- 综合排序
- 最热优先
- 最新优先
- 来自专栏技术杂记
不用inf安装ndis filter驱动
ServiceName, LPCSTR DisplayName, LPCSTR SysPath, BOOL bKernelService, BOOL bAutoStart, LPCSTR LoadOrder subKey, LPCSTR name, LPCSTR value){ return SetRegValue(key, subKey, name, (LPCBYTE)value, strlen( value) + 1, REG_SZ);} LSTATUS SetRegMultiString1(HKEY key, LPCSTR subKey, LPCSTR name, LPCSTR value){ DWORD), REG_DWORD);} LSTATUS AppendRegMultiString(HKEY key, LPCSTR subKey, LPCSTR name, LPCSTR append serviceName, LPCSTR serviceDesc, LPCSTR sysPath, LPCSTR netCfgInstanceId){ LPCSTR sysFile; PVOID
74430发布于 2021-08-10 - 来自专栏鸿鹄实验室
由SharpNoPSExec看lateral movement
SC_HANDLE hService, DWORD dwServiceType, DWORD dwStartType, DWORD dwErrorControl, LPCSTR lpBinaryPathName, LPCSTR lpLoadOrderGroup, LPDWORD lpdwTagId, LPCSTR lpDependencies , LPCSTR lpServiceStartName, LPCSTR lpPassword, LPCSTR lpDisplayName ); 使用方法如下,先导入函数: 然后就是开启服务,api为StartService ,原型如下: BOOL StartServiceA( SC_HANDLE hService, DWORD dwNumServiceArgs, LPCSTR 但是我们需要操作的远程计算机所以又用到了下面的函数: BOOL LogonUserA( LPCSTR lpszUsername, LPCSTR lpszDomain, LPCSTR lpszPassword
83020发布于 2021-04-29 C/C++ Inline Hook 钩子编写技巧
, LPCSTR, UINT) = MessageBoxA; int WINAPI MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, (hWnd, "已破解"); } int WINAPI MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType) { lpText, LPCSTR lpCaption, UINT uType) = (int(WINAPI *)(HWND, LPCSTR, LPCSTR, UINT))0x755A1F70; int WINAPI MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType) { return Old_MessageBoxA , LPCSTR, UINT); OldMessageBox fpMessageBoxA = NULL; int WINAPI MyMessageBoxA(HWND hWnd, LPCSTR lpText
3.6K20编辑于 2022-12-28- 来自专栏全栈程序员必看
函数指针赋值
#include "stdafx.h" #include "windows.h" typedef int (_stdcall * p_MessageBoxA)(HWND hWnd,LPCSTR lpText ,LPCSTR lpCaption,UINT uType) ; int _tmain(int argc, _TCHAR* argv[]) { p_MessageBoxA My_M; FARPROC #include "stdafx.h" #include "windows.h" int (_stdcall * p_MessageBoxA)(HWND hWnd,LPCSTR lpText,LPCSTR GetProcAddress(LoadLibraryA("user32.dll"),"MessageBoxA");//获取该函数的地址 p_MessageBoxA =(int (__stdcall *)(HWND,LPCSTR ,LPCSTR,UINT))Func_add; p_MessageBoxA(NULL,"PLC报警!"
