├── .gitignore ├── README.md ├── course ├── Qt │ └── mydll │ │ ├── mydll.cpp │ │ ├── mydll.h │ │ ├── mydll.pro │ │ ├── mydll.pro.user │ │ └── mydll_global.h ├── ScyllaHide │ ├── DetectOD │ │ ├── About.cpp │ │ ├── About.h │ │ ├── DetectOD.cpp │ │ ├── DetectOD.h │ │ ├── DetectOD.rc │ │ ├── DetectOD.sln │ │ ├── DetectOD.vcxproj │ │ ├── DetectOD.vcxproj.filters │ │ ├── DetectODDlg.cpp │ │ ├── DetectODDlg.h │ │ ├── ReadMe.txt │ │ ├── StdAfx.cpp │ │ ├── StdAfx.h │ │ ├── res │ │ │ ├── DetectOD.ico │ │ │ ├── DetectOD.rc2 │ │ │ ├── User.ico │ │ │ ├── dog.ico │ │ │ └── home.ico │ │ ├── resource.h │ │ └── tlssup.c │ └── MyScyllaHide │ │ ├── .gitignore │ │ ├── HelloDll │ │ ├── HelloDll.cpp │ │ ├── HelloDll.vcxproj │ │ ├── HelloDll.vcxproj.filters │ │ ├── dllmain.cpp │ │ ├── stdafx.cpp │ │ ├── stdafx.h │ │ └── targetver.h │ │ ├── MyTestAntiDebuger.sln │ │ └── MyTestAntiDebuger │ │ ├── DynamicMapping.cpp │ │ ├── DynamicMapping.h │ │ ├── MyTestAntiDebuger.cpp │ │ ├── MyTestAntiDebuger.vcxproj │ │ ├── MyTestAntiDebuger.vcxproj.filters │ │ ├── stdafx.cpp │ │ ├── stdafx.h │ │ └── targetver.h ├── WinDriver │ ├── HelloWorld │ │ ├── HelloWorld.sln │ │ └── HelloWorld │ │ │ ├── HelloWorld.vcxproj │ │ │ ├── HelloWorld.vcxproj.filters │ │ │ └── main.c │ └── tools │ │ ├── tools-MFC │ │ ├── Resource.h │ │ ├── res │ │ │ ├── tools-MFC.ico │ │ │ └── toolsMFC.rc2 │ │ ├── stdafx.cpp │ │ ├── stdafx.h │ │ ├── targetver.h │ │ ├── tools-MFC.cpp │ │ ├── tools-MFC.h │ │ ├── tools-MFC.vcxproj │ │ ├── tools-MFC.vcxproj.filters │ │ ├── tools-MFCDlg.cpp │ │ ├── tools-MFCDlg.h │ │ └── toolsMFC.rc │ │ ├── tools.sln │ │ └── tools │ │ ├── dllmain.cpp │ │ ├── stdafx.cpp │ │ ├── stdafx.h │ │ ├── targetver.h │ │ ├── tools.cpp │ │ ├── tools.vcxproj │ │ └── tools.vcxproj.filters └── frida │ ├── 02_Hook基础 │ ├── 02_Hook基础.md │ ├── frida注入测试.js │ └── frida注入测试.py │ └── MyFridaExample │ ├── .gitignore │ ├── .idea │ ├── codeStyles │ │ └── Project.xml │ ├── gradle.xml │ ├── jarRepositories.xml │ ├── misc.xml │ ├── runConfigurations.xml │ └── vcs.xml │ ├── app │ ├── .gitignore │ ├── build.gradle │ ├── proguard-rules.pro │ └── src │ │ ├── androidTest │ │ └── java │ │ │ └── com │ │ │ └── ninecents │ │ │ └── ExampleInstrumentedTest.java │ │ ├── main │ │ ├── AndroidManifest.xml │ │ ├── java │ │ │ └── com │ │ │ │ └── ninecents │ │ │ │ └── MainActivity.java │ │ └── res │ │ │ ├── drawable-v24 │ │ │ └── ic_launcher_foreground.xml │ │ │ ├── drawable │ │ │ └── ic_launcher_background.xml │ │ │ ├── layout │ │ │ └── activity_main.xml │ │ │ ├── mipmap-anydpi-v26 │ │ │ ├── ic_launcher.xml │ │ │ └── ic_launcher_round.xml │ │ │ ├── mipmap-hdpi │ │ │ ├── ic_launcher.png │ │ │ └── ic_launcher_round.png │ │ │ ├── mipmap-mdpi │ │ │ ├── ic_launcher.png │ │ │ └── ic_launcher_round.png │ │ │ ├── mipmap-xhdpi │ │ │ ├── ic_launcher.png │ │ │ └── ic_launcher_round.png │ │ │ ├── mipmap-xxhdpi │ │ │ ├── ic_launcher.png │ │ │ └── ic_launcher_round.png │ │ │ ├── mipmap-xxxhdpi │ │ │ ├── ic_launcher.png │ │ │ └── ic_launcher_round.png │ │ │ └── values │ │ │ ├── colors.xml │ │ │ ├── strings.xml │ │ │ └── styles.xml │ │ └── test │ │ └── java │ │ └── com │ │ └── ninecents │ │ └── ExampleUnitTest.java │ ├── build.gradle │ ├── gradle.properties │ ├── gradle │ └── wrapper │ │ ├── gradle-wrapper.jar │ │ └── gradle-wrapper.properties │ ├── gradlew │ ├── gradlew.bat │ └── settings.gradle ├── third └── Blackbone │ ├── .gitattributes │ ├── .gitignore │ ├── BlackBone.sln │ ├── LICENSE │ ├── README.md │ ├── appveyor.yml │ ├── appveyor_drv.yml │ └── src │ ├── 3rd_party │ ├── AsmJit │ │ ├── ApiBegin.h │ │ ├── ApiEnd.h │ │ ├── AsmJit.h │ │ ├── Build.h │ │ ├── Config.h │ │ ├── LICENSE.md │ │ ├── README.md │ │ ├── base.h │ │ ├── base │ │ │ ├── assembler.cpp │ │ │ ├── assembler.h │ │ │ ├── codegen.cpp │ │ │ ├── codegen.h │ │ │ ├── compiler.cpp │ │ │ ├── compiler.h │ │ │ ├── constpool.cpp │ │ │ ├── constpool.h │ │ │ ├── containers.cpp │ │ │ ├── containers.h │ │ │ ├── context.cpp │ │ │ ├── context_p.h │ │ │ ├── cpuinfo.cpp │ │ │ ├── cpuinfo.h │ │ │ ├── cputicks.cpp │ │ │ ├── cputicks.h │ │ │ ├── error.cpp │ │ │ ├── error.h │ │ │ ├── globals.cpp │ │ │ ├── globals.h │ │ │ ├── intutil.cpp │ │ │ ├── intutil.h │ │ │ ├── lock.h │ │ │ ├── logger.cpp │ │ │ ├── logger.h │ │ │ ├── operand.cpp │ │ │ ├── operand.h │ │ │ ├── runtime.cpp │ │ │ ├── runtime.h │ │ │ ├── string.cpp │ │ │ ├── string.h │ │ │ ├── vectypes.h │ │ │ ├── vmem.cpp │ │ │ ├── vmem.h │ │ │ ├── zone.cpp │ │ │ └── zone.h │ │ ├── host.h │ │ ├── x86.h │ │ └── x86 │ │ │ ├── x86assembler.cpp │ │ │ ├── x86assembler.h │ │ │ ├── x86compiler.cpp │ │ │ ├── x86compiler.h │ │ │ ├── x86context.cpp │ │ │ ├── x86context_p.h │ │ │ ├── x86cpuinfo.cpp │ │ │ ├── x86cpuinfo.h │ │ │ ├── x86inst.cpp │ │ │ ├── x86inst.h │ │ │ ├── x86operand.cpp │ │ │ ├── x86operand.h │ │ │ ├── x86operand_regs.cpp │ │ │ ├── x86scheduler.cpp │ │ │ └── x86scheduler_p.h │ ├── BeaEngine │ │ ├── Warning_for_C_coders.txt │ │ └── headers │ │ │ ├── BeaEngine.h │ │ │ └── Includes │ │ │ ├── basic_types.h │ │ │ └── export.h │ ├── CorError.h │ ├── DIA │ │ ├── cvconst.h │ │ ├── dia2.h │ │ └── diacreate.h │ ├── VersionApi.h │ ├── cor.h │ ├── corhdr.h │ ├── gchost.h │ ├── ivalidator.h │ ├── ivehandler.h │ ├── metahost.h │ ├── mscoree.h │ ├── rewolf-wow64ext │ │ ├── .gitignore │ │ ├── .hgignore │ │ ├── README.md │ │ ├── doc │ │ │ └── wow64ext.txt │ │ ├── lgpl-3.0.txt │ │ ├── sample │ │ │ ├── build.bat │ │ │ └── main.cpp │ │ └── src │ │ │ ├── CMemPtr.h │ │ │ ├── internal.h │ │ │ ├── resource.h │ │ │ ├── wow64ext.cpp │ │ │ ├── wow64ext.h │ │ │ ├── wow64ext.rc │ │ │ ├── wow64ext.sln │ │ │ └── wow64ext.vcxproj │ ├── winapifamily.h │ └── winpackagefamily.h │ ├── BlackBone │ ├── Asm │ │ ├── AsmFactory.h │ │ ├── AsmHelper32.cpp │ │ ├── AsmHelper32.h │ │ ├── AsmHelper64.cpp │ │ ├── AsmHelper64.h │ │ ├── AsmStack.hpp │ │ ├── AsmVariant.hpp │ │ ├── IAsmHelper.h │ │ ├── LDasm.c │ │ └── LDasm.h │ ├── BlackBone.vcxproj │ ├── BlackBone.vcxproj.filters │ ├── CMakeLists.txt │ ├── Config.h │ ├── DllMain.cpp │ ├── DriverControl │ │ ├── DriverControl.cpp │ │ └── DriverControl.h │ ├── Exports.def │ ├── Include │ │ ├── ApiSet.h │ │ ├── CallResult.h │ │ ├── FunctionTypes.h │ │ ├── HandleGuard.h │ │ ├── Macro.h │ │ ├── NativeEnums.h │ │ ├── NativeStructures.h │ │ ├── Types.h │ │ ├── Win7Specific.h │ │ ├── Win8Specific.h │ │ ├── WinXPSpecific.h │ │ └── Winheaders.h │ ├── LocalHook │ │ ├── HookHandlerCdecl.h │ │ ├── HookHandlerFastcall.h │ │ ├── HookHandlerStdcall.h │ │ ├── HookHandlerThiscall.h │ │ ├── HookHandlers.h │ │ ├── LocalHook.hpp │ │ ├── LocalHookBase.cpp │ │ ├── LocalHookBase.h │ │ ├── TraceHook.cpp │ │ ├── TraceHook.h │ │ └── VTableHook.hpp │ ├── ManualMap │ │ ├── MExcept.cpp │ │ ├── MExcept.h │ │ ├── MMap.cpp │ │ ├── MMap.h │ │ └── Native │ │ │ ├── NtLoader.cpp │ │ │ └── NtLoader.h │ ├── Misc │ │ ├── DynImport.h │ │ ├── InitOnce.cpp │ │ ├── InitOnce.h │ │ ├── NameResolve.cpp │ │ ├── NameResolve.h │ │ ├── Thunk.hpp │ │ ├── Trace.hpp │ │ ├── Utils.cpp │ │ └── Utils.h │ ├── PE │ │ ├── ImageNET.cpp │ │ ├── ImageNET.h │ │ ├── PEImage.cpp │ │ └── PEImage.h │ ├── Patterns │ │ ├── PatternSearch.cpp │ │ └── PatternSearch.h │ ├── Process │ │ ├── MemBlock.cpp │ │ ├── MemBlock.h │ │ ├── MultPtr.hpp │ │ ├── Process.cpp │ │ ├── Process.h │ │ ├── ProcessCore.cpp │ │ ├── ProcessCore.h │ │ ├── ProcessMemory.cpp │ │ ├── ProcessMemory.h │ │ ├── ProcessModules.cpp │ │ ├── ProcessModules.h │ │ ├── RPC │ │ │ ├── RemoteContext.hpp │ │ │ ├── RemoteExec.cpp │ │ │ ├── RemoteExec.h │ │ │ ├── RemoteFunction.hpp │ │ │ ├── RemoteHook.cpp │ │ │ ├── RemoteHook.h │ │ │ ├── RemoteLocalHook.cpp │ │ │ ├── RemoteLocalHook.h │ │ │ ├── RemoteMemory.cpp │ │ │ └── RemoteMemory.h │ │ └── Threads │ │ │ ├── Thread.cpp │ │ │ ├── Thread.h │ │ │ ├── Threads.cpp │ │ │ └── Threads.h │ ├── Subsystem │ │ ├── NativeSubsystem.cpp │ │ ├── NativeSubsystem.h │ │ ├── Wow64Subsystem.cpp │ │ ├── Wow64Subsystem.h │ │ ├── x86Subsystem.cpp │ │ └── x86Subsystem.h │ ├── Symbols │ │ ├── PDBHelper.cpp │ │ ├── PDBHelper.h │ │ ├── PatternLoader.cpp │ │ ├── PatternLoader.h │ │ ├── SymbolData.cpp │ │ ├── SymbolData.h │ │ ├── SymbolLoader.cpp │ │ └── SymbolLoader.h │ └── Syscalls │ │ ├── Syscall.h │ │ ├── Syscall32.asm │ │ └── Syscall64.asm │ ├── BlackBoneDrv │ ├── BlackBoneDef.h │ ├── BlackBoneDrv.c │ ├── BlackBoneDrv.h │ ├── BlackBoneDrv.sln │ ├── BlackBoneDrv.vcxproj │ ├── BlackBoneDrv.vcxproj.filters │ ├── Dispatch.c │ ├── Imports.h │ ├── Inject.c │ ├── Loader.c │ ├── Loader.h │ ├── MMap.c │ ├── NativeEnums.h │ ├── NativeStructs.h │ ├── NativeStructs10.h │ ├── NativeStructs7.h │ ├── NativeStructs8.h │ ├── NativeStructs81.h │ ├── NotifyRoutine.c │ ├── PEStructs.h │ ├── Private.c │ ├── Private.h │ ├── Remap.c │ ├── Remap.h │ ├── Routines.c │ ├── Routines.h │ ├── Utils.c │ ├── Utils.h │ ├── VadHelpers.c │ ├── VadHelpers.h │ ├── VadRoutines.c │ ├── VadRoutines.h │ ├── apiset.h │ └── ldrreloc.c │ ├── BlackBoneTest │ ├── BlackBoneTest.vcxproj │ ├── BlackBoneTest.vcxproj.filters │ ├── Common.h │ ├── TestAsmJit.cpp │ ├── TestAsmVariant.cpp │ ├── TestBasic.cpp │ ├── TestDriver.cpp │ ├── TestLocalHook.cpp │ ├── TestManualMap.cpp │ ├── TestMultiPtr.cpp │ ├── TestPatternScan.cpp │ ├── TestRemoteCall.cpp │ ├── TestRemoteHook.cpp │ ├── TestRemoteMemory.cpp │ └── TestSyscall.cpp │ ├── CMakeLists.txt │ └── Samples │ ├── CMakeLists.txt │ ├── Main.cpp │ ├── ManualMap.cpp │ ├── Samples.vcxproj │ └── Samples.vcxproj.filters └── tools └── tools ├── tools.sln └── tools ├── pch.cpp ├── pch.h ├── tools.cpp ├── tools.vcxproj └── tools.vcxproj.filters /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/.gitignore -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 2019-1-26, by khz 2 | # ScyllaHide教程 -------------------------------------------------------------------------------- /course/Qt/mydll/mydll.cpp: -------------------------------------------------------------------------------- 1 | #include "mydll.h" 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | Mydll g_dll; 16 | 17 | void test_export_resource() 18 | { 19 | // 测试一个icon 20 | { 21 | char *res = ":/new/prefix1/logo.ico"; 22 | QString localname = QString("D") + res; 23 | QPixmap icon(res); 24 | icon.save(localname); 25 | } 26 | return; 27 | 28 | // 测试一组图片 29 | { 30 | char *res[] = { 31 | ":/toolbar/a.png", 32 | ":/toolbar/b.png", 33 | ":/toolbar/c.png", 34 | ":/picture/default.bmp", 35 | ":/status/x.png", 36 | ":/status/y.gif", 37 | ":/status/z.png",}; 38 | 39 | for(int i = 0; i < sizeof(res)/sizeof(char*); ++i) 40 | { 41 | break; 42 | QString localname = QString("D") + res[i]; 43 | QPixmap icon(res[i]); 44 | icon.save(localname); 45 | } 46 | } 47 | return; 48 | 49 | // 测试音频文件(失败了) 50 | { 51 | QFile fres("qrc:/media/audio/KD1.mp3"); 52 | QString msg = QString("khz%1---").arg(fres.exists()); 53 | OutputDebugStringA(msg.toLatin1().data()); 54 | QFile f("D:\\1.mp3"); 55 | // f.write((const char*)f.data(), res2.size()); 56 | } 57 | /* 58 | QMediaContent content("qrc:/media/audio/1.mp3"); 59 | QMediaResourceList reslist = content.canonicalResource(); 60 | QMediaResource res3 = reslist[0]; 61 | std::ofstream of2("D:\\100.mp3"); 62 | of2.write((const char*)res3.