-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.html
65 lines (56 loc) · 14.3 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"><meta name="description" content="不定期更新操作系统,编程,逆向,破解,算法等技术"><meta name="keywords" content=""><meta name="author" content="BarretGuy"><meta name="copyright" content="BarretGuy"><title>Learning is an endless process. | BasicBit</title><link rel="shortcut icon" href="/img/fav.ico"><link rel="stylesheet" href="/css/index.css?version=1.9.0"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/font-awesome@latest/css/font-awesome.min.css?version=1.9.0"><meta name="format-detection" content="telephone=no"><meta http-equiv="x-dns-prefetch-control" content="on"><link rel="dns-prefetch" href="https://cdn.jsdelivr.net"><script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script><script>(adsbygoogle = window.adsbygoogle || []).push({
google_ad_client: 'ca-pub-1206611804757181',
enable_page_level_ads: 'true'
});
</script><script>var GLOBAL_CONFIG = {
root: '/',
algolia: undefined,
localSearch: {"path":"search.xml","languages":{"hits_empty":"We didn't find any results for the search: ${query}"}},
copy: {
success: 'Copy successfully',
error: 'Copy error',
noSupport: 'The browser does not support'
},
hexoVersion: '6.0.0'
} </script></head><body><i class="fa fa-arrow-right" id="toggle-sidebar" aria-hidden="true"></i><div id="sidebar" data-display="false"><div class="author-info"><div class="author-info__avatar text-center"><img src="https://file.qqtouxiang.com/qinglv/2020-07-10/968d1e73115194c7e70e2f729bb016b2.jpeg"></div><div class="author-info__name text-center">BarretGuy</div><div class="author-info__description text-center">不定期更新操作系统,编程,逆向,破解,算法等技术</div><hr><div class="author-info-articles"><a class="author-info-articles__archives article-meta" href="/archives"><span class="pull-left">Articles</span><span class="pull-right">45</span></a><a class="author-info-articles__tags article-meta" href="/tags"><span class="pull-left">Tags</span><span class="pull-right">9</span></a><a class="author-info-articles__categories article-meta" href="/categories"><span class="pull-left">Categories</span><span class="pull-right">4</span></a></div></div></div><nav id="nav" style="background-image: url(https://cdn.pixabay.com/photo/2014/10/03/16/55/sky-471951_960_720.jpg)"><div id="page-header"><span class="pull-left"> <a id="site-name" href="/">BasicBit</a></span><i class="fa fa-bars toggle-menu pull-right" aria-hidden="true"></i><span class="pull-right menus"> <a class="site-page" href="/">Home</a><a class="site-page" href="/archives">Archives</a><a class="site-page" href="/Develop">Develop</a><a class="site-page" href="/Note">Note</a><a class="site-page" href="/Reverse">Reverse</a><a class="site-page" href="/OS">OS</a></span><span class="pull-right"><a class="site-page social-icon search"><i class="fa fa-search"></i><span> Search</span></a></span></div><div id="site-info"><div id="site-title">BasicBit</div><div id="site-sub-title">Learning is an endless process.</div></div></nav><div id="content-outer"><div class="layout" id="content-inner"><div class="recent-post-item article-container"><a class="article-title" href="/2019/04/01/2019-04-01-Note0-%E5%A0%86%E6%A0%88%E7%BB%93%E6%9E%84%20&%20%E6%BA%A2%E5%87%BA%E7%AC%94%E8%AE%B0/">堆栈结构、溢出分析 读书笔记0-05</a><time class="post-meta__date"><i class="fa fa-calendar" aria-hidden="true"></i> 2019-04-01</time><div class="content">
