文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
    • 综合排序
    • 最热优先
    • 最新优先
    时间不限
    时间不限
    最近一周
    最近一月
    最近三月
  • 来自专栏Eureka的技术时光轴

    Ring0 注入 Ring3 的一种新方法

    DbgEbp; ULONG DbgEip; ULONG DbgArgMark; ULONG DbgArgPointer; ULONG TempSegCs; ULONG TempEsp; ULONG Dr0; ULONG Dr1; ULONG Dr2; ULONG Dr3; ULONG Dr6; ULONG Dr7; ULONG SegGs; ULONG SegEs; ULONG SegDs; ULONG Edx; ULONG Ecx; ULONG Eax; ULONG PreviousPreviousMode ; ULONG ExceptionList; ULONG SegFs; ULONG Edi; ULONG Esi; ULONG Ebx; ULONG Ebp; ULONG ErrCode; ULONG Eip; ULONG SegCs; ULONG EFlags; ULONG HardwareEsp; ULONG HardwareSegSs

    1.4K10发布于 2019-11-21
  • 来自专栏Eureka的技术时光轴

    teb,peb 数据结构原型

    gdiRgn; // 6DCh ULONG gdiPen; // 6E0h ULONG gdiBrush GdiBatchCount; // F70h ULONG Spare2; // F74h ULONG Spare3 // 7Ch ULONG HeapDeCommitTotalFreeThreshold; // 80h ULONG HeapDeCommitFreeBlockThreshold // B0h ULONG ImageSubSystem; // B4h ULONG ImageSubSystemMajorVersion ; // B8h ULONG ImageSubSystemMinorVersion; // C0h ULONG GdiHandleBuffer

    1.1K30发布于 2019-07-24

  • 驱动开发:内核测试模式过DSE签名

    __Undefined1;ULONG64 __Undefined2;ULONG64 __Undefined3;ULONG64 NonPagedDebugInfo;ULONG64 DllBase;ULONG64 EntryPoint;ULONG SizeOfImage;UNICODE_STRING path;UNICODE_STRING name;ULONG Flags;USHORT LoadCount ;USHORT __Undefined5;ULONG64 __Undefined6;ULONG CheckSum;ULONG __padding1;ULONG TimeDateStamp; {LIST_ENTRY listEntry;ULONG unknown1;ULONG unknown2;ULONG unknown3;ULONG unknown4;ULONG unknown5;ULONG unknown6;ULONG unknown7;UNICODE_STRING path;UNICODE_STRING name;ULONG Flags;} KLDR_DATA_TABLE_ENTRY

    1.3K10编辑于 2022-11-14
  • 来自专栏逆向技术

    获取句柄的类型以及对应的ID序号

    Attributes; ACCESS_MASK GrantedAccess; ULONG HandleCount; ULONG PointerCount ULONG PageFaultCount; //页故障数目 ULONG PeakWorkingSetSize; //工作集峰值大小 ULONG WorkingSetSize; //工作集大小 ULONG QuotaPeakPagedPoolUsage; //分页池使用配额峰值 ProcessId; ULONG InheritedFromProcessId; ULONG HandleCount; ULONG Reserved2[2]; VM_COUNTERS Reserved[2]; PVOID Base; ULONG Size; ULONG Flags; USHORT Index; USHORT Unknown;

    2.6K40发布于 2019-08-14

  • 驱动开发:内核枚举进程与线程ObCall回调

    GenericMapping; // _GENERIC_MAPPING ULONG ValidAccessMask; // Uint4B ULONG RetainAccess; // Uint4B POOL_TYPE PoolType; // _POOL_TYPE ULONG DefaultPagedPoolCharge; // Uint4B ULONG GenericMapping; // _GENERIC_MAPPING ULONG ValidAccessMask; // Uint4B ULONG RetainAccess; // Uint4B POOL_TYPE PoolType; // _POOL_TYPE ULONG DefaultPagedPoolCharge; // Uint4B ULONG // Uint4B POOL_TYPE PoolType; // _POOL_TYPE ULONG DefaultPagedPoolCharge; // Uint4B ULONG

