分类: |
- 1
一段搜索EPROCESS来列进程的代码
作者:admin 日期:2011-04-08
//findprocess.c
// by uty@uaty
//
#include <ntddk.h>
#define PDE_INVALID 2
#define PTE_INVALID 1
#define VALID 0
#define PEB_OFFSET 0x1b0
#define OBJECT_HEADER_SIZE 0x18
#define OBJECT_TYPE_OFFSET 0x8
#define EPROCESS_NAME_OFFSET 0x174
asp实现端口扫描源码
作者:admin 日期:2010-05-30
今天碰到一个站很恶心,小马传上了大马楞是写不上,后来想了个办法只能把一个大马给拆解了。这是一个扫描端口的。以后碰到的时候直接就好用了。
<style type="text/css">
body,td,th {color: #0000FF;font-family: Verdana, Arial, Helvetica, sans-serif;}
ASP实现TCP端口扫描的方法
ASP实现TCP端口扫描的方法body {background-color: #ffffff;font-size:14px; }
a:link {color: #0000FF;text-decoration: none;}
a:visited {text-decoration: none;color: #0000FF;}
a:hover {text-decoration: none;color: #FF0000;}
a:active {text-decoration: none;color: #FF0000;}
.buttom {color: #FFFFFF; border: 1px solid #084B8E; background-color: #719BC5}
.TextBox {border: 1px solid #084B8E}
.styleRed {color: #FF0000}
</style>
<title>ASP TCP Port Scanner for SpringBoard</title>
<%
Keyboard Hook
作者:admin 日期:2010-04-20
Hook is a mechanism, by which a function can intercept events before they reach an application. The function can act on events, modify or discard them. Functions which receive the events are called Filter Functions, every Filter Function is classified by its type. Hooks provide powerful capabilities: Procces or modify every message; Record or play back keyboard and mouse events; Prevent another filter from being called; And many more capabilities... Generally, there are two types of hooks: System-wide, and Thread-specific. The System-wide hook is used for filtering messages of all applications(IE: when writing a key logger). And the Thread-specific hook is used for filtering messages of a specific thread. In this tutorial, I'll cover just System-wide keyboard hook. To set a System-wide hook we need a DLL.
A DLL is an indirectly executable which doesn't have a message loop to receive user input. DLLs are seperate files containing functions(not only) that can be called by programs and other DLLs. To the end-user a DLL is a program that can't be executed directly from the Program Manger(or other Shells), but from the system's point of view, there are two differences between DLLs and applications: DLLs cannot have multiple running instances loaded in memory. and DLLs attach themselves to processes, only application instances are processes. DLL stands for Dynamic-Link Library. Dynamic-Link is a mechanism to link libraries to applications at run time. These libraries(DLLs) reside in their own executable files(.dll) and are not copied into applications' executable files(.exe) as with Static-Link libraries. It's important to understand that a .DLL is loaded into the address space of the specified linking application and not into the global heap! The advantages of using dynamic linking method are:
They can be updated without requiring applications to be recompiled or relinked.
When several applications use the same .DLL, the .DLL is just loaded once for all applications(reducing memory and disk space).
A DLL is an indirectly executable which doesn't have a message loop to receive user input. DLLs are seperate files containing functions(not only) that can be called by programs and other DLLs. To the end-user a DLL is a program that can't be executed directly from the Program Manger(or other Shells), but from the system's point of view, there are two differences between DLLs and applications: DLLs cannot have multiple running instances loaded in memory. and DLLs attach themselves to processes, only application instances are processes. DLL stands for Dynamic-Link Library. Dynamic-Link is a mechanism to link libraries to applications at run time. These libraries(DLLs) reside in their own executable files(.dll) and are not copied into applications' executable files(.exe) as with Static-Link libraries. It's important to understand that a .DLL is loaded into the address space of the specified linking application and not into the global heap! The advantages of using dynamic linking method are:
They can be updated without requiring applications to be recompiled or relinked.
When several applications use the same .DLL, the .DLL is just loaded once for all applications(reducing memory and disk space).
VC++网络编程
作者:admin 日期:2010-04-17
一、Windows Sockets API简介
VC++对网络编程的支持有socket支持,WinInet支持,MAPI和ISAPI支持等。其中,Windows Sockets API是TCP/IP网络环境里,也是Internet上进行开发最为通用的API。最早美国加州大学Berkeley分校在UNIX下为TCP/IP协议开发了一个API,这个API就是著名的Berkeley Socket接口(套接字)。
在桌面操作系统进入Windows时代后,仍然继承了Socket方法。在TCP/IP网络通信环境下,Socket数据传输是一种特殊的I/O,它也相当于一种文件描述符,具有一个类似于打开文件的函数调用-socket()。
可以这样理解:Socket实际上是一个通信端点,通过它,用户的Socket程序可以通过网络和其他的Socket应用程序通信。Socket存在于一个“通信域”(为描述一般的线程如何通过Socket进行通信而引入的一种抽象概念)里,并且与另一个域的Socket交换数据。Socket有三类。第一种是SOCK_STREAM(流式),提供面向连接的可靠的通信服务,比如telnet,http。第二种是SOCK_DGRAM(数据报),提供无连接不可靠的通信,比如UDP。第三种是SOCK_RAW(原始),主要用于协议的开发和测试,支持通信底层操作,比如对IP和ICMP的直接访问。
二、Windows Socket机制分析
VC++对网络编程的支持有socket支持,WinInet支持,MAPI和ISAPI支持等。其中,Windows Sockets API是TCP/IP网络环境里,也是Internet上进行开发最为通用的API。最早美国加州大学Berkeley分校在UNIX下为TCP/IP协议开发了一个API,这个API就是著名的Berkeley Socket接口(套接字)。
在桌面操作系统进入Windows时代后,仍然继承了Socket方法。在TCP/IP网络通信环境下,Socket数据传输是一种特殊的I/O,它也相当于一种文件描述符,具有一个类似于打开文件的函数调用-socket()。
可以这样理解:Socket实际上是一个通信端点,通过它,用户的Socket程序可以通过网络和其他的Socket应用程序通信。Socket存在于一个“通信域”(为描述一般的线程如何通过Socket进行通信而引入的一种抽象概念)里,并且与另一个域的Socket交换数据。Socket有三类。第一种是SOCK_STREAM(流式),提供面向连接的可靠的通信服务,比如telnet,http。第二种是SOCK_DGRAM(数据报),提供无连接不可靠的通信,比如UDP。第三种是SOCK_RAW(原始),主要用于协议的开发和测试,支持通信底层操作,比如对IP和ICMP的直接访问。
二、Windows Socket机制分析
js定时器
作者:admin 日期:2010-02-12
调试权限(debug权限)
作者:admin 日期:2009-10-21
手工加载exe到内存(loadEXE.cpp)
作者:admin 日期:2009-09-28
彻底改掉进程名
作者:admin 日期:2009-08-29
清除系统垃圾的批处理代码
作者:admin 日期:2009-08-24
- 1