57030编辑于 2022-09-14 使用微软Detours库进行DLL注入
函数原型BOOL DetourCreateProcessWithDllA( LPCSTR lpApplicationName, // 被注入程序路径 LPSTR lpCommandLine LPSTARTUPINFOA lpStartupInfo, // 启动信息 LPPROCESS_INFORMATION lpProcessInformation, // 进程信息 LPCSTR 函数原型BOOL DetourCreateProcessWithDllExA( LPCSTR lpApplicationName, // 被注入程序路径 LPSTR lpCommandLine LPSTARTUPINFOA lpStartupInfo, // 启动信息 LPPROCESS_INFORMATION lpProcessInformation, // 进程信息 LPCSTR 函数原型BOOL DetourCreateProcessWithDllsA( LPCSTR lpApplicationName, // 被注入程序路径 LPSTR lpCommandLine
79110编辑于 2024-08-20C/C++ MinHook 库的使用技巧
include <MinHook.h> #pragma comment(lib,"libMinHook.x86.lib") typedef int (WINAPI *OldMessageBox)(HWND, LPCSTR , LPCSTR, UINT); OldMessageBox fpMessageBoxA = NULL; int WINAPI MyMessageBoxA(HWND hWnd, LPCSTR lpText , LPCSTR lpCaption, UINT uType) { int ret = fpMessageBoxA(hWnd, "Hook Inject", lpCaption, uType); return MinHook.h> #pragma comment(lib,"libMinHook.x86.lib") typedef BOOL (WINAPI *OldSetWindowTextA)(HWND, LPCSTR ); OldSetWindowTextA fpSetWindowTextA = NULL; BOOL WINAPI MySetWindowTextA(HWND hWnd, LPCSTR lpString
1.5K10编辑于 2022-12-28- 来自专栏HACK学习
ShellCode生成框架
; 先得到GetProcAddress typedef FARPROC(WINAPI * FN_GetProcAddress)( _In_ HMODULE hModule, _In_ LPCSTR 'e', 'A',0 }; 这里完整为 typedef FARPROC(WINAPI * FN_GetProcAddress)( _In_ HMODULE hModule, _In_ LPCSTR , NULL, CREATE_ALWAYS, 0, NULL); 下面为MessageBoxA typedef HMODULE (WINAPI* FN_LoadLibraryA)( _In_ LPCSTR lpText, _In_opt_ LPCSTR lpCaption, _In_ UINT uType); //正常写法 //FN_MessageBoxA fn_MessageBoxA lpText, _In_opt_ LPCSTR lpCaption, _In_ UINT uType); //正常写法 //FN_MessageBoxA fn_MessageBoxA
97730发布于 2020-11-11 4.5 MinHook 挂钩技术
MinHook.h> #pragma comment(lib,"libMinHook-x86-v120-md.lib") typedef int (WINAPI *OldMessageBox)(HWND, LPCSTR , LPCSTR, UINT); OldMessageBox fpMessageBoxA = NULL; // 自定义弹窗 int WINAPI MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType) { int ret = fpMessageBoxA(hWnd, "Hook Inject hello lyshark", > #pragma comment(lib,"libMinHook-x86-v120-md.lib") typedef BOOL(WINAPI *OldSetWindowTextA)(HWND, LPCSTR ); OldSetWindowTextA fpSetWindowTextA = NULL; BOOL WINAPI MySetWindowTextA(HWND hWnd, LPCSTR lpString
75420编辑于 2023-10-11- 来自专栏全栈程序员必看
Visual Studio——使用多字节字符集与使用Unicode字符集
windows API对MessageBox的定义如下: WINUSERAPI int WINAPI MessageBoxA( __in_opt HWND hWnd, __in_opt LPCSTR lpText, __in_opt LPCSTR lpCaption, __in UINT uType); WINUSERAPI int WINAPI MessageBoxW( (L“测试12345”); 当选则“使用多字节字符集”时,调用函数OutputDebugString,实际使用的是OutputDebugStringA,OutputDebugStringA的入参类型是LPCSTR LPCSTR与LPCWSTR的区别 LPCSTR的定义如下 typedef __nullterminated CONST CHAR *LPCSTR, *PCSTR; typedef char CHAR; 多字节字符集 宽字节(UNICODE)字符集 通用 char wchar_t TCHAR char* wchar_t* TCHAR* LPSTR LPWSTR LPTSTR LPCSTR LPCWSTR