    89310编辑于 2022-12-28

  • 驱动开发:内核取ntoskrnl模块基地址

    Mutant;ULONG ImageBaseAddress;ULONG Ldr;ULONG ProcessParameters;ULONG SubSystemData;ULONG ProcessHeap ;ULONG FastPebLock;ULONG AtlThunkSListPtr;ULONG IFEOKey;ULONG CrossProcessFlags;ULONG UserSharedInfoPtr ;ULONG SystemReserved;ULONG AtlThunkSListPtr32;ULONG ApiSetMap;} PEB32, *PPEB32;typedef struct _PEB_LDR_DATA32 DllBase;ULONG EntryPoint;ULONG SizeOfImage;UNICODE_STRING32 FullDllName;UNICODE_STRING32 BaseDllName ;ULONG Flags;USHORT LoadCount;USHORT TlsIndex;LIST_ENTRY32 HashLinks;ULONG TimeDateStamp;} LDR_DATA_TABLE_ENTRY32

    99720编辑于 2022-11-18

  • 驱动开发:内核遍历进程VAD结构体

    ULONG32 PreferredNode : 6; // 12 BitPosition /*0x000*/ ULONG32 TotalNumberOfPtes;ULONG SegmentFlags;ULONG64 NumberOfCommittedPages;ULONG64 SizeOfSegment;union{struct _MMEXTEND_INFO* ExtendInfo;void* BasedAddress;}u;ULONG64 SegmentLock;ULONG64 u1;ULONG64 u2;PVOID* PrototypePte pVad;ULONG_PTR startVpn;ULONG_PTR endVpn;ULONG_PTR pFileObject;ULONG_PTR flags;}VAD_INFO, *PVAD_INFO endptr = (ULONG64)Root->Core.EndingVpnHigh;endptr = endptr << 32;ULONG64 startptr = (ULONG64)Root->Core.StartingVpnHigh

    94610编辑于 2022-11-18

  • 驱动开发:内核通过PEB得到进程参数

    SubSystemData;ULONG64 ProcessHeap;ULONG64 FastPebLock;ULONG64 AtlThunkSListPtr;ULONG64 IFEOKey;ULONG64 CrossProcessFlags;ULONG64 UserSharedInfoPtr;ULONG SystemReserved;ULONG AtlThunkSListPtr32;ULONG64 ApiSetMap Mutant;ULONG ImageBaseAddress;ULONG Ldr;ULONG ProcessParameters;ULONG SubSystemData;ULONG ProcessHeap ;ULONG FastPebLock;ULONG AtlThunkSListPtr;ULONG IFEOKey;ULONG CrossProcessFlags;ULONG UserSharedInfoPtr CheckSum;union{ULONG TimeDateStamp;ULONG LoadedImports;}u2;ULONG EntryPointActivationContext;ULONG PatchInformation

    91420编辑于 2022-11-18
  • 来自专栏内网安全学习笔记

    Windows安全学习随笔

    TotalNumberOfObjects; ULONG TotalNumberOfHandles; ULONG TotalPagedPoolUsage; ULONG TotalNonPagedPoolUsage ; ULONG TotalNamePoolUsage; ULONG TotalHandleTableUsage; ULONG HighWaterNumberOfObjects; ULONG HighWaterNumberOfHandles ; ULONG HighWaterPagedPoolUsage; ULONG HighWaterNonPagedPoolUsage; ULONG HighWaterNamePoolUsage; ; ULONG TotalNamePoolUsage; ULONG TotalHandleTableUsage; ULONG HighWaterNumberOfObjects; ULONG HighWaterNumberOfHandles ; ULONG HighWaterPagedPoolUsage; ULONG HighWaterNonPagedPoolUsage; ULONG HighWaterNamePoolUsage;

    1.3K20编辑于 2023-04-17

  • 4.6 Windows驱动开发:内核遍历进程VAD结构体

    ULONG32 WriteWatch : 1; // 21 BitPosition /*0x000*/ ULONG32 ULONG32 WriteWatch : 1; // 21 BitPosition /*0x000*/ ULONG32 TotalNumberOfPtes; ULONG SegmentFlags; ULONG64 NumberOfCommittedPages; ULONG64 SizeOfSegment SegmentLock; ULONG64 u1; ULONG64 u2; PVOID* PrototypePte; ULONGLONG ThePtes[0x1]; }; pVad; ULONG_PTR startVpn; ULONG_PTR endVpn; ULONG_PTR pFileObject; ULONG_PTR flags;