().data(), res3.dataSize()); 63 | return; 64 | QResource res2(QString(":/media/audio/100.mp3")); 65 | std::ofstream of("D:\\100.mp3"); 66 | of.write((const char*)res2.data(), res2.size()); 67 | return;*/ 68 | 69 | // QMediaContent content("qrc:/media/audio/1.mp3"); 70 | } 71 | 72 | void MyLog(QtMsgType type, const QMessageLogContext &context, const QString &msg) 73 | { 74 | OutputDebugStringA(msg.toStdString().data()); 75 | } 76 | 77 | void test_qdebug() 78 | { 79 | qInstallMessageHandler(MyLog); 80 | } 81 | 82 | Mydll::Mydll() 83 | { 84 | test_qdebug(); 85 | return; 86 | test_export_resource(); 87 | } 88 | -------------------------------------------------------------------------------- /course/Qt/mydll/mydll.h: -------------------------------------------------------------------------------- 1 | #ifndef MYDLL_H 2 | #define MYDLL_H 3 | 4 | #include "mydll_global.h" 5 | 6 | class MYDLLSHARED_EXPORT Mydll 7 | { 8 | 9 | public: 10 | Mydll(); 11 | }; 12 | 13 | #endif // MYDLL_H 14 | -------------------------------------------------------------------------------- /course/Qt/mydll/mydll.pro: -------------------------------------------------------------------------------- 1 | #------------------------------------------------- 2 | # 3 | # Project created by QtCreator 2019-03-26T22:24:00 4 | # 5 | #------------------------------------------------- 6 | 7 | QT += gui 8 | QT += multimedia 9 | 10 | TARGET = mydll 11 | TEMPLATE = lib 12 | 13 | DEFINES += MYDLL_LIBRARY 14 | 15 | # The following define makes your compiler emit warnings if you use 16 | # any feature of Qt which has been marked as deprecated (the exact warnings 17 | # depend on your compiler). Please consult the documentation of the 18 | # deprecated API in order to know how to port your code away from it. 19 | DEFINES += QT_DEPRECATED_WARNINGS 20 | 21 | # You can also make your code fail to compile if you use deprecated APIs. 22 | # In order to do so, uncomment the following line. 23 | # You can also select to disable deprecated APIs only up to a certain version of Qt. 24 | #DEFINES += QT_DISABLE_DEPRECATED_BEFORE=0x060000 # disables all the APIs deprecated before Qt 6.0.0 25 | 26 | SOURCES += \ 27 | mydll.cpp 28 | 29 | HEADERS += \ 30 | mydll.h \ 31 | mydll_global.h 32 | 33 | unix { 34 | target.path = /usr/lib 35 | INSTALLS += target 36 | } 37 | -------------------------------------------------------------------------------- /course/Qt/mydll/mydll_global.h: -------------------------------------------------------------------------------- 1 | #ifndef MYDLL_GLOBAL_H 2 | #define MYDLL_GLOBAL_H 3 | 4 | #include 5 | 6 | #if defined(MYDLL_LIBRARY) 7 | # define MYDLLSHARED_EXPORT Q_DECL_EXPORT 8 | #else 9 | # define MYDLLSHARED_EXPORT Q_DECL_IMPORT 10 | #endif 11 | 12 | #endif // MYDLL_GLOBAL_H 13 | -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/About.cpp: -------------------------------------------------------------------------------- 1 | // About.cpp : implementation file 2 | // 3 | 4 | #include "stdafx.h" 5 | #include "DetectOD.h" 6 | #include "About.h" 7 | 8 | #ifdef _DEBUG 9 | #define new DEBUG_NEW 10 | #undef THIS_FILE 11 | static char THIS_FILE[] = __FILE__; 12 | #endif 13 | 14 | ///////////////////////////////////////////////////////////////////////////// 15 | // CAbout dialog 16 | 17 | 18 | CAbout::CAbout(CWnd* pParent /*=NULL*/) 19 | : CDialog(CAbout::IDD, pParent) 20 | { 21 | //{{AFX_DATA_INIT(CAbout) 22 | // NOTE: the ClassWizard will add member initialization here 23 | //}}AFX_DATA_INIT 24 | } 25 | 26 | 27 | void CAbout::DoDataExchange(CDataExchange* pDX) 28 | { 29 | CDialog::DoDataExchange(pDX); 30 | //{{AFX_DATA_MAP(CAbout) 31 | // NOTE: the ClassWizard will add DDX and DDV calls here 32 | //}}AFX_DATA_MAP 33 | } 34 | 35 | 36 | BEGIN_MESSAGE_MAP(CAbout, CDialog) 37 | //{{AFX_MSG_MAP(CAbout) 38 | // NOTE: the ClassWizard will add message map macros here 39 | //}}AFX_MSG_MAP 40 | END_MESSAGE_MAP() 41 | 42 | ///////////////////////////////////////////////////////////////////////////// 43 | // CAbout message handlers 44 | -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/About.h: -------------------------------------------------------------------------------- 1 | #if !defined(AFX_ABOUT_H__E6A0B5AD_AEAB_4C62_B057_2E9C36D008CF__INCLUDED_) 2 | #define AFX_ABOUT_H__E6A0B5AD_AEAB_4C62_B057_2E9C36D008CF__INCLUDED_ 3 | 4 | #if _MSC_VER > 1000 5 | #pragma once 6 | #endif // _MSC_VER > 1000 7 | // About.h : header file 8 | // 9 | 10 | ///////////////////////////////////////////////////////////////////////////// 11 | // CAbout dialog 12 | 13 | class CAbout : public CDialog 14 | { 15 | // Construction 16 | public: 17 | CAbout(CWnd* pParent = NULL); // standard constructor 18 | 19 | // Dialog Data 20 | //{{AFX_DATA(CAbout) 21 | enum { IDD = IDD_DETECTOD_DIALOG }; 22 | // NOTE: the ClassWizard will add data members here 23 | //}}AFX_DATA 24 | 25 | 26 | // Overrides 27 | // ClassWizard generated virtual function overrides 28 | //{{AFX_VIRTUAL(CAbout) 29 | protected: 30 | virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support 31 | //}}AFX_VIRTUAL 32 | 33 | // Implementation 34 | protected: 35 | 36 | // Generated message map functions 37 | //{{AFX_MSG(CAbout) 38 | // NOTE: the ClassWizard will add member functions here 39 | //}}AFX_MSG 40 | DECLARE_MESSAGE_MAP() 41 | }; 42 | 43 | //{{AFX_INSERT_LOCATION}} 44 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 45 | 46 | #endif // !defined(AFX_ABOUT_H__E6A0B5AD_AEAB_4C62_B057_2E9C36D008CF__INCLUDED_) 47 | -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/DetectOD.cpp: -------------------------------------------------------------------------------- 1 | // DetectOD.cpp : Defines the class behaviors for the application. 