线程局部存储TLS
windows线程局部存储TLS原理与解释
越过 __chkesp 检测的缓冲区溢出
越过 __chkesp 检测的缓冲区溢出
产生chkesp的函数调用方式
产生__chkesp的函数调用方式.pdf
VS2008 Debug与Release的本质区别
VS2008 Debug与Release的本质区别
Packing DLLs in your EXE
Packing DLLs in your EXE
延迟加载库 DelayLoadHook.zip
延迟加载库 DelayLoadHook.zip
延迟加载库 DelayLoadException.zip
延迟加载库 DelayLoadException.zip
延迟加载库 DelayLoadDemo.zip
延迟加载库 DelayLoadDemo.zip
C++标准程序库.pdf
侯捷著 C++标准程序库 讲述stl容器库
虚拟设备驱动程序开发起步与进阶
windows虚拟设备驱动程序开发起步与进阶
tdi防火墙 过滤驱动
开源个人防火墙源码 学习驱动和防火墙的不错资料
Exploit 编写系列教程第四篇_编写Metasploit exploit.pdf
Exploit 编写系列教程第四篇_编写Metasploit exploit.pdf
Exploit 编写系列教程第三篇_基于SEH的Exploit
Exploit 编写系列教程第三篇_基于SEH的Exploit
Exploit编写系列教程第二篇-跳至shellcod
Exploit编写系列教程第二篇-跳至shellcod.pdf
Exploit 编写系列教程第一篇
Exploit 编写系列教程第一篇.pdf
windows driver foundation
微软出版社出版,介绍wdf驱动开发模型。应该是好书
Windows设备驱动程序技术内幕.pdf
Windows设备驱动程序技术内幕.pdf
Win7 Wininit.exe任意加载/执行(漏洞) 附件
Win7 Wininit.exe任意加载/执行(漏洞) 一文 附件
ntoskrnl.idb
ntoskrnl.idb源自ntoskrnl.sys,分析了部分电源管理相关的内核函数
后续继续更新
xp ntoskrnl.zip
windows xp ntoskrnl.sys/ntoskrnl.pdb/ntoskrnl.idb
Windows 10 x64 hal.zip
Win 8.1/10 x64平台 S3 Resume任意执行漏洞 附带zip
原文URL:https://mp.csdn.net/console/editor/html/105641988
hawkes_intel_microcode.pdf
Introduction
All modern CPU vendors have a history of design and implementation defects, ranging from relatively benign stability
issues to potential security vulnerabilities. The latest CPU errata release for second generation Intel Core processors
describes a total of 120 "erratums", or hardware bugs. Although most of these errata bugs are listed as "No Fix", Intel
has supported the ability to apply stability and security updates to the CPU in the form of microcode updates for well
over a decade*.
Unfortunately, the microcode update format is undocumented. Researchers are currently prevented from gaining any
sort of detailed understanding of the microcode format, which means that it is impossible to study the updates to clearly
establish whether any security issues are being fixed by microcode patches. The following document is a summary of
notes I gathered while investigating the Intel microcode update mechanism.
* The earliest Intel microcode release appears to be from January 29, 2000. Since that date, a further 29 distinct
microcode DAT files have been released.
Kali Linux网盘链接
=kali合集。打包到网盘,只收3分,还算合理吧,嗯
What-makes-it-page
What-makes-it-page资源分享
加强版lib2sig批处理脚本 批量对lib文件进行签名
改装后的lib2sig脚本,可以批量对lib文件进行签名,方便多了~!
Wireshark系列之6 数据流追踪
Wireshark系列之6 数据流追踪 一文用到的资源 wireshark包
sqli-labs盲注脚本
sqli-labs盲注脚本 sqli-labs盲注脚本 sqli-labs盲注脚本
windbg 调试器扩展
windbg 调试器扩展。扩展后可以给页面下调试断点!
windbg 调试器扩展。扩展后可以给页面下调试断点!
load_file参考资料
load_file参考资料 从exploit.db上找到的资料
load_file参考资料 从exploit.db上找到的资料
Anti-DBG.zip
PLIST_ENTRY GetPsActiveProcessHeadAddr()
{
PLIST_ENTRY PsActiveProcessHeadAddr = NULL;
NTSTATUS status;
PEPROCESS eProc = NULL;
status = PsLookupProcessByProcessId((HANDLE)4, &eProc);
if (!NT_SUCCESS(status))
return NULL;
#ifdef WIN32_XP
PsActiveProcessHeadAddr = ((PLIST_ENTRY)(((char*)eProc) + 0x88))->Blink;
#elif WIN32_7
PsActiveProcessHeadAddr = ((PLIST_ENTRY)(((char*)eProc) + 0xb8))->Blink;
#endif
//PsActiveProcessHeadAddr = eProc->ActiveProcessLinks->Blink;
ObDereferenceObject(eProc);
return PsActiveProcessHeadAddr;
}
Anti-DbgV2.zip
DdgSsReserve句柄清零
PLIST_ENTRY GetPsActiveProcessHeadAddr()
{
PLIST_ENTRY PsActiveProcessHeadAddr = NULL;
NTSTATUS status;
PEPROCESS eProc = NULL;
status = PsLookupProcessByProcessId((HANDLE)4, &eProc);
if (!NT_SUCCESS(status))
return NULL;
#ifdef WIN32_XP
PsActiveProcessHeadAddr = ((PLIST_ENTRY)(((char*)eProc) + 0x88))->Blink;
#elif WIN32_7
PsActiveProcessHeadAddr = ((PLIST_ENTRY)(((char*)eProc) + 0xb8))->Blink;
#endif
//PsActiveProcessHeadAddr = eProc->ActiveProcessLinks->Blink;
ObDereferenceObject(eProc);
return PsActiveProcessHeadAddr;
}
checked build acpi.sys
适合win7 RTM x86 checked build的Acpi.sys 可以用来测试张银奎ACPI那一章
因为我找了一周 所以象征性收1个积分
调试驱动程序安装错误
转自高级调试论坛
介绍了setupapi.dev.log文件中日志的含义
finally分析
vc++6.0对windows SEH机制处理和实现