    1.7K90编辑于 2023-11-19
  • 来自专栏RTSP/RTMP直播相关

    IE浏览器如何低延迟播放RTSP或RTMP流

    对应封装接口 ULONG NT_Open(); ULONG NT_Close(); ULONG NT_StartPlay(); ULONG NT_StopPlay(); ULONG NT_SetMute (LONG is_mute); ULONG NT_SetURL(LPCTSTR url); ULONG NT_SetBuffer(LONG buffer); ULONG NT_SetRTSPTcpMode (ULONG size); ULONG NT_NT_SP_RecorderFileNameRuler(ULONG type, LPCTSTR file_name_prefix, LONG append_date ULONG NT_StopRecorder(); ULONG NT_FullScreen(); void OnSDKEventReceived(BSTR object_id, ULONG event_id , ULONG param1); void OnVideoSizeReceived(ULONG width, ULONG height); ULONG NT_SetLogPath(LPCTSTR log_path

    1.6K50发布于 2021-03-08

  • 驱动开发:内核监控进程与线程回调

    __Undefined1;ULONG64 __Undefined2;ULONG64 __Undefined3;ULONG64 NonPagedDebugInfo;ULONG64 DllBase;ULONG64 ;USHORT __Undefined5;ULONG64 __Undefined6;ULONG CheckSum;ULONG __padding1;ULONG TimeDateStamp; {LIST_ENTRY listEntry;ULONG unknown1;ULONG unknown2;ULONG unknown3;ULONG unknown4;ULONG unknown5;ULONG __Undefined1;ULONG64 __Undefined2;ULONG64 __Undefined3;ULONG64 NonPagedDebugInfo;ULONG64 DllBase;ULONG64 {LIST_ENTRY listEntry;ULONG unknown1;ULONG unknown2;ULONG unknown3;ULONG unknown4;ULONG unknown5;ULONG

    70710编辑于 2022-11-14
  • 来自专栏Eureka的技术时光轴

    Windows内核驱动EPROCESS遍历进程模块

    SizeOfImage; UNICODE_STRING FullDllName; UNICODE_STRING BaseDllName; ULONG Flags; USHORT LoadCount; MaximumLength; ULONG Length; ULONG Flags; ULONG DebugFlags; PVOID ConsoleHandle; ULONG ConsoleFlags; StartingX; ULONG StartingY; ULONG CountX; ULONG CountY; ULONG CountCharsX; ULONG CountCharsY; ULONG FillAttribute; ULONG WindowFlags; ULONG ShowWindowFlags; UNICODE_STRING WindowTitle; UNICODE_STRING DesktopInfo eprocess = (PEPROCESS)(*(ULONG*)((ULONG)eprocess + 0x88) - 0x88); if (eprocess == eprocess_first) { break

    4.7K20发布于 2019-11-15

  • 驱动开发:内核解锁与强删文件

    ;ULONG ReferenceCount;ULONG PagedPoolUsage;ULONG NonPagedPoolUsage;ULONG Reserved[3];ULONG NameInformationLength;ULONG ; ULONG Flags; USHORT LoadCount; USHORT TlsIndex; LIST_ENTRY64 HashLinks; ULONG64 SectionPointer ; ULONG64 CheckSum; ULONG64 TimeDateStamp; ULONG64 LoadedImports; ULONG64 EntryPointActivationContext [in] ULONG HandleAttributes, // 一个 ULONG,指定新句柄的所需属性。

    83740编辑于 2023-06-15

  • 驱动开发:通过SystemBuf与内核层通信

    Flage;ULONG Addr;ULONG WriteBufferAddr;ULONG Size;ULONG Pid;}_Hread, *PtrHread;typedef struct _DEVICE_EXTENSION Informaiton = 0;PVOID InputData = NULL;ULONG InputDataLength = 0;PVOID OutputData = NULL;ULONG OutputDataLength RetFlage = PtrBuff->Flage;ULONG RetAddr = PtrBuff->Addr;ULONG RetBufferAddr = PtrBuff->WriteBufferAddr ;ULONG Size = PtrBuff->Size;ULONG Pid = PtrBuff->Pid;DbgPrint("读取文件标志:%d", RetFlage);DbgPrint("读取写入地址 Flage;ULONG Addr;ULONG WriteBufferAddr;ULONG Size;ULONG Pid;}_Hread, *PtrHread;int main(int argc, char

