-
-
[讨论]Eac对抗HyperVisor的实现
-
2021-3-9 23:20
-
no1:
FFFFF80BDB94F490 C7 F8 03 00 00 00 xbegin locret_FFFFF80BDB94F499 FFFFF80BDB94F496 0F 01 D5 xend FFFFF80BDB94F499 FFFFF80BDB94F499 locret_FFFFF80BDB94F499: FFFFF80BDB94F499 C3 retn FFFFF80BDB94F49A FFFFF80BDB94F49A C7 F8 0A 00 00 00 xbegin loc_FFFFF80BDB94F4AA FFFFF80BDB94F4A0 8A 01 mov al, [rcx] FFFFF80BDB94F4A2 FF D1 call rcx FFFFF80BDB94F4A4 0F 01 D5 xend FFFFF80BDB94F4A7 B0 01 mov al, 1 FFFFF80BDB94F4A9 C3 retn FFFFF80BDB94F4AA FFFFF80BDB94F4AA FFFFF80BDB94F4AA loc_FFFFF80BDB94F4AA: FFFFF80BDB94F4AA 32 C0 xor al, al FFFFF80BDB94F4AC C3 retn FFFFF80BDB94F4AC
no2:
FFFFF80BDB94F4c0 sgdt fword ptr [rcx] FFFFF80BDB94F4C3 retn
no3:
FFFFF80BDB94F46F 0F 01 3A invlpg byte ptr [rdx] FFFFF80BDB94F472 F0 FE 01 lock inc byte ptr [rcx] FFFFF80BDB94F475 8A 02 mov al, [rdx] FFFFF80BDB94F477 FF D2 call rdx FFFFF80BDB94F479 F0 FE 09 lock dec byte ptr [rcx] FFFFF80BDB94F47C C3 retn FFFFF80BDB94F47C
no4:
FFFFF80BDB94F45C sub_FFFFF80BDB94F45C proc near FFFFF80BDB94F45C 53 push rbx FFFFF80BDB94F45D 57 push rdi FFFFF80BDB94F45E 48 8B F9 mov rdi, rcx FFFFF80BDB94F461 48 33 C0 xor rax, rax FFFFF80BDB94F464 F0 FE 07 lock inc byte ptr [rdi] FFFFF80BDB94F467 0F A2 cpuid FFFFF80BDB94F469 F0 FE 0F lock dec byte ptr [rdi] FFFFF80BDB94F46C 5F pop rdi FFFFF80BDB94F46D 5B pop rbx FFFFF80BDB94F46E C3 retn FFFFF80BDB94F46E sub_FFFFF80BDB94F45C endp
no5:
FFFFF80BDB94F450 0F 78 0A vmread qword ptr [rdx], rcx FFFFF80BDB94F453 0F 94 C0 setz al FFFFF80BDB94F456 0F 92 C1 setb cl FFFFF80BDB94F459 12 C1 adc al, cl FFFFF80BDB94F45B C3 retn
hypervisor下tsc差距非常大的情况下仍然不会触发?
[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界
最后于 2021-3-10 17:52
被xiaofu编辑
,原因:
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
大佬。。QQ好几个月没见你回了。。托付给你的项目搞定了吗?
|
|
|
|
