- 综合排序
- 最热优先
- 最新优先
驱动开发:通过内存拷贝读写内存
Process);NTSTATUS NTAPI MmCopyVirtualMemory(PEPROCESS SourceProcess, PVOID SourceAddress, PEPROCESS TargetProcess NTSTATUS KeReadProcessMemory(PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size){__try{PEPROCESS TargetProcess PsGetCurrentProcess();SIZE_T Result;if (NT_SUCCESS(MmCopyVirtualMemory(Global_Peprocess, SourceAddress, TargetProcess Process);NTSTATUS NTAPI MmCopyVirtualMemory(PEPROCESS SourceProcess, PVOID SourceAddress, PEPROCESS TargetProcess = Global_Peprocess;SIZE_T Result;if (NT_SUCCESS(MmCopyVirtualMemory(SourceProcess, SourceAddress, TargetProcess
1.4K10编辑于 2022-12-20驱动开发:通过内存拷贝读写内存
Process); NTSTATUS NTAPI MmCopyVirtualMemory(PEPROCESS SourceProcess, PVOID SourceAddress, PEPROCESS TargetProcess KeReadProcessMemory(PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size) { __try { PEPROCESS TargetProcess PsGetCurrentProcess(); SIZE_T Result; if (NT_SUCCESS(MmCopyVirtualMemory(Global_Peprocess, SourceAddress, TargetProcess Process); NTSTATUS NTAPI MmCopyVirtualMemory(PEPROCESS SourceProcess, PVOID SourceAddress, PEPROCESS TargetProcess Global_Peprocess; SIZE_T Result; if (NT_SUCCESS(MmCopyVirtualMemory(SourceProcess, SourceAddress, TargetProcess
1.5K10编辑于 2022-12-28- 来自专栏Unity3D
实现圆形进度条(Unity3D)
//一个图片一个文字 public Transform m_Image; public Transform m_Text; //进度控制 public int targetProcess = 100; private float currentAmout = 0; void Update() { if (currentAmout < targetProcess ) { currentAmout += speed; if (currentAmout > targetProcess) currentAmout = targetProcess; m_Text.GetComponent<Text>().text = ((int)currentAmout).ToString
1.6K20编辑于 2022-08-07 驱动开发:内核读写内存多级偏移
PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size){PEPROCESS SourceProcess = Process;PEPROCESS TargetProcess PsGetCurrentProcess();SIZE_T Result;if (NT_SUCCESS(MmCopyVirtualMemory(SourceProcess, SourceAddress, TargetProcess PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size){PEPROCESS SourceProcess = Process;PEPROCESS TargetProcess PsGetCurrentProcess();SIZE_T Result;if (NT_SUCCESS(MmCopyVirtualMemory(SourceProcess, SourceAddress, TargetProcess PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size){PEPROCESS SourceProcess = Process;PEPROCESS TargetProcess
55720编辑于 2023-06-27驱动开发:内核读写内存多级偏移
PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size) { PEPROCESS SourceProcess = Process; PEPROCESS TargetProcess PsGetCurrentProcess(); SIZE_T Result; if (NT_SUCCESS(MmCopyVirtualMemory(SourceProcess, SourceAddress, TargetProcess PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size) { PEPROCESS SourceProcess = Process; PEPROCESS TargetProcess PsGetCurrentProcess(); SIZE_T Result; if (NT_SUCCESS(MmCopyVirtualMemory(SourceProcess, SourceAddress, TargetProcess PVOID SourceAddress, PVOID TargetAddress, SIZE_T Size) { PEPROCESS SourceProcess = Process; PEPROCESS TargetProcess
44620编辑于 2023-10-11- 来自专栏FreeBuf
使用GoPurple运行Shellcode并评估终端安全性能