操作系统版本: Windows Xp
编译器:Vc6.0
编译模式:Release
前言在Windows中的申请堆内存的方式有很多,例如:LocalAloc、malloc等
在这些函数实际上内部都是调用RtlAllocateHeap函数进行申请的,在分析对堆的数据结构时,只分析这一个函数 ...</div><a class="more" href="/2019/04/01/2019-04-01-Note0-%E5%A0%86%E6%A0%88%E7%BB%93%E6%9E%84%20&%20%E6%BA%A2%E5%87%BA%E7%AC%94%E8%AE%B0/#more" style="margin-top: 14px">Read more</a><hr></div><div class="recent-post-item article-container"><a class="article-title" href="/2019/03/01/2019-03-01-%E7%BD%91%E6%98%93%E6%B8%B8%E6%88%8F%E7%9A%84%E5%9B%9B%E7%A7%8D%E8%A7%A3%E5%AF%86&%E8%A7%A3%E5%8C%85%EF%BC%8C%E9%99%84%E5%B7%A5%E5%85%B7/">网易游戏的四种解密&解包,附工具</a><time class="post-meta__date"><i class="fa fa-calendar" aria-hidden="true"></i> 2019-03-01</time><div class="content">游戏中大概有3种文件,分别是pyc,nxs,npk,还有一些配置文件就不说了
这里的pyc是修改过opcode的,pyc文件加密后就是nxs文件,nxs文件会被打包到npk文件中
我们从里向外说吧,先放出GitHub链接
https://github.com/yuanbi/NeteaseUnpack ...</div><a class="more" href="/2019/03/01/2019-03-01-%E7%BD%91%E6%98%93%E6%B8%B8%E6%88%8F%E7%9A%84%E5%9B%9B%E7%A7%8D%E8%A7%A3%E5%AF%86&%E8%A7%A3%E5%8C%85%EF%BC%8C%E9%99%84%E5%B7%A5%E5%85%B7/#more" style="margin-top: 14px">Read more</a><hr></div><div class="recent-post-item article-container"><a class="article-title" href="/2019/01/01/2018-11-03-vmp3.3.1%20%E8%99%9A%E6%8B%9F%E6%9C%BA%E5%88%86%E6%9E%90/">vmp3.3.1 虚拟机分析</a><time class="post-meta__date"><i class="fa fa-calendar" aria-hidden="true"></i> 2019-01-01</time><div class="content">虚拟机概述
一个正常的二进制文件,假设为x,那么执行他的是Windows操作系统,也就是解释器,假设为A,
那么vmp加壳的时候,会根据加壳文件的代码,转化为自己的代码,但行为不变,假设push eax,的字节码为0x03,那么vmp就会修改这个值,假设为0x04,但实际执行的时候还是回执行push ...</div><a class="more" href="/2019/01/01/2018-11-03-vmp3.3.1%20%E8%99%9A%E6%8B%9F%E6%9C%BA%E5%88%86%E6%9E%90/#more" style="margin-top: 14px">Read more</a><hr></div><div class="recent-post-item article-container"><a class="article-title" href="/2018/12/31/2018-12-30-vmp%20%E8%BF%87%E4%BB%A3%E7%A0%81%E6%A0%A1%E9%AA%8C/">vmp 过代码校验</a><time class="post-meta__date"><i class="fa fa-calendar" aria-hidden="true"></i> 2018-12-31</time><div class="content">代码校验简化后的代码
123456789101112131415START:mov edx,dword ptr ss:[ebp]add ebp,0x4LOOP:xor eax,eaxmov ecx,eaxshl eax,0x7shr ecx,0x19or eax,ecxxor al,byte ptr ...</div><a class="more" href="/2018/12/31/2018-12-30-vmp%20%E8%BF%87%E4%BB%A3%E7%A0%81%E6%A0%A1%E9%AA%8C/#more" style="margin-top: 14px">Read more</a><hr></div><div class="recent-post-item article-container"><a class="article-title" href="/2018/12/20/2018-11-29-x64dbg%20python%20API/">x64dbg python API</a><time class="post-meta__date"><i class="fa fa-calendar" aria-hidden="true"></i> 2018-12-20</time><div class="content">1
https://github.com/x64dbg/x64dbgpy
asdfasfd
NAME
x64dbgpy.pluginsdk._scriptapiFILE c:\softfo~1\release\x32\plugins\x64dbgpy\x64dbgpy\pluginsdk_s ...</div><a class="more" href="/2018/12/20/2018-11-29-x64dbg%20python%20API/#more" style="margin-top: 14px">Read more</a><hr></div><div class="recent-post-item article-container"><a class="article-title" href="/2018/12/20/2018-12-20-Python%E5%8F%8D%E7%BC%96%E8%AF%91%EF%BC%9F%E5%85%88%E8%81%8A%E8%81%8Apyc%E7%BB%93%E6%9E%84%E5%90%A7/">python pyc文件结构</a><time class="post-meta__date"><i class="fa fa-calendar" aria-hidden="true"></i> 2018-12-20</time><div class="content">python反编译工具一抓一大把
为什么还要自己搞?
