ServiceMain
Image File Execution Options
Debuggers
windbg
cdb
ntsd
dbgsrv
Debuggers\x64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
svchost.exe
debugger
C:\Users\cmtest\Desktop\x64\ntsd.exe -server tcp:port=1234 -noio -y srv*C:\win_symbols*http://msdl.microsoft.com/download/symbols
-y
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
ServicesPipeTimeout
登录
允许服务与桌面交互
Connect to remote debugger
Connection strings
tcp:server=192.168.29.128,port=1234
OK
svchost2.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService
ImagePath
svchost2
ntdll!NtTerminateProcess
.reload
The system cannot find the file specified
ntsd -p <pid>
.reload /f
LdrInitializeThunk
termsrv.dll
LoadLibrary
GetServiceMainFunctions
System\\CurrentControlSet\\Services\\Parameters
ServiceDll
ServiceManifest
a1
a1 + 8
SvchostPushServiceGlobals
SvchostPushServiceGlobalsEx
a2
a3
a4
termsrv!DllMainCRTStartup
DllMainCRTStartup
EB FE
termsrv.pdb
int 3
CC
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。
yangya 直接改二进制文件不需要绕过签名吗?