2 | // 3 | 4 | #include "stdafx.h" 5 | #include "DetectOD.h" 6 | #include "DetectODDlg.h" 7 | 8 | #ifdef _DEBUG 9 | #define new DEBUG_NEW 10 | #undef THIS_FILE 11 | static char THIS_FILE[] = __FILE__; 12 | #endif 13 | 14 | ///////////////////////////////////////////////////////////////////////////// 15 | // CDetectODApp 16 | 17 | BEGIN_MESSAGE_MAP(CDetectODApp, CWinApp) 18 | //{{AFX_MSG_MAP(CDetectODApp) 19 | // NOTE - the ClassWizard will add and remove mapping macros here. 20 | // DO NOT EDIT what you see in these blocks of generated code! 21 | //}}AFX_MSG 22 | ON_COMMAND(ID_HELP, CWinApp::OnHelp) 23 | END_MESSAGE_MAP() 24 | 25 | ///////////////////////////////////////////////////////////////////////////// 26 | // CDetectODApp construction 27 | 28 | CDetectODApp::CDetectODApp() 29 | { 30 | // TODO: add construction code here, 31 | // Place all significant initialization in InitInstance 32 | } 33 | 34 | ///////////////////////////////////////////////////////////////////////////// 35 | // The one and only CDetectODApp object 36 | 37 | CDetectODApp theApp; 38 | 39 | ///////////////////////////////////////////////////////////////////////////// 40 | // CDetectODApp initialization 41 | 42 | BOOL CDetectODApp::InitInstance() 43 | { 44 | AfxEnableControlContainer(); 45 | 46 | // Standard initialization 47 | // If you are not using these features and wish to reduce the size 48 | // of your final executable, you should remove from the following 49 | // the specific initialization routines you do not need. 50 | 51 | #ifdef _AFXDLL 52 | Enable3dControls(); // Call this when using MFC in a shared DLL 53 | #else 54 | Enable3dControlsStatic(); // Call this when linking to MFC statically 55 | #endif 56 | 57 | CDetectODDlg dlg; 58 | m_pMainWnd = &dlg; 59 | int nResponse = dlg.DoModal(); 60 | if (nResponse == IDOK) 61 | { 62 | // TODO: Place code here to handle when the dialog is 63 | // dismissed with OK 64 | } 65 | else if (nResponse == IDCANCEL) 66 | { 67 | // TODO: Place code here to handle when the dialog is 68 | // dismissed with Cancel 69 | } 70 | 71 | // Since the dialog has been closed, return FALSE so that we exit the 72 | // application, rather than start the application's message pump. 73 | return FALSE; 74 | } 75 | -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/DetectOD.h: -------------------------------------------------------------------------------- 1 | // DetectOD.h : main header file for the DETECTOD application 2 | // 3 | 4 | #if !defined(AFX_DETECTOD_H__D2C4A318_F732_4AD0_B210_EF118C7FAC21__INCLUDED_) 5 | #define