工具软件 [2022]ida7.6能用的虚表跳转修复插件 能自动解决虚表跳转的问题,自动生成结构.来自UC新闻网,病毒请自测! vt: https://www.virustotal.com/gui/file/3d44754db7c33884ca4d3c407fa97d74487560379f932056f08bdfc78cf5f747 ![FqJzXD-ag8CHL2tAZh_qqGhbOB6n.jpg](https://key08.com/usr/uploads/2022/11/3062870747.jpg) ![FtfdH_EHWJGSVvEQprR5DPkAgHEy.jpg](https://key08.com/usr/uploads/2022/11/3882399915.jpg)![FtfdH_EHWJGSVvEQprR5DPkAgHEy.jpg](https://key08.com/usr/uploads/2022/11/3882399915.jpg) [HexRaysCodeXplorer75.zip](https://key08.com/usr/uploads/2022/11/549389900.zip) 阅读全文 2022-11-04 huoji 0 条评论
系统安全C/C++Shellcode [2022]防止第三方DLL注入到程序中 很多恶意软件、木马、病毒、游戏外挂会进行注入然后干坏事,比如进行API hook监听行为等. 本方法适用于win8以上使用系统机制阻止第三方的dll注入 阅读全文 2022-11-04 huoji 3 条评论
系统安全二进制安全C/C++ [2022]HyperMap -通过PTE自引用直接读取物理内存 在hypervisor中的host直接操作guest物理内存的情况中,我遇到了一个棘手的问题,即所有的API都是page_code的.使用他们不安全(即便是AMD有GIF的情况下). 所以需要设计一个高效、快速的内存访问系统.即通过设置一个魔术数字,实现base + offset的guest物理内存读取.我把它称之为hypermap 阅读全文 2022-10-28 huoji 0 条评论
系统安全C/C++ [2022]MS-RPC漏洞挖掘指南.pdf 介绍以红队视角,挖掘windows中的rpc的0day.高质量 [Exploring Ancient Ruins to Find Modern Bugs - Discovering a 0-Day in MS-RPC Service.pdf](https://key08.com/usr/uploads/2022/10/2347028837.pdf) 阅读全文 2022-10-25 huoji 0 条评论
APT研究二进制安全C/C++汇编 [2022]疑似对红队C2的投毒 2022 6月17日的时候,github上莫名其妙的出现了这个项目: ![](https://key08.com/usr/uploads/2022/10/3822165132.png) https://github.com/xiaoma99272/ShellcodeLoader-1/commit/81cdab6a0d9d31a37134cc5b6e265962e88654b2.patch 阅读全文 2022-10-22 huoji 1 条评论
C/C++ [2022]通过资源管理器选择文件 懂得都懂 ```cpp _Result_nullonfailure_ LPTSTR SelectTargetFileByExplorer(VOID) { OPENFILENAME ofn; // common dialog box structure TCHAR szFile[MAX_PATH] = { 0 }; // if using TCHAR macros LPTSTR Output = NULL; // Initialize OPENFILENAME /* if (0 == _RtlZeroMemory) { _RtlZeroMemory = (__RtlZeroMemory)GetProcAddress(hNtDll, "RtlZeroMemory"); if (0 == _RtlZeroMemory) { TprintfC(Red, _T("[-] Error RtlZeroMemory() %d"), GetLastError()); return NULL; } } _RtlZeroMemory(&ofn, sizeof(OPENFILENAME));*/ if (SecureZeroMemory(&ofn, sizeof(OPENFILENAME)) == NULL) { TprintfC(Red, _T("[-] Error SecureZeroMemory() %d"), GetLastError()); return NULL; } ofn.lStructSize = sizeof(OPENFILENAME); ofn.hwndOwner = GetActiveWindow(); ofn.lpstrFile = szFile; ofn.lpstrFile[0] = _T('\0'); ofn.nMaxFile = MAX_PATH; ofn.lpstrFilter = _T("All\0*.*\0Text\0*.pf\0*.db\0"); ofn.nFilterIndex = 1; ofn.lpstrFileTitle = NULL; ofn.nMaxFileTitle = 0; ofn.lpstrInitialDir = NULL; ofn.Flags = OFN_PATHMUSTEXIST | OFN_FILEMUSTEXIST; if (GetOpenFileNameW(&ofn) == TRUE) { TprintfC(Green, _T("\n[+] Selected file: \"%s\".\n"), ofn.lpstrFile); } else { TprintfC(Red, _T("[-] Error: GetOpenFileName has failed %d.\n"), GetLastError()); } Output = CopyBuffer(ofn.lpstrFile, 0); return Output; } ``` 阅读全文 2022-10-16 huoji 0 条评论