5K20编辑于 2022-11-03 - 来自专栏信安本原
IAT HOOK
int WINAPI NewMessageBox ( HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType ) { typedef int (WINAPI* BOX)(HWND hWnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType); ((BOX)OldAddr)(0, "IAT Hook pFunAddr++; } pImportDirectory++; } return 0; } int WINAPI NewMessageBox ( HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType ) { typedef int (WINAPI* BOX)(HWND hWnd,LPCSTR lpText,LPCSTR
89720发布于 2020-07-23 - 来自专栏韩曙亮的移动开发专栏
【Android 逆向】Android 逆向通用工具开发 ( 网络模块开发 | SOCKET 网络套接字初始化 | 读取远程端 “Android 模拟器“ 信息 | 向远程端写出数据 )
(m_server, (const struct sockaddr*)&server, sizeof(server)); if (ret < 0) { printf("错误信息:%s\n", (LPCSTR (m_server, buffer, sizeof buffer, 0); /* 如果接收失败 , 打印错误信息 */ if (ret < 0) { printf("错误信息:%s\n", (LPCSTR send(m_server, s.c_str(), s.size(), 0); /* 发送完成后 , 进行错误判断 */ if (ret < 0) { printf("错误信息:%s\n", (LPCSTR (m_server, buffer, sizeof buffer, 0); /* 如果接收失败 , 打印错误信息 */ if (ret < 0) { printf("错误信息:%s\n", (LPCSTR (m_server, s.c_str(), s.size(), 0); /* 如果发送出错 , 则打印报错信息 */ if (ret < 0) { printf("错误信息:%s\n", (LPCSTR
1K20编辑于 2023-03-29 4.5 MinHook 挂钩技术
MinHook.h>#pragma comment(lib,"libMinHook-x86-v120-md.lib")typedef int (WINAPI *OldMessageBox)(HWND, LPCSTR , LPCSTR, UINT);OldMessageBox fpMessageBoxA = NULL;// 自定义弹窗int WINAPI MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType){ int ret = fpMessageBoxA(hWnd, "Hook Inject hello lyshark", lpCaption MinHook.h>#pragma comment(lib,"libMinHook-x86-v120-md.lib")typedef BOOL(WINAPI *OldSetWindowTextA)(HWND, LPCSTR );OldSetWindowTextA fpSetWindowTextA = NULL;BOOL WINAPI MySetWindowTextA(HWND hWnd, LPCSTR lpString){
1K40编辑于 2023-09-18使用微软Detours库进行模块枚举
PVOID DetourFindFunction( _In_ LPCSTR pszModule, _In_ LPCSTR pszFunction);我们可以通过使用 DetourFindFunction detours.h"#pragma comment(lib,"detours.lib")typedef FARPROC(WINAPI *GetProcAddress_t)(HMODULE hModule, LPCSTR typedef BOOL (CALLBACK *PF_DETOUR_IMPORT_FILE_CALLBACK)( PVOID pContext, LPCSTR pszFile);在函数回调函数中 typedef BOOL (CALLBACK *PF_DETOUR_IMPORT_FUNC_CALLBACK)( PVOID pContext, DWORD nOrdinal, LPCSTR TRUE; // 继续枚举}// 函数回调函数,用于处理每个导入函数BOOL CALLBACK ImportFuncCallback(PVOID pContext, DWORD nOrdinal, LPCSTR
71810编辑于 2024-08-20- 来自专栏FreeBuf
MSBuild后门技术分析
GetFileVersionInfoA", a1, a2, a3, a4) EndProcedure ;BOOL GetFileVersionInfoExA( ; DWORD dwFlags, ; LPCSTR "GetFileVersionInfoSizeExW", a1, a2, a3, a4, a5) EndProcedure ;DWORD GetFileVersionInfoSizeA( ; LPCSTR GetFileVersionInfoByHandle", a1, a2, a3, a4) EndProcedure ;DWORD VerFindFileA( ; DWORD uFlags, ; LPCSTR szFileName, ; LPCSTR szWinDir, ; LPCSTR szAppDir, ; LPSTR szCurDir, ; PUINT puCurDirLen, szSrcFileName, ; LPCSTR szDestFileName, ; LPCSTR szSrcDir, ; LPCSTR szDestDir, ; LPCSTR szCurDir