gopurple.exe -u urlhostingpayload -t 5 (EtwpCreateEtwThread) 6 - gopurple.exe -u urlhostingpayload -t 6 -p targetprocess (CreateRemoteThread) 7 - gopurple.exe -u urlhostingpayload -t 7 -p targetprocess (RtlCreateUserThread gopurple.exe -u urlhostingpayload -t 8 (CreateThread) 9 - gopurple.exe -u urlhostingpayload -t 9 -p targetprocess
73410发布于 2021-10-11 - 来自专栏黑白天安全团队
Alternative Process Injection
shellcode 覆盖内存页中的字节不应使进程崩溃 DLL 由不同的进程共同加载 在原文中作者给出了一个用来测试的C# static void Main(string[] args) { string targetProcess STARTUPINFO(); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); bool success = CreateProcess(targetProcess processObj.Modules.Count) { si = new STARTUPINFO(); pi = new PROCESS_INFORMATION(); CreateProcess(targetProcess
1.3K40编辑于 2021-12-29 - 来自专栏Niuery的技术日记
UI自动化 --- 微软UI Automation
AutomationId:"); var automationId = Console.ReadLine(); // 根据进程ID查找进程 Process targetProcess = FindProcessById(int.Parse(targetProcessId)); if (targetProcess ! = null) { // 查找进程的主窗口句柄 IntPtr mainWindowHandle = targetProcess.MainWindowHandle
2.9K31编辑于 2023-10-22 - 来自专栏有趣的django
五、句柄表
PEPROCESS srcProcess = (PUCHAR)gObject + 0x18; memset(gObject, 0, PAGE_SIZE); //复制进程 PEPROCESS TargetProcess = FindProcessByName(L"DBGVIEW.EXE"); memcpy(gObject, (PUCHAR)TargetProcess - 0x18, 0x300); //干掉PID *(PHANDLE)((PUCHAR)srcProcess + GetProcessIdOffset()) = 0; ULONG cr3 = *(PULONG)((PUCHAR)TargetProcess PID if (NT_SUCCESS(status)) { ExEnumHandleTable(*(PULONG)((PUCHAR)ceProcess + 0xf4), enumRoutine, TargetProcess
1.2K10编辑于 2022-09-29 - 来自专栏Eureka的技术时光轴
暴力搜索内存进程对象反隐藏进程
HighestVadAddress – (CurrentTime.LowPart << PAGE_SHIFT)); if (MiCheckForConflictingVadExistence (TargetProcess = HighestVadAddress; goto AllocatedAddress; } } Status = MiFindEmptyAddressRangeDown (&TargetProcess No range was available, deallocate the Vad and return the status. // UNLOCK_ADDRESS_SPACE (TargetProcess
2.1K20发布于 2019-12-20 - 来自专栏逆向技术
64位内核第二讲,进程保护之对象钩子
__in PVOID TargetProcess; //目的对象指针. } OB_PRE_DUPLICATE_HANDLE_INFORMATION,
1.7K60发布于 2018-03-30 - 来自专栏centosDai
教程:使用 .NET Core 中的 EventCounters 衡量性能
{ "TargetProcess": "DiagnosticScenarios", "StartTime": "8/5/2020 3:02:45 PM", "Events": [ {
73720编辑于 2022-01-07 - 来自专栏Python和安全那些事
[译] APT分析报告:04.Kraken新型无文件APT攻击利用Windows错误报告服务逃避检测
loader.load(targetProcess, shellcode) (2) Loader类 Loader类负责通过调用Windows API将shell代码注入到目标进程中。
1.5K30编辑于 2021-12-03 - 来自专栏程序员成长指北
最好的JavaScript数据可视化库都在这里了
项目地址: https://github.com/TargetProcess/tauCharts 特别推荐 1.chartist-js 简单的响应式图表。
5K20发布于 2019-11-19 - 来自专栏醉梦轩
mongodb常用操作命令
CircleCI test images for Mongo 0 [OK] targetprocess
1.1K20发布于 2020-03-25 - 来自专栏Android点滴分享
broadcast 学习
Slog.v(TAG_BROADCAST, "Need to start app [" + mQueueName + "] " + targetProcess + " for broadcast " + r); if ((r.curApp=mService.startProcessLocked(targetProcess, //最麻烦的一种是还需要把接收者进程给拉起来
76210编辑于 2022-10-25 - 来自专栏云原生布道专栏
【Android开发高级系列】Android多进程专题
if (DEBUG_BROADCAST) Slog.v(TAG_BROADCAST,"Need to start app [" + mQueueName + "] " + targetProcess + " for broadcast " + r); if ((r.curApp=mService.startProcessLocked(targetProcess, info.activityInfo.applicationInfo
67920编辑于 2023-10-16
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号