { for ( i = 0, ii = 0; i < 16; i++, ii += 4 ) { in[i] = ( ( ( unsigned int )mdContext->in[ii+3] ) << 24 ) | ( ( ( unsigned int )mdContext->in[ii+2] ) << 16 ) | ( ( ( unsigned int )mdContext->in[ii+1] ) << 8 ) | ( ( unsigned int )mdContext->in[ii] ); } /* end of for */ Transform( mdContext->buf, in ); mdi = 0; } } /* end of while */ return; } /* end of MD5Update */ /* * Basic MD5 step. Transforms buf based on in. */ static void Transform ( unsigned int *buf, unsigned int *in ) { unsigned int a = buf[0], b = buf[1], c = buf[2], d = buf[3]; /* * Round 1 */ #define S11 7 #define S12 12 #define S13 17 #define S14 22 FF ( a, b, c, d, in[ 0], S11, 0xd76aa478 ); /* 1 */ FF ( d, a, b, c, in[ 1], S12, 0xe8c7b756 ); /* 2 */ FF ( c, d, a, b, in[ 2], S13, 0x242070db ); /* 3 */ FF ( b, c, d, a, in[ 3], S14, 0xc1bdceee ); /* 4 */ FF ( a, b, c, d, in[ 4], S11, 0xf57c0faf ); /* 5 */ FF ( d, a, b, c, in[ 5], S12, 0x4787c62a ); /* 6 */ FF ( c, d, a, b, in[ 6], S13, 0xa8304613 ); /* 7 */ FF ( b, c, d, a, in[ 7], S14, 0xfd469501 ); /* 8 */ FF ( a, b, c, d, in[ 8], S11, 0x698098d8 ); /* 9 */ FF ( d, a, b, c, in[ 9], S12, 0x8b44f7af ); /* 10 */ FF ( c, d, a, b, in[10], S13, 0xffff5bb1 ); /* 11 */ FF ( b, c, d, a, in[11], S14, 0x895cd7be ); /* 12 */ FF ( a, b, c, d, in[12], S11, 0x6b901122 ); /* 13 */ FF ( d, a, b, c, in[13], S12, 0xfd987193 ); /* 14 */ FF ( c, d, a, b, in[14], S13, 0xa679438e ); /* 15 */ FF ( b, c, d, a, in[15], S14, 0x49b40821 ); /* 16 */ /* * Round 2 */ #define S21 5 #define S22 9 #define S23 14 #define S24 20 GG ( a, b, c, d, in[ 1], S21, 0xf61e2562 ); /* 17 */ GG ( d, a, b, c, in[ 6], S22, 0xc040b340 ); /* 18 */ GG ( c, d, a, b, in[11], S23, 0x265e5a51 ); /* 19 */ GG ( b, c, d, a, in[ 0], S24, 0xe9b6c7aa ); /* 20 */ GG ( a, b, c, d, in[ 5], S21, 0xd62f105d ); /* 21 */ GG ( d, a, b, c, in[10], S22, 0x02441453 ); /* 22 */ GG ( c, d, a, b, in[15], S23, 0xd8a1e681 ); /* 23 */ GG ( b, c, d, a, in[ 4], S24, 0xe7d3fbc8 ); /* 24 */ GG ( a, b, c, d, in[ 9], S21, 0x21e1cde6 ); /* 25 */ GG ( d, a, b, c, in[14], S22, 0xc33707d6 ); /* 26 */ GG ( c, d, a, b, in[ 3], S23, 0xf4d50d87 ); /* 27 */ GG ( b, c, d, a, in[ 8], S24, 0x455a14ed ); /* 28 */ GG ( a, b, c, d, in[13], S21, 0xa9e3e905 ); /* 29 */ GG ( d, a, b, c, in[ 2], S22, 0xfcefa3f8 ); /* 30 */ GG ( c, d, a, b, in[ 7], S23, 0x676f02d9 ); /* 31 */ GG ( b, c, d, a, in[12], S24, 0x8d2a4c8a ); /* 32 */ /* * Round 3 */ #define S31 4 #define S32 11 #define S33 16 #define S34 23 HH ( a, b, c, d, in[ 5], S31, 0xfffa3942 ); /* 33 */ HH ( d, a, b, c, in[ 8], S32, 0x8771f681 ); /* 34 */ HH ( c, d, a, b, in[11], S33, 0x6d9d6122 ); /* 35 */ HH ( b, c, d, a, in[14], S34, 0xfde5380c ); /* 36 */ HH ( a, b, c, d, in[ 1], S31, 0xa4beea44 ); /* 37 */ HH ( d, a, b, c, in[ 4], S32, 0x4bdecfa9 ); /* 38 */ HH ( c, d, a, b, in[ 7], S33, 0xf6bb4b60 ); /* 39 */ HH ( b, c, d, a, in[10], S34, 0xbebfbc70 ); /* 40 */ HH ( a, b, c, d, in[13], S31, 0x289b7ec6 ); /* 41 */ HH ( d, a, b, c, in[ 0], S32, 0xeaa127fa ); /* 42 */ HH ( c, d, a, b, in[ 3], S33, 0xd4ef3085 ); /* 43 */ HH ( b, c, d, a, in[ 6], S34, 0x04881d05 ); /* 44 */ HH ( a, b, c, d, in[ 9], S31, 0xd9d4d039 ); /* 45 */ HH ( d, a, b, c, in[12], S32, 0xe6db99e5 ); /* 46 */ HH ( c, d, a, b, in[15], S33, 0x1fa27cf8 ); /* 47 */ HH ( b, c, d, a, in[ 2], S34, 0xc4ac5665 ); /* 48 */ /* * Round 4 */ #define S41 6 #define S42 10 #define S43 15 #define S44 21 II ( a, b, c, d, in[ 0], S41, 0xf4292244 ); /* 49 */ II ( d, a, b, c, in[ 7], S42, 0x432aff97 ); /* 50 */ II ( c, d, a, b, in[14], S43, 0xab9423a7 ); /* 51 */ II ( b, c, d, a, in[ 5], S44, 0xfc93a039 ); /* 52 */ II ( a, b, c, d, in[12], S41, 0x655b59c3 ); /* 53 */ II ( d, a, b, c, in[ 3], S42, 0x8f0ccc92 ); /* 54 */ II ( c, d, a, b, in[10], S43, 0xffeff47d ); /* 55 */ II ( b, c, d, a, in[ 1], S44, 0x85845dd1 ); /* 56 */ II ( a, b, c, d, in[ 8], S41, 0x6fa87e4f ); /* 57 */ II ( d, a, b, c, in[15], S42, 0xfe2ce6e0 ); /* 58 */ II ( c, d, a, b, in[ 6], S43, 0xa3014314 ); /* 59 */ II ( b, c, d, a, in[13], S44, 0x4e0811a1 ); /* 60 */ II ( a, b, c, d, in[ 4], S41, 0xf7537e82 ); /* 61 */ II ( d, a, b, c, in[11], S42, 0xbd3af235 ); /* 62 */ II ( c, d, a, b, in[ 2], S43, 0x2ad7d2bb ); /* 63 */ II ( b, c, d, a, in[ 9], S44, 0xeb86d391 ); /* 64 */ buf[0] += a; buf[1] += b; buf[2] += c; buf[3] += d; return; } /* end of Transform */ /* * Validation sets: * * Plain : 61 62 63 * MD5 : 90 01 50 98 3c d2 4f b0 d6 96 3f 7d 28 e1 7f 72 */ int main ( int argc, char * argv[] ) { int i; unsigned char plain[] = { 0x61, 0x62, 0x63, }; /* * 无论数据源有多少字节,MD5固定产生128-bit的哈希值,16字节 */ unsigned char hash[16]; md5( plain, sizeof( plain ), hash ); printf( "md5: " ); for ( i = 0; i < sizeof( hash ); i++ ) { printf( "%02x%c", hash[i], i == ( sizeof( hash ) - 1 ) ? '\n' : ' ' ); } return( EXIT_SUCCESS ); } /* end of main */ |
|
[求助]Windbg 硬断点问题
最后那句是啥意思?就是说原来是0x02,现在被覆盖成0x32323232了? 如果真是这样还没断下来,你就要考虑你这个程序在某个位置对付了硬件断点,修理了 DRx寄存器。 |
|
[求助]用ida的HEX RAYS生成一段伪代码的疑问
这种生成的代码也就是让你看看,你还真当成省事的可用工具使啊? 那个宏,你看上下文,自己重定义成将*( unsigned char * )(&....)什么的就是了。 |
|
[求助]Windbg 硬断点问题
在我概念里是有这么一个文件存在的: "\Program Files\Debugging Tools for Windows\debugger.chm" 并且在你安装之后的程序组里有到这个chm的快捷方式,如能移驾拜访一下"MASM Numbers and Operators"小节,想来不会问这么多吧。 ba w 4 13df04 "j dwo(13df04 )==40 '';'gc'" 你这样写,断不下来?如果确实该地址已被修改且未断下来,那你这个程序有可能在anti-debug。 顺便问一句,你对字节序有概念吗?我突然想到你可能犯一个字节序的低级错误,当然,最好这只是我妄想。 |
|
[求助]Windbg 硬断点问题
kd> ba w 4 f842ad24 "j dwo(f842ad24)==41414141 '';'gc'" |
|
[求助]拦截到一个套接字,怎样可以知道这个套接字绑定哪个地址?
如果这个socket绑定过本机地址,那一般是调用bind()完成的,你何不直接拦截bind()改形参完事。 |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值