今天在分析一款木马的时候,发现做了进程保护,没加驱动,也没做hook,能做进程保护,感觉非常奇怪,原来是这么一回事,mark一下吧!
#include "stdafx.h"
#include
#include
#pragma comment(lib,"Advapi32.lib")
BOOL Ring3ProtectProcess()
{
HANDLE hProcess = ::Get...
分类:
其他好文 时间:
2014-05-10 09:31:43
阅读次数:
461
Drupal使用_theme_build_registry()和_theme_process_registry()两个函数构建theme
registry。theme registry是theme hook的集合组数。这里以practice模块定义两个theme hook为例,说明一下theme
r...
分类:
其他好文 时间:
2014-05-08 20:39:16
阅读次数:
418
Legal or Not
Problem Description
ACM-DIY is a large QQ group where many excellent acmers get together. It is so harmonious that just like a big family. Every day,many "holy cows" like HH, ...
分类:
其他好文 时间:
2014-05-08 11:11:28
阅读次数:
339
The Ball And Cups
At the end of a busy day, The Chef and his assistants play a game together. The game is not just for fun but also used to decide who will have to clean the kitchen. The Chef...
分类:
其他好文 时间:
2014-05-07 07:41:32
阅读次数:
448
eshell是emacs shell的简称,是emacs自带的shell.开始设置的时候还在想是否要找到它的key map (eshell-mode-map?).
原来它是采用hook设置,如下所示
(add-hook 'eshell-mode-hook
(lambda ()
(local-set-key (kbd "C-j") 'switch-to...
分类:
其他好文 时间:
2014-05-07 05:25:39
阅读次数:
253
There are a lot of controversy about the definition of probability, so we just start with the uncontroversial parts. In general we can say that the probability is a value between 0 and 1 that
is int...
分类:
其他好文 时间:
2014-05-07 03:12:35
阅读次数:
224
Last seen only a couple of years back, this
approaching discharge of theJordan 6 Carminewill arrive just like they did
included in the 2008 Countdown ...
分类:
其他好文 时间:
2014-05-07 01:50:27
阅读次数:
264
让我们简单Let’s take a look at three (very basic) ways to get a scoped token from Keystone (theOpenStack Identity
Project). Keep in mind that these are just a few ways you can go about this. Before tryin...
分类:
其他好文 时间:
2014-05-06 19:30:32
阅读次数:
359
DescriptionIn the game of DotA, Pudge’s meat
hook is actually the most horrible thing for most of the heroes. The hook is
made up of several consecuti...
分类:
其他好文 时间:
2014-05-05 11:32:29
阅读次数:
288
几经挣扎,我最终还是选择了虚拟设备的方法来模拟Rockey2加密狗。HID.DLL劫持+API劫持的办法技术上虽然简单些,但太繁琐了,不仅要转发大量的函数,还要Hook好几个API,向我这么懒的人可干不了这体力活,几经取舍还是选择了虚拟设备的方法,原因有一下几点:1、劫持HID.DLL同样要分析描述...
分类:
其他好文 时间:
2014-05-04 19:48:14
阅读次数:
643
