能力值:
( LV4,RANK:50 )
51 楼
膜老V。
能力值:
(RANK:10 )
52 楼
v大神,我有w10所有过pg文件,但是不会用,能不能帮我写成工具
能力值:
( LV2,RANK:10 )
53 楼
因为今生有缘
v大神,我有w10所有过pg文件,但是不会用,能不能帮我写成工具
可以说下你过PG的文件是动态的...还是静态补丁呢?
能力值:
( LV2,RANK:10 )
54 楼
mark
能力值:
( LV3,RANK:24 )
55 楼
感谢老V的思路
能力值:
( LV2,RANK:10 )
56 楼
我X一老木,看完了说了一句不提供完整工程。
能力值:
( LV2,RANK:10 )
57 楼
感谢!不过想请问的是 HookFunction 怎么定义的,能不能发来参考一下?
能力值:
( LV2,RANK:10 )
58 楼
我尝试了你的方法过PG 但每次卸载就直接重启了 不知道怎么回事
能力值:
( LV3,RANK:20 )
59 楼
V校的东西高大上
能力值:
( LV2,RANK:10 )
60 楼
围观
能力值:
( LV1,RANK:0 )
61 楼
这招在win10下面还好使吗,我在win10_1607_14393下面用一直蓝屏 kd> kp # Child-SP RetAddr Call Site 00 fffff800`d3dde348 fffff800`d21e996a nt!DbgBreakPointWithStatus 01 fffff800`d3dde350 fffff800`d21e9359 nt!KiBugCheckDebugBreak+0x12 02 fffff800`d3dde3b0 fffff800`d2160094 nt!KeBugCheck2+0x8a5 03 fffff800`d3ddeac0 fffff800`d216b129 nt!KeBugCheckEx+0x104 04 fffff800`d3ddeb00 fffff800`d216b490 nt!KiBugCheckDispatch+0x69 05 fffff800`d3ddec40 fffff800`d216a473 nt!KiFastFailDispatch+0xd0 06 fffff800`d3ddee20 fffff800`d207b0a3 nt!KiRaiseSecurityCheckFailure+0xf3 07 fffff800`d3ddefb0 fffff800`d207ae1f nt!KiExpandKernelStackAndCalloutSwitchStack+0x1f3 08 fffff800`d3ddf010 fffff800`2bcd19b6 nt!KeExpandKernelStackAndCalloutInternal+0x2f 09 fffff800`d3ddf060 fffff800`2b0a392e tcpip+0x619b6 0a fffff800`d3ddf0e0 fffff800`2b0a33c4 ndis+0x392e 0b fffff800`d3ddf1a0 fffff800`2b0a3e97 ndis+0x33c4 0c fffff800`d3ddf2b0 fffff800`2b0a2ce5 ndis+0x3e97 0d fffff800`d3ddf300 fffff800`2d576156 ndis+0x2ce5 0e fffff800`d3ddf4f0 fffff800`2d5773e3 e1i63x64+0x16156 0f fffff800`d3ddf550 fffff800`2d57e315 e1i63x64+0x173e3 10 fffff800`d3ddf5d0 fffff800`2d57e623 e1i63x64+0x1e315 11 fffff800`d3ddf640 fffff800`2d57ddb8 e1i63x64+0x1e623 12 fffff800`d3ddf6d0 fffff800`2b0a4e69 e1i63x64+0x1ddb8 13 fffff800`d3ddf710 fffff800`d204e001 ndis+0x4e69 14 fffff800`d3ddf890 fffff800`d204d3ff nt!KiExecuteAllDpcs+0x2b1 15 fffff800`d3ddf9e0 fffff800`d216301a nt!KiRetireDpcList+0x5df 16 fffff800`d3ddfc60 00000000`00000000 nt!KiIdleLoop+0x5a kd> !analyze -v ************* Symbol Loading Error Summary ************** Module name Error SharedUserData No error - symbol load deferred You should also verify that your symbol search path (.sympath) is correct. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_SECURITY_CHECK_FAILURE (139) A kernel component has corrupted a critical data structure. The corruption could potentially allow a malicious user to gain control of this machine. Arguments: Arg1: 0000000000000004, The thread's stack pointer was outside the legal stack extents for the thread. Arg2: fffff800d3ddee20, Address of the trap frame for the exception that caused the bugcheck Arg3: fffff800d3dded78, Address of the exception record for the exception that caused the bugcheck Arg4: 0000000000000000, Reserved Debugging Details: ------------------
