比尔盖房 - 博客园

Reversing OS Loader

摘要： Kernel32!LoadLibraryW(LPCWSTR lpFileName){ LoadLibraryExW(lpFileName, 0, 0);} Kernel32!LoadLibraryA(LPCSTR lpFileName){ if(lpFileName==NULL) { LoadLibraryExA(lpFileName, 0, 0); } else { int ret1=str... 阅读全文

posted @ 2006-07-10 22:26 比尔盖房阅读(284) 评论(0) 推荐(0) 编辑

Reversing SetLastError

摘要： kernel32!SetLastError(dwErrorCode){ if(g_dwLastErrorToBreakOn!=null) { if(g_dwLastErrorToBreakOn==dwErrorCode) { DbgBreakPoint(); } } if(teb.LastErrorValue... 阅读全文

posted @ 2006-07-09 22:15 比尔盖房阅读(241) 评论(0) 推荐(0) 编辑

Windows Service

摘要： 1. After installing the service, the SCP only writes the service exe information in the SCM database, so any modification to the exe will be valid, since the exe path does not change. The exe file wil... 阅读全文

posted @ 2006-06-11 21:57 比尔盖房阅读(336) 评论(0) 推荐(0) 编辑

Named Pipe

摘要： 1. CreateNamedPipe CreateFile Access/Open Mode--The open handle's read/write pe... 阅读全文

posted @ 2006-06-08 14:44 比尔盖房阅读(1175) 评论(0) 推荐(0) 编辑

HookLib with lable dynamic code generating

摘要： #include#include#include #pragma comment(lib, "libdasm.lib") int inst_len = 0;FARPROC hAPI=NULL;char *szInstruction=NULL;PDWORD pHookFuncAddr; void MB(LPTSTR pszInfo){ MessageBox(NULL, pszInfo, TEXT("... 阅读全文

posted @ 2006-05-18 17:45 比尔盖房阅读(367) 评论(0) 推荐(0) 编辑

PE and DLL Part1

摘要： 1. Why .h file is neededIf we are developing several cpp files in a project, the compiler will compile one cpp file at a time. If A.cpp refers B.cpp symbols(variable/function), there must be a way to ... 阅读全文

posted @ 2006-04-19 17:06 比尔盖房阅读(380) 评论(2) 推荐(0) 编辑

API hooking

摘要： 1. TipsAt runtime, the IAT(RVA obtained by IMAGE_THUNK_DATA->FirstThunk) is modified by OS loader and points to the real API addresses, so we should use IMAGE_THUNK_DATA->OriginalFirstThunk to refer t... 阅读全文

posted @ 2006-04-16 21:28 比尔盖房阅读(266) 评论(0) 推荐(0) 编辑

Linker and Loader

摘要： P1. When will link take place?It can take action in 3 different places: 1. compile-time2. load-time3. run-time.P2. To create executable file, the compiler must complete 2 tasks:1. Symbol Resolution: a... 阅读全文

posted @ 2006-04-16 21:22 比尔盖房阅读(1005) 评论(1) 推荐(0) 编辑

SEH: try_finally

摘要： 1. The performance hit regarding __finally without abnormal exiting.int main(){ int i; __try { i=1; printf("__try...\n"); } __finally { printf("__finally...\n"); } return i;}#1, before enterring __... 阅读全文

posted @ 2006-04-05 21:47 比尔盖房阅读(895) 评论(0) 推荐(0) 编辑

Function Prolog and Epilog

摘要： Part1Below is the test code I am using:#include#include void main(){ __try { int i=1; } __except(EXCEPTION_EXECUTE_HANDLER) { printf("EXCEPTION_EXECUTE_HANDLER\n"); } getchar();}Debug-mode Prolog:vo... 阅读全文

posted @ 2006-04-02 16:17 比尔盖房阅读(421) 评论(0) 推荐(0) 编辑

Jeffrey&Lynny

导航

公告