随笔分类 -  逆向工程

摘要:打开dll的源码,然后attach到那个加载了反射dll的进程上。 就可以调试dll的代码 阅读全文
posted @ 2020-03-10 18:34 ChuckLu 阅读(426) 评论(0) 推荐(0) 编辑
摘要:DNGuard HVM Unpacker(3.71 trial support and x64 fixed) Gr8 news. Finally got the x64 crash fixed. DNGuard HVM Unpackerwhats new: Dnguarg HVM 3.71 tria 阅读全文
posted @ 2019-10-14 12:45 ChuckLu 阅读(2825) 评论(0) 推荐(0) 编辑
摘要:先打开进程,炉石传说。 然后选择MemoryView 在MemoryViewer界面,Tools菜单,然后选择Dissect PE headers 然后查看mono.dll的信息 0x357A0是新版本的 这个页面还可以打开本地另外备份的mono.dll,然后查看 发现0x3535C 右键选中界面的 阅读全文
posted @ 2019-10-12 10:05 ChuckLu 阅读(4503) 评论(0) 推荐(1) 编辑
摘要:https://blog.csdn.net/icandoit_2014/article/details/78739962 可以看出,此种方法只适用于程序崩溃但没有立即自行退出的情况。倘若程序故障后自行退出,则此方法就难以应用。不过,我们可以在注册表中添加如下信息已确保系统在程序崩溃后自行保存一个du 阅读全文
posted @ 2019-10-12 09:12 ChuckLu 阅读(568) 评论(0) 推荐(0) 编辑
摘要:https://gslab.qq.com/portal.php?mod=view&aid=194 阅读全文
posted @ 2019-10-11 20:16 ChuckLu 阅读(846) 评论(0) 推荐(0) 编辑
摘要:If you attach to a process/game that uses mono, you should see a new "Mono" menu item on the Cheat Engine form. This will have an Activate mono featur 阅读全文
posted @ 2019-10-10 13:17 ChuckLu 阅读(1115) 评论(0) 推荐(0) 编辑
摘要:https://www.cnblogs.com/ae6623/archive/2011/04/16/4416874.html https://www.52pojie.cn/thread-828030-1-1.html https://wiki.cheatengine.org/index.php?ti 阅读全文
posted @ 2019-10-10 02:05 ChuckLu 阅读(1848) 评论(0) 推荐(0) 编辑
摘要:https://github.com/dsasmblr/game-hacking Cheat Engine Hacking memory Cheat engine have a feature called Dissect mono that can help hacking game's memo 阅读全文
posted @ 2019-10-10 00:44 ChuckLu 阅读(857) 评论(0) 推荐(0) 编辑
摘要:[.NET] ConfuserEx脱壳工具打包 ConfuserEx 1.0.0脱壳步骤 Written by 今夕何夕[W.B.L.E. TeAm]1.先用UnconfuserEx把主程序Dump出来;2.使用CodeCracker大牛的ConfuserExStringDecryptor将加密的字 阅读全文
posted @ 2019-08-22 18:23 ChuckLu 阅读(3886) 评论(0) 推荐(0) 编辑
摘要:下载链接 https://sourceforge.net/projects/x64dbg/files/snapshots/ https://github.com/x64dbg/x64dbg/releases 官方文档 http://help.x64dbg.com/en/latest/ 教程 http 阅读全文
posted @ 2019-08-19 13:13 ChuckLu 阅读(456) 评论(0) 推荐(0) 编辑
摘要:http://www.ollydbg.de/version2.html 阅读全文
posted @ 2019-08-19 13:05 ChuckLu 阅读(200) 评论(0) 推荐(0) 编辑
摘要:https://codingvision.net/security/c-read-write-another-process-memory Today’s tutorial is about…processes’ memory! In this article I’ll show you how t 阅读全文
posted @ 2019-08-19 13:03 ChuckLu 阅读(1062) 评论(0) 推荐(0) 编辑
摘要:ProcessSharp的构造函数,对应的测试是 https://github.com/lolp1/Process.NET/blob/master/test/Process.NET.Test/Core/ProcessSharpTest.cs /// <summary> /// Initializes 阅读全文
posted @ 2019-08-19 12:50 ChuckLu 阅读(399) 评论(0) 推荐(0) 编辑
摘要:Free. For everyone. Forever. With an open source decompilation engine https://www.telerik.com/products/decompiler.aspx 阅读全文
posted @ 2019-08-11 11:53 ChuckLu 阅读(329) 评论(0) 推荐(0) 编辑
摘要:https://www.red-gate.com/dynamic/products/dotnet-development/reflector/download https://github.com/sailro/Reflexil/releases The .NET Assembly Editor h 阅读全文
posted @ 2019-08-10 00:13 ChuckLu 阅读(426) 评论(0) 推荐(0) 编辑
摘要:What is MemoScope.Net ? It's a tool to analyze .Net process memory: it can dump an application's memory in a file and read it later. The dump file con 阅读全文
posted @ 2019-07-24 17:47 ChuckLu 阅读(310) 评论(0) 推荐(0) 编辑
摘要:Portable Executable File Format PE Format 微软官方的 What is a .PE file in the .NET framework? [closed] The PE file you are talking about is the "Portable 阅读全文
posted @ 2019-07-19 18:03 ChuckLu 阅读(733) 评论(0) 推荐(0) 编辑
摘要:请问大神.NET查壳工具都有哪些? 已知的有DotNet Id 除了这个还有别的吗?脱MAXTOCODE发现是双壳。脱掉第一层还有一层,DotNet Id检测没壳了,但是反编译还是加密状态. 用PEiD查壳,用OD脱壳 ScanID算不算? https://hintdesk.com/2007/11/ 阅读全文
posted @ 2019-07-19 17:38 ChuckLu 阅读(7972) 评论(0) 推荐(0) 编辑

点击右上角即可分享
微信分享提示