能力值:
( LV1,RANK:0 )
62 楼
这招在win10下面还好使吗,我在win10_1607_14393下面用一直蓝屏
kd> kp
# Child-SP RetAddr Call Site
00 fffff800`d3dde348 fffff800`d21e996a nt!DbgBreakPointWithStatus
01 fffff800`d3dde350 fffff800`d21e9359 nt!KiBugCheckDebugBreak+0x12
02 fffff800`d3dde3b0 fffff800`d2160094 nt!KeBugCheck2+0x8a5
03 fffff800`d3ddeac0 fffff800`d216b129 nt!KeBugCheckEx+0x104
04 fffff800`d3ddeb00 fffff800`d216b490 nt!KiBugCheckDispatch+0x69
05 fffff800`d3ddec40 fffff800`d216a473 nt!KiFastFailDispatch+0xd0
06 fffff800`d3ddee20 fffff800`d207b0a3 nt!KiRaiseSecurityCheckFailure+0xf3
07 fffff800`d3ddefb0 fffff800`d207ae1f nt!KiExpandKernelStackAndCalloutSwitchStack+0x1f3
08 fffff800`d3ddf010 fffff800`2bcd19b6 nt!KeExpandKernelStackAndCalloutInternal+0x2f
09 fffff800`d3ddf060 fffff800`2b0a392e tcpip+0x619b6
0a fffff800`d3ddf0e0 fffff800`2b0a33c4 ndis+0x392e
0b fffff800`d3ddf1a0 fffff800`2b0a3e97 ndis+0x33c4
0c fffff800`d3ddf2b0 fffff800`2b0a2ce5 ndis+0x3e97
0d fffff800`d3ddf300 fffff800`2d576156 ndis+0x2ce5
0e fffff800`d3ddf4f0 fffff800`2d5773e3 e1i63x64+0x16156
0f fffff800`d3ddf550 fffff800`2d57e315 e1i63x64+0x173e3
10 fffff800`d3ddf5d0 fffff800`2d57e623 e1i63x64+0x1e315
11 fffff800`d3ddf640 fffff800`2d57ddb8 e1i63x64+0x1e623
12 fffff800`d3ddf6d0 fffff800`2b0a4e69 e1i63x64+0x1ddb8
13 fffff800`d3ddf710 fffff800`d204e001 ndis+0x4e69
14 fffff800`d3ddf890 fffff800`d204d3ff nt!KiExecuteAllDpcs+0x2b1
15 fffff800`d3ddf9e0 fffff800`d216301a nt!KiRetireDpcList+0x5df
16 fffff800`d3ddfc60 00000000`00000000 nt!KiIdleLoop+0x5a
kd> !analyze -v
************* Symbol Loading Error Summary **************
Module name Error
SharedUserData No error - symbol load deferred
You should also verify that your symbol search path (.sympath) is correct.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000004, The thread's stack pointer was outside the legal stack
extents for the thread.
Arg2: fffff800d3ddee20, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff800d3dded78, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
最后于 2020-10-14 23:42
被wx_普贤编辑
,原因:
能力值:
( LV1,RANK:0 )
63 楼
V大神,这招在win10下面还好使吗,我在win10_1607_14393下面用一直蓝屏,是缺失了什么吗?
最后于 2020-10-16 01:00
被wx_普贤编辑
,原因:
能力值:
( LV2,RANK:10 )
64 楼
感谢大牛,研究研究
最后于 2020-10-27 19:04
被宋天河编辑
,原因:
能力值:
( LV5,RANK:60 )
65 楼
感谢提供!收藏了,我把手头的事情忙完了后,就来学习下这个。
能力值:
( LV1,RANK:0 )
66 楼
WIN7可以过,WIN8不行,WIN10的1809也不行,但是在WIN10的1909上测却可以