if ( ZwCreateFile(&FileHandle, 0x120089u, &ObjectAttributes, &IoStatusBlock, 0i64, 0x80u, 7u, 1u, 0x20u , 0i64, 0) >= 0 ) { current_thread = __readgsqword(0x188u); FileHandle_1 = FileHandle ; status = NtDeviceIoControlFile( FileHandle_1, 0i64 , 0i64, 0i64, &IoStatusBlock,
vftable'; LocalFree(*(HLOCAL *)(this + 56)); v2 = *(void **)(this + 64); *(_QWORD *)(this + 56) = 0i64 LocalFree(v2); v3 = *(void **)(this + 80); // <-- [0] uninitialized *(_QWORD *)(this + 64) = 0i64 ; LocalFree(v3); // <-- [1] free *(_QWORD *)(this + 80) = 0i64; } 复制品 通过 Gflags
2核2G云服务器首年95元,GPU云服务器低至9.93元/天,还有更多云产品低至0.1折…
; LocalFree(*(HLOCAL *)(this + 56)); v2 = *(void **)(this + 64); *(_QWORD *)(this + 56) = 0i64 ; 本地免费(v2); v3 = *(void **)(this + 80); // <-- [0] 未初始化 *(_QWORD *)(this + 64) = 0i64; 本地免费 (v3);// <-- [1] 免费 *(_QWORD *)(this + 80) = 0i64; } 复制品 通过 Gflags 开启 PageHeapwinword.exe 启动 Word,将调试器附加到它
B8h] [rbp+10h] BYREF void *ProcessHandle; // [rsp+C0h] [rbp+18h] BYREF ClientId.UniqueThread = 0i64 ; ObjectAttributes.Length = 48; ObjectAttributes.RootDirectory = 0i64; ObjectAttributes.Attributes = 0; ObjectAttributes.ObjectName = 0i64; ObjectAttributes.SecurityDescriptor = 0i64; ObjectAttributes.SecurityQualityOfService = 0i64; ClientId.UniqueProcess = (HANDLE)pid;//pid传入的地方 KeStackAttachProcess(Process, &ApcState) ObReferenceObjectByHandle(ProcessHandle, 0, 0i64, 0, &Object, 0i64) ) { switch ( dword_1CE40
a-flsTest bool flsTest(void){ return FlsAlloc(0i64) ! void){ HANDLE hProcess; // rax hProcess = GetCurrentProcess(); return VirtualAllocExNuma(hProcess, 0i64 = 0i64;} c-timeDistortionTest _BOOL8 timeDistortionTest(void){ DWORD ticks_after; // [rsp+28h] [rbp- d-systemProcessTest bool systemProcessTest(void){ return OpenProcess(PROCESS_ALL_ACCESS, 0, 4u) == 0i64 Block ) return 0i64; memset(Block, 0, 100000000ui64); free(Block); return 1i64;} 收集系统信息 带有 DGA
; // rcx 无效*qword33E8; // rcx 如果(这个-> qword33E0) { IpcFreeMemory (); 这-> qword33E0 = 0i64 CoTaskMemFree (v2); // <--- [1] free *(_QWORD *)& this -> gap33F0 [ 104 ] = 0i64
评估函数 最后选择的评函数为: self.evaluated = min_occupied.iter().enumerate().fold(0i64, |a, (_col, b)| avg_occupied; // a - b * b // } // } //}) + space_count.iter().fold(0i64 , |a, b| a - std::cmp::min(6, *b) * 15) }) + space_count.iter().fold(0i64, |a, b| a - b * 20)
ebp-14h] int v15; // [esp+20h] [ebp-10h] __int64 v16; // [esp+24h] [ebp-Ch] v13 = 0; v10 = 0i64 ; v11 = 0i64; v12 = 0i64; v14 = 9; v15 = 2; v16 = 0i64; ((void (__cdecl *)(const char *,
PptpCmActivateVcComplete ( ActiveateVcRetCode, lpCallCtx, ( PVOID ) lpCallCtx- > CallParams ) ; } 返回0i64 ExFreePoolWithTag (( PVOID ) lpCallContext- > CallParams, 0 ) ; lpCallContext- > CallParams = 0i64
[0i64; n as usize]; n as usize]; // 存储回文子序列数量的二维数组 for i in 0..n { dp[i as usize][i as usize
- v5) + 8 > 0xFFFF || (v10 = Dns_AllocateRecordEx((unsigned __int16)(v9 + 8), 0), (v11 = v10) == 0i64 ) ) { v7 = 14;LABEL_5: SetLastError(v7); return 0i64; } *((_BYTE *)v10 + 32) = *(_BYTE *)
Inputbuffer->dwCounter) ) //这里要满足这个条件让其进入循环,将其counter 设为1 { if ( pre_mode ) { v24 = 0i64 ; v25 = 0i64; v15 = v13; pData1 = Inputbuffer->pData1; if ( v12 )
if ( (int)ZwQuerySystemInformation(0xBi64, v4, (unsigned int)NumberOfBytes, 0i64) < 0 ) { ExFreePoolWithTag
0x1FFFFFi64, v39, hProcess, v37, v38, v14, 0i64
STATUS_INVALID_PARAMETER, 1); gWfpGlobal - >field_BC = 1; KeGenericCallDpc(WfpSyncDpcCallback, 0i64 // [rsp+48h] [rbp+10h] BYREF void Dst; // [rsp+50h] [rbp+18h] BYREF NtStatus = 0; Dst = 0i64
v28 = 0x56; memcpy(Dst, &Src, 0x10ui64); *((_QWORD *)&hFileMappingObject + 1) = CreateEventW(0i64
FILENAME_POINTER_OFFSET: usize = 8; let buf = unsafe { let ptr = FILENAME_BUF.get_ptr_mut(0).ok_or(0i64
; system("pause"); return 0i64; } 很快发现, strcmp 是 Str1与Str2 对比 ,因为Str1输入,于是追踪Str2 <img
\n"); else sub_1400111D1("wrong flag\n"); sub_14001113B(v4, &unk_140019D00); return 0i64; }
扫码关注腾讯云开发者
领取腾讯云代金券
云服务器
即时通信 IM
网站备案
对象存储
实时音视频
