笔记
R0g
先天八卦
展开
-
记录一次在Win7x64上遍历EPROCESS触发蓝屏后的Debug
定义 PEPROCESS pEprocess; ULONG ulProcessID; ulProcessID = (ULONG)pEprocess + 0x180; 用ULONG类型来截取pEprocess后运算会出现高32位清零,低32位存在数值,内存地址错误。 mov rax,dword ptr ds:[rax] 这条指令读取内存地址后触发0xc0000005内存越界访问异常 遂改为 PEPROCESS pEprocess; ULONGLONG ulProcessID; ulProcessID =原创 2021-09-29 02:31:27 · 223 阅读 · 0 评论 -
2021-06-25
w= Word (2 byte short integer) dw = DWord (4 byte integer) p = untyped pointer lp = generic long pointer lpsz = long pointer to a null-terminated string https://www.vbforums.com/showthread.php?353039-What-do-w-dw-lpsz-etc-stand-for转载 2021-06-25 13:01:35 · 149 阅读 · 0 评论 -
2021-06-23
strlen(str)*sizeof(char)==strlen(str) wcslen(str)*sizeof(wchar_t)≠wcslen(strl)原创 2021-06-23 14:28:42 · 101 阅读 · 0 评论