摘要:BOOL CALLBACK MyEnumWndProc(HWND hWnd,LPARAM lParam){ DWORD dwProcessId; GetWindowThreadProcessId(hWnd, &dwProcessId); LPWNDINFO pInfo = (LPWNDINFO)lParam; if(dwProcessId == pInfo->dwProcessId) { bool isWindowVisible = IsWindowVisible(hWnd); if(isWindowVisible == true)...
阅读全文
摘要:#include <ntddk.h>#include <stdio.h>#include <stdlib.h>#include "helloworld.h"NTSTATUS DriverEntry(PDRIVER_OBJECT pDriObj, PUNICODE_STRING theRegisterPath){ int i = 0; UNICODE_STRING uDevice; UNICODE_STRING uW32Dev; PDEVICE_OBJECT pDevObj = NULL; NTSTATUS status; DbgPrint
阅读全文
摘要:1,判断dll的基地址是不是固定 查看是不是有重定位快2.外挂分析 1,判断外挂的注入游戏的类型 2. 判断外挂的动力。。 WM_TIMER? THread?SetWindowLong, CallWindowProc 3,判断外挂代码在内存中的存在方式:可执行模块存在;无可执行模块,只有代码。4.判断外挂的变成类型 E: VB: DE: VC 主要分析字符串,节名5,寻找外挂的入口模块 :PE结构定位,根据外挂的行为,条件断点。3,外挂的种类a.键盘模拟b,读写内存c,网络封包Delphi子过程参数传递默认调用方式Register,传递参数的顺序前三个为al,dl,cl / ax,dx,cx.
阅读全文
摘要:#include <varargs.h>#define LOGON 1#if LOGON#define Log log#else#define Log //#endifvoid log(const char* format, ...){ char Buf[1024]; va_list vList; va_start(vList, format); vsprintf(Buf, format, vList); va_end(vList); OutputDebugString(Buf);}
阅读全文
摘要:/*******************************************************************文件名 : ReadWrite.cpp创建者 : 孙勇创建时间 : 2013/3/6 20:22:28功能描述 : 临界区 g_cs读者-读者不互斥读者-写者互斥 ** 写者-写者互斥临界区 g_csRead读者-读者互斥临界区 g_csWriter写者 写者互斥******************************************************************/#include <stdio.h> #inc...
阅读全文
摘要:#include <windows.h>#include <tlhelp32.h>#include <stdio.h>BOOL EnumThreadList ();int main(){ EnumThreadList(); return 0;}BOOL EnumThreadList () { HANDLE hThreadSnap = NULL; BOOL bRet = FALSE; THREADENTRY32 te32 = {0}; // Take a snapshot of all thr...
阅读全文
摘要:#include <Windows.h>#include <stdio.h>int main(){ void * pBuf = VirtualAlloc(NULL, 0x200, MEM_COMMIT, PAGE_READWRITE); if(pBuf == 0) { return 1; } MEMORY_BASIC_INFORMATION mbi; VirtualQuery(pBuf, &mbi, sizeof(MEMORY_BASIC_INFORMATION)); DWORD old; VirtualProtect(mbi.Ba...
阅读全文
摘要://dll project.hView Code #ifdef __cplusplusextern"C"{#endif#ifdef DLL_DECL#define DLL_DECLSPEC __declspec(dllexport)#else#define DLL_DECLSPEC __declspec(dllimport)#endif DLL_DECLSPEC int Add(int, int); #ifdef __cplusplus}#endif.cpp & .defView Code #include <Windows.h>#include <
阅读全文
摘要://dll project.hView Code #ifdef DLL_TEST1_EXPORT#define DLL_DECLSPEC __declspec(dllexport)#else#define DLL_DECLSPEC __declspec(dllimport)#endifextern "C" DLL_DECLSPEC int WINAPI Add(int, int);DLL中导出函数的声明有两种方式:一种为4.1节例子中给出的在函数声明中加上__declspec(dllexport),这里不再举例说明;另外一种方式是采用模块定义(.def) 文件声明,.def
阅读全文
摘要://static library projectlib.hView Code extern "C" int __cdecl Add(int, int);lib.cppView Code #include "lib.h"int __cdecl Add(int a, int b){ return a + b;}//App projectView Code #include <stdio.h>#include "..\\staticdll\\lib.h"#pragma comment(lib, "..\\debug\\
阅读全文
摘要:View Code #include <Windows.h>#include <stdio.h>void Foo();int main(){ while(1) { Foo(); }}void Foo(){ static DWORD dwStartT = 0; DWORD dwCurT = GetTickCount(); if(dwCurT - dwStartT < 5000) { return ; } dwStartT = dwCurT; printf("foo call \n");}
阅读全文
摘要:View Code #include <windows.h>#include <stdio.h>int main(){ CHAR szAtom[32] = "ApexDingdianweifeng"; ATOM a1 = FindAtom(szAtom); if(a1 == 0) { printf("now the local not add\n"); } else { printf("now the local added\n"); } ATOM aLable = AddAtom(szAtom); ...
阅读全文
摘要:View Code 1 #include <Windows.h> 2 3 #include <stdio.h> 4 5 template <typename ToType, typename FromType> 6 void GetMemberFuncAddr_VC6(ToType& addr,FromType f) 7 { 8 union 9 {10 FromType _f;11 ToType _t;12 }ut;13 ut._f = f;14 addr = ut._t;15 }16 17 class A18 ...
阅读全文
摘要:#include <stdio.h>typedef union { char cVar; unsigned int iVar;}unionInt;int main(){ unionInt tmp; tmp.iVar = 0x12345678; if(tmp.cVar == 0x78) { printf("least significant byte\n"); } else if(tmp.cVar == 0x12) { printf(("most significant byte\n")); } ret...
阅读全文
浙公网安备 33010602011771号