    67730编辑于 2022-12-20
  • 来自专栏FreeBuf

    微软轻量级系统监控工具sysmon原理与实现完全分析

    所有的内核里上报的事件开头基本都是 ReportSize ReportType struct _Report_Common_Header { ULONG ReportType; ULONG ReportSize ProcessPid; ULONG ParentPid; ULONG SessionId; ULONG UserSid; LARGE_INTEGER CreateTime; LUID AuthenticationId ; ULONG TokenIsAppContainer; LUID TokenId; ULONG HashingalgorithmRule; DWORD DataChunkLength[6]; CHAR ThreadOwnerPidv; ULONG ThreadId; ULONG ThreadAddress; ULONG OpenProcessPid; WCHAR DllInfo[261]; WCHAR MyThreadId; ULONG OpenPrcesid; ULONG AccessMask; LARGE_INTEGER CreateTime; ULONG StatckTrackInfoSize

    1.5K20发布于 2020-10-27
  • 来自专栏后台全栈之路

    U-boot两个修改:ARP支持和UDP校验支持

    )(*(data + 0))) << 8; xsum += ((ulong)(*(data + 1))) << 0; xsum += ((ulong)(*(data + 2))) << 8; xsum += ((ulong)(*(data + 3))) << 0; xsum += ((ulong)(*(data + 4))) << 8; xsum += ((ulong )(*(data + 5))) << 0; xsum += ((ulong)(*(data + 6))) << 8; xsum += ((ulong)(*(data + 7))) << )(*(data + 0))) << 8; xsum += ((ulong)(*(data + 1))) << 0; /* sum UDP content */ data = & (ip->udp_src); while(len > 1) { xsum += ((ulong)(*(data + 0))) << 8; xsum +=

    1.1K30发布于 2018-07-16

  • 驱动开发:摘除InlineHook内核钩子

    address1 = KernelBase + (ULONG64)GetProcAddress(hKernel, "NtWriteFile") - (ULONG64)hKernel address2 = KernelBase - (ULONG64)hKernel + (ULONG64)GetProcAddress(hKernel, "NtWriteFile") 调用GetOriginalMachineCode OPTIONAL ); typedef struct { ULONG Unknow1; ULONG Unknow2; ULONG Unknow3; ULONG Unknow4; PVOID { return KernelBase + (ULONG64)GetProcAddress(hKernel, FuncName) - (ULONG64)hKernel; } // 获取当前函数机器码 VOID GetCurrentMachineCode(ULONG64 Address, PUCHAR ba, SIZE_T Length) { ULONG64 dat[2] = { 0 }; dat

    55320编辑于 2023-10-11

  • 驱动开发:通过SystemBuf与内核层通信

    Flage; ULONG Addr; ULONG WriteBufferAddr; ULONG Size; ULONG Pid; }_Hread, *PtrHread; typedef struct Informaiton = 0; PVOID InputData = NULL; ULONG InputDataLength = 0; PVOID OutputData = NULL; ULONG RetFlage = PtrBuff->Flage; ULONG RetAddr = PtrBuff->Addr; ULONG RetBufferAddr = PtrBuff->WriteBufferAddr ; ULONG Size = PtrBuff->Size; ULONG Pid = PtrBuff->Pid; DbgPrint("读取文件标志:%d", RetFlage); Flage; ULONG Addr; ULONG WriteBufferAddr; ULONG Size; ULONG Pid; }_Hread, *PtrHread; int main(int

    57320编辑于 2022-12-28

  • C/C++ Rootkit 修改PEB隐藏dll

    ImageUsesLargePages: 1; ULONG IsProtectedProcess: 1; ULONG IsLegacyProcess: 1; ULONG CrossProcessFlags; ULONG ProcessInJob: 1; ULONG ProcessInitializing: 1; ULONG ReservedBits0 SystemReserved[1]; ULONG SpareUlong; PPEB_FREE_BLOCK FreeList; ULONG TlsExpansionCounter ; ULONG HeapSegmentCommit; ULONG HeapDeCommitTotalFreeThreshold; ULONG HeapDeCommitFreeBlockThreshold ; ULONG OSPlatformId; ULONG ImageSubsystem; ULONG ImageSubsystemMajorVersion; ULONG

    59610编辑于 2022-12-28
第 2 页第 3 页第 4 页第 5 页第 6 页第 7 页第 8 页第 9 页第 10 页第 11 页
点击加载更多

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号

领券