python混肴代码可以让部分工具反编译失败,这还不是最难受的,有的人直接修改了python字节码,自己编译了python,会有人这么无聊吗?没错我碰上了
碰上这种情况怎么办?搞一份python代码,在修改过的python里跑一遍,在原版的pyt ...</div><a class="more" href="/2018/12/20/2018-12-20-Python%E5%8F%8D%E7%BC%96%E8%AF%91%EF%BC%9F%E5%85%88%E8%81%8A%E8%81%8Apyc%E7%BB%93%E6%9E%84%E5%90%A7/#more" style="margin-top: 14px">Read more</a><hr></div><div class="recent-post-item article-container"><a class="article-title" href="/2018/11/30/2018-11-30-%E5%8F%8D%E8%B0%83%E8%AF%95%E6%80%BB%E7%BB%93/">反调试总结</a><time class="post-meta__date"><i class="fa fa-calendar" aria-hidden="true"></i> 2018-11-30</time><div class="content">API 检测123456PBYTE pCC = (PBYTE)MessageBoxW;if (*pCC == 0xCC){ return true;}MessageBoxW(0, L"未发现调试器!\n", 0, 0);
在调试器中下断点时,会将目标地址的首 ...</div><a class="more" href="/2018/11/30/2018-11-30-%E5%8F%8D%E8%B0%83%E8%AF%95%E6%80%BB%E7%BB%93/#more" style="margin-top: 14px">Read more</a><hr></div><div class="recent-post-item article-container"><a class="article-title" href="/2018/11/20/2018-11-19-%E7%BD%91%E6%98%93%E6%B8%B8%E6%88%8F%E8%BE%85%E5%8A%A9%E7%9A%84%E5%BF%83%E8%B7%AF%E5%8E%86%E7%A8%8B/">网易xx游戏辅助的心路历程</a><time class="post-meta__date"><i class="fa fa-calendar" aria-hidden="true"></i> 2018-11-20</time><div class="content">喜欢上了网易的一款游戏,但是太肝了,开新区要连续肝6、7个小时,这太难受了,萌生了写辅助的想法,开始分析找到了几个Hook点,辅助这个东西难度不大,用dll注入的方式很快就写完了,随便贴个图
刚刚写完,到了晚上游戏更新,dll注入后游戏就退出,网易的效率还真是高[微笑]
换成代码注入吧,换汤不换药 ...</div><a class="more" href="/2018/11/20/2018-11-19-%E7%BD%91%E6%98%93%E6%B8%B8%E6%88%8F%E8%BE%85%E5%8A%A9%E7%9A%84%E5%BF%83%E8%B7%AF%E5%8E%86%E7%A8%8B/#more" style="margin-top: 14px">Read more</a><hr></div><div class="recent-post-item article-container"><a class="article-title" href="/2018/11/16/2018-11-16-Themida%20&%20WinLicense%202.0%20-%202.4.6%20%E8%84%B1%E5%A3%B3/">Themida & WinLicense 2.0 - 2.4.6 脱壳</a><time class="post-meta__date"><i class="fa fa-calendar" aria-hidden="true"></i> 2018-11-16</time><div class="content">碰上了这个壳,具体文件就不说了
百度查了一圈找不到相关文章?难道要手脱?
