二进制安全 [2018]存在漏洞的驱动总结贴 Collection of signed system drivers that let you read/write privileged memory or expose some other serious vulnerability. If the driver has input buffer validation for IOCTL codes please state so before submitting to the list. 存在提权漏洞的驱动集合. 阅读全文 2019-11-06 huoji 0 条评论
游戏安全 [2018]Faceit Anticheat faceit set callbacks: loadimage(block dll injection) createprocess(Log process create event) createthread(Log CreateRemoteThread) minifilter(Anti Dll inject) use wh_mouse_ll and wh_keyboard_ll two low level mouse hooks to detect mouse_event etc... they can unload had exploit drivers like cpuz141 ,speedfan etc by check DeviceName 阅读全文 2019-11-06 huoji 0 条评论
游戏安全 [2018]Hitcon 2018 Pubg Anticheat PDF Hitcon 2018 Pubg Anticheat PDF [hitcon_2018_pubg.zip][1] [1]: https://key08.com/usr/uploads/2019/11/2827939693.zip 阅读全文 2019-11-06 huoji 0 条评论
游戏安全 [2019]DLL_THREAD_ATTACH防止远程线程注入 原理: 当创建线程时,系统会向当前进程所有dll发送DLL_THREAD_ATTACH通知 此时新的线程已经被创建但尚未执行,更精切的说已经创建了线程内核对象、线程堆栈等资源 正处于初始化阶段。只有在每个dll正常处理了DLL_THREAD_ATTACH线程才开始执行 对于远程线程本质上和本地线程完全一样,区别在于由其他进程创建 如果在接受DLL_THREAD_ATTACH时通知结束线程,线程就无法执行,也防止了远程线程注入的效果 下面直接上代码 阅读全文 2019-11-06 huoji 2 条评论
游戏安全 [2019]EAC SDK EasyAntiCheat SDK [EAC的SDK.zip][1] [1]: https://key08.com/usr/uploads/2019/11/3850306669.zip 阅读全文 2019-11-06 huoji 0 条评论
游戏安全 [2019]绕过sXe等反作弊进行API调用 For those who have an experience with sXe, they know that they do hook in some functions, such as VirtualProtect, CreateThread, LdrInitialize, OpenGL Functions, Engine functions. This method is a very safe way to call these apis, this is an example for the VirtualProtect function, but using this example you can adapt to other functions that anticheat hooks to have a secure call. 阅读全文 2019-11-06 huoji 0 条评论
游戏安全 [2019]BattlEye Anti-Anti LoadLibrary So while testing some things against a BattlEye protected again I noticed recently there was an update that prevents LoadLibrary from being utilized even after unloading the Anti-cheat. First of all I thought, maybe Mr Bastian isn’t unloading the minifilter hook or it’s the PsSetLoadImageNotifyRoutine catching the LoadLibrary call but that didn’t really make sense. Checking the system for any hooks and routinues installed returned nothing, so how is he still blocking the LoadLibrary call even after the BEDaisy driver is unloaded and BEClient.dll gone from the game’s module list. 阅读全文 2019-11-06 huoji 1 条评论
