金金 where are you?
上一頁
第 11 頁
下一頁
Husky 2018-5-31 02:14:54
:^(

Ads
Husky 2018-6-1 02:21:22
:^(
Husky 2018-6-2 06:37:38
:^(
Husky 2018-6-3 04:22:26
:^(
Husky 2018-6-5 04:51:28
:^(
Husky 2018-6-6 03:30:17
:^(
kamui 2018-6-6 22:28:50 
cli
mov rax, cr0
and rax, not 10000h
mov cr0, rax
call sysenter
星野源我偶像 2018-6-6 22:29:13 此回覆已被刪除
Husky 2018-6-6 23:06:21 ..................................................................
kamui 2018-6-6 23:20:26 
; 32bit
sub esp, 0x130
push ebx
push ebp
mov ebp, dword ptr ss:[esp+0x140]
push ebp
call dword ptr ds:[0x40DD2078]
mov ebx, eax
xor edx, edx
add esp, 0x4
cmp ebx, edx
call ntdll.ZwOpenProcess
pop ebp
xor eax, eax
pop ebx
add esp, 0x130
retn
mov ecx, ebp
push esi
mov esi, ecx
push edi
cli
mov eax, cr0
add eax, not 10000h
mov cr0, eax
call sysenter
Husky 2018-6-7 00:27:20 召喚望近
:^(

Ads
連登力王 2018-6-7 00:31:18 事源?
kamui 2018-6-7 11:24:51
:^(
最近寫 VT+EPT 寫到想死
:^(
:^(
Husky 2018-6-7 12:13:37 咩黎
:^(
:^(
:^(
kamui 2018-6-7 12:19:14 Intel 虛擬化指令集
:^(
我用佢黎bypass Windows某幾個內置保護
不過係1803廢事武功,如果user開左kernel隔離的話
:^(
kamui 2018-6-7 12:19:32 *廢左
Husky 2018-6-7 16:18:05
:^(
 仲用緊win7
:^(
kamui 2018-6-7 16:37:47 win7 x64個KPP垃圾到百幾行code就做低佢
:^(
當然正路就VT+EPT監視MSR做API Hooks
:^(
又可以同KPP共存
:^(
Windows係去到1803先叫安全左d
:^(
但個kernel隔離預設係close
:^(
:^(
:^(
當然道高一尺就魔高...
:^(
Husky 2018-6-7 17:50:49 點解可以咁得閒玩windows kernel
:^(
kamui 2018-6-7 19:07:46 因為真係好得閒
:^(
Husky 2018-6-7 19:20:21
:^(
:^(
 今晚又要通頂趕工了
:^(

Ads
kamui 2018-6-8 17:53:47 
nop
nop
nop
nop
mov eax, eax
retn 0
Husky 2018-6-8 18:04:06
:^(
 最鍾意做deadline fighter
kamui 2018-6-8 18:06:10
:^(
Husky 2018-6-9 04:03:13
:^(
上一頁
第 11 頁
下一頁

使用條款及免責聲明 私隱政策
Copyright © 2024 LIHKG. All Rights Reserved.