濒临绝望之前,看到了国外某大佬的文章,链接:https://zenhax.com/viewtopic.php?f=4&t=1051Hello
来看过程吧
PEID查壳
脱壳需要的文件如下:
OD
插件:
ODBGSc ...</div><a class="more" href="/2018/11/16/2018-11-16-Themida%20&%20WinLicense%202.0%20-%202.4.6%20%E8%84%B1%E5%A3%B3/#more" style="margin-top: 14px">Read more</a><hr></div><div class="recent-post-item article-container"><a class="article-title" href="/2018/11/16/2018-11-16-%E5%BE%AE%E4%BF%A1%E6%8E%A5%E5%8F%A3%E5%88%86%E6%9E%90/">微信 消息结构分析</a><time class="post-meta__date"><i class="fa fa-calendar" aria-hidden="true"></i> 2018-11-16</time><div class="content">微信接口分析
之前搞过一次微信结构分析,想做一次记录,微信最近更新了,那就重新分析下吧。
微信版本号:
主要分析发送和接收消息。
用到的工具CE、x64dbg。
文中主要解决的点:
找到接收消息的关键点,实现可拦截,修改。
找到发送消息的关键点,实现可拦截,可外部调用。
先来分析接收消息吧,分析前 ...</div><a class="more" href="/2018/11/16/2018-11-16-%E5%BE%AE%E4%BF%A1%E6%8E%A5%E5%8F%A3%E5%88%86%E6%9E%90/#more" style="margin-top: 14px">Read more</a><hr></div><nav id="pagination"><div class="pagination"><span class="page-number current">1</span><a class="page-number" href="/page/2/">2</a><span class="space">…</span><a class="page-number" href="/page/5/">5</a><a class="extend next" rel="next" href="/page/2/"><i class="fa fa-chevron-right"></i></a></div></nav></div></div><footer class="footer-bg" style="background-image: url(https://cdn.pixabay.com/photo/2014/10/03/16/55/sky-471951_960_720.jpg)"><div class="layout" id="footer"><div class="copyright">©2013 - 2022 By BarretGuy</div><div class="framework-info"><span>Driven - </span><a target="_blank" rel="noopener" href="http://hexo.io"><span>Hexo</span></a><span class="footer-separator">|</span><span>Theme - </span><a target="_blank" rel="noopener" href="https://github.com/Molunerfinn/hexo-theme-melody"><span>Melody</span></a></div><div class="busuanzi"><script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script><span id="busuanzi_container_site_uv"><i class="fa fa-user"></i><span id="busuanzi_value_site_uv"></span><span></span></span><span class="footer-separator">|</span><span id="busuanzi_container_site_pv"><i class="fa fa-eye"></i><span id="busuanzi_value_site_pv"></span><span></span></span></div></div></footer><i class="fa fa-arrow-up" id="go-up" aria-hidden="true"></i><script src="https://cdn.jsdelivr.net/npm/animejs@latest/anime.min.js"></script><script src="https://cdn.jsdelivr.net/npm/jquery@latest/dist/jquery.min.js"></script><script src="https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@latest/dist/jquery.fancybox.min.js"></script><script src="https://cdn.jsdelivr.net/npm/velocity-animate@latest/velocity.min.js"></script><script src="https://cdn.jsdelivr.net/npm/velocity-ui-pack@latest/velocity.ui.min.js"></script><script src="/js/utils.js?version=1.9.0"></script><script src="/js/fancybox.js?version=1.9.0"></script><script src="/js/sidebar.js?version=1.9.0"></script><script src="/js/copy.js?version=1.9.0"></script><script src="/js/fireworks.js?version=1.9.0"></script><script src="/js/transition.js?version=1.9.0"></script><script src="/js/scroll.js?version=1.9.0"></script><script src="/js/head.js?version=1.9.0"></script><script src="/js/search/local-search.js"></script><script>if(/Android|webOS|iPhone|iPod|iPad|BlackBerry/i.test(navigator.userAgent)) {
$('#nav').addClass('is-mobile')
$('footer').addClass('is-mobile')
$('#top-container').addClass('is-mobile')
}</script><div class="search-dialog" id="local-search"><div class="search-dialog__title" id="local-search-title">Local search</div><div id="local-input-panel"><div id="local-search-input"><div class="local-search-box"><input class="local-search-box--input" placeholder="Search for Posts"></div></div></div><hr><div id="local-search-results"><div id="local-hits"></div><div id="local-stats"><div class="local-search-stats__hr" id="hr"><span>Powered by</span> <a target="_blank" rel="noopener" href="https://github.com/wzpan/hexo-generator-search" style="color:#49B1F5;">hexo-generator-search</a></div></div></div><span class="search-close-button"><i class="fa fa-times"></i></span></div><div class="search-mask"></div></body></html>