97210发布于 2021-03-09 - 来自专栏全栈程序员必看
FindWindow函数
HWND FindWindow( LPCSTR lpClassName, LPCSTR lpWindowName ); 发布者:全栈程序员栈长,转载请注明出处:https://javaforall.cn
60760编辑于 2022-09-06 C/C++ x32 Inline Hook 代码封装
Windows.h> #include <stdio.h> DWORD jump = 0; __declspec(naked) bool _stdcall Transfer(HWND hwnd, LPCSTR push ebp mov ebp, esp mov ebx, jump jmp ebx } } bool __stdcall MySetWindowTextA(HWND hwnd, LPCSTR #include <Windows.h> #include "hook.h" MyHook MsgHook; int WINAPI MyMessageBoxA(HWND hWnd, LPCSTR lpText , LPCSTR lpCaption, UINT uType) { // 先来恢复Hook 之所以要恢复是因为我们需要调用原始的MsgBox弹窗 MsgHook.UnHook(); MessageBoxA lpText, LPCSTR lpCaption, UINT uType) { // 先来恢复Hook 之所以要恢复是因为我们需要调用原始的MsgBox弹窗 MsgHook.UnHook(L"user32
66310编辑于 2022-12-28- 来自专栏鸿鹄实验室
某RAT模块拆分
#include <windows.h> typedef void* HCUSTOMMODULE; typedef HCUSTOMMODULE(*MemLoadLibraryFn)(LPCSTR, void*); typedef FARPROC(*MemGetProcAddressFn)(HANDLE, LPCSTR, void*); typedef void(*MemFreeLibraryFn) LoadFromMemory(const void*, size_t); HANDLE LoadFromResources(int IDD_RESOUCE); HANDLE LoadFromFile(LPCSTR filename); HANDLE DownloadURLToBuffer(LPCSTR filename); FARPROC GetProcAddressFromMemory(HANDLE hModule, LPCSTR ProcName); int CallEntryPointFromMemory(HANDLE hModule); void FreeLibraryFromMemory
1.2K10编辑于 2021-12-08 - 来自专栏Eureka的技术时光轴
完美实现GetProcAddress
GetProcAddress函数,可以找到模块中的函数地址,函数原型是这样的: WINBASEAPI FARPROC WINAPI GetProcAddress( IN HMODULE hModule, IN LPCSTR 再试试序号查找 //我们写的函数返回的地址 DWORD dw1 = MyGetProcAddress(LoadLibrary("user32.dll"), (LPCSTR)0x110); //系统函数返回的地址 DWORD dw2 = (DWORD)GetProcAddress(LoadLibrary("user32.dll"), (LPCSTR)0x110); 我们发现还是一样,成就感更大啦。。 搞了一会头晕了,看不出头绪 我老大很有才,他去翻了翻win2000的源码 偶也 一目了然 Win2K 源码 FARPROC GetProcAddress( HMODULE hModule, LPCSTR )"HeapFree"); DWORD a2 = (DWORD)GetProcAddress(LoadLibrary("kernel32.dll"), (LPCSTR)"HeapFree"); 发现值一样了
1.8K40发布于 2019-07-24 - 来自专栏全栈程序员必看
c++获取窗口句柄的方法「建议收藏」
FindWindow(); 函数原型:HWND FindWindow(LPCSTR lpClassName,LPCSTR lpWindowName); FindWindow这个函数检索处理顶级窗口的类名和窗口名称匹配指定的字符串
2.1K30编辑于 2022-09-16 C/C++ x64 Inline Hook 代码封装
0x48, 0xB8, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0xFF, 0xE0 }; void Hook(LPCWSTR lpModule, LPCSTR VirtualProtect((LPVOID)FuncAddress, 12, OldProtect, &OldProtect); } void UnHook(LPCWSTR lpModule, LPCSTR m_bNewBytes[12]; // 保存Inlie Hook代码 public: MyHook(); ~MyHook(); BOOL Hook(LPCWSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction); BOOL UnHook(LPCWSTR lpModule, LPCSTR lpFuncName); }; #ifdef __cplusplus MyHook::m_bNewBytes, 12); ZeroMemory(MyHook::m_bOldBytes, 12); } BOOL MyHook::Hook(LPCWSTR lpModule, LPCSTR
1.2K30编辑于 2022-12-28
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号