手机魔方『Phone』

三星I9100G ICS

4 条评论

从昨天晚上开始就想更新下那个鸟Kies,结果更新了一晚上没有更新成功。三星的那群鸟程序员也不知道是怎么想的,用了将近快一年了从来就没更新成功过。今天给三星的客服打电话询问情况,结果给我回了一句什么你看看是不是你的电脑问题,麻痹的,每次都是卡在下载usb驱动的地方,循环下载能下载到1G多的数据,我都和你反馈情况了,你妈逼的告诉我去看什么是不是我的电脑问题。

Continue Reading

破解/汇编『Crack/Asm』

Hide Debugger for Immunity Debugger v1.8x

没有评论 
"""
(c) Mars Security. 2009-2012
Institute Of Information Serurity From Mars
Email:root@h4ck.ws
U{By obaby.}
"""
#sys.path.append("C:\\Program Files\\Immunity Inc\\Immunity Debugger\\Libs")

import immlib
import immutils
def main(args):
    imm = immlib.Debugger()
    #hide debugger by wipe the BeingDebugged flag in PEB struct.
    imm.writeMemory (imm.getPEBAddress() + 0x2,"\x00")
    #disable the process enume
    process32first = imm.getAddress("kernel32.Process32FirstW")
    process32next = imm.getAddress("kernel32.Process32NextW")
    function_list = [process32first, process32next]
    patch_bytes = imm.assemble("SUB EAX,EAX\nRET 8")
    for address in function_list:
        opcode = imm.disasmForward(address,nlines = 8)
        #imm.writeMemory(opcode.address,patch_bytes)
    
    return "[*] PEB BeingDebugged flag cleared ! Debugger Hided~!"

该脚本用于去掉基于IsDebugPresent函数的调试检测。将上面的内容保存为hidedbg.py放入immdbg的PyCommands目录下,然后在immdbg的命令窗口中执行即可。 smile

插件『IDA/OD/IMMDbg Plugin』

IDA SYNC For IDA 6.x

一条评论

IDA Sync was written to allow multiple analysts to synchronize their reverse engineering efforts with IDA Pro in real time. Users connect to a central server through the ida_sync plugin. Once connected, all comments and name changes made with the registered hot keys are immediately transmitted to all other users working on the same project. The central server stores a copy of all changes as well, allowing new analysts to jump on the project and immediately receive up to date information.

Continue Reading
Close Menu