AFX_DETECTOD_H__D2C4A318_F732_4AD0_B210_EF118C7FAC21__INCLUDED_ 6 | 7 | #if _MSC_VER > 1000 8 | #pragma once 9 | #endif // _MSC_VER > 1000 10 | 11 | #ifndef __AFXWIN_H__ 12 | #error include 'stdafx.h' before including this file for PCH 13 | #endif 14 | 15 | #include "resource.h" // main symbols 16 | 17 | ///////////////////////////////////////////////////////////////////////////// 18 | // CDetectODApp: 19 | // See DetectOD.cpp for the implementation of this class 20 | // 21 | 22 | class CDetectODApp : public CWinApp 23 | { 24 | public: 25 | CDetectODApp(); 26 | 27 | // Overrides 28 | // ClassWizard generated virtual function overrides 29 | //{{AFX_VIRTUAL(CDetectODApp) 30 | public: 31 | virtual BOOL InitInstance(); 32 | //}}AFX_VIRTUAL 33 | 34 | // Implementation 35 | 36 | //{{AFX_MSG(CDetectODApp) 37 | // NOTE - the ClassWizard will add and remove member functions here. 38 | // DO NOT EDIT what you see in these blocks of generated code ! 39 | //}}AFX_MSG 40 | DECLARE_MESSAGE_MAP() 41 | }; 42 | 43 | 44 | ///////////////////////////////////////////////////////////////////////////// 45 | 46 | //{{AFX_INSERT_LOCATION}} 47 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 48 | 49 | #endif // !defined(AFX_DETECTOD_H__D2C4A318_F732_4AD0_B210_EF118C7FAC21__INCLUDED_) 50 | -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/DetectOD.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/DetectOD/DetectOD.rc -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/DetectOD.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2012 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DetectOD", "DetectOD.vcxproj", "{0CD6F28B-6A93-42AB-A435-46223134EB03}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug|Win32 = Debug|Win32 9 | Release|Win32 = Release|Win32 10 | EndGlobalSection 11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 12 | {0CD6F28B-6A93-42AB-A435-46223134EB03}.Debug|Win32.ActiveCfg = Debug|Win32 13 | {0CD6F28B-6A93-42AB-A435-46223134EB03}.Debug|Win32.Build.0 = Debug|Win32 14 | {0CD6F28B-6A93-42AB-A435-46223134EB03}.Release|Win32.ActiveCfg = Release|Win32 15 | {0CD6F28B-6A93-42AB-A435-46223134EB03}.Release|Win32.Build.0 = Release|Win32 16 | EndGlobalSection 17 | GlobalSection(SolutionProperties) = preSolution 18 | HideSolutionNode = FALSE 19 | EndGlobalSection 20 | EndGlobal 21 | -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/DetectOD.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {482dc496-684c-4bef-b2aa-7fe4a3c1f3b9} 6 | cpp;c;cxx;rc;def;r;odl;idl;hpj;bat 7 | 8 | 9 | {8240ba4f-278d-4fef-b682-382d3baf9fd9} 10 | h;hpp;hxx;hm;inl 11 | 12 | 13 | {235672e2-eb7d-4e1d-bddc-f8475e3f06a2} 14 | ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | 29 | 30 | Source Files 31 | 32 | 33 | 34 | 35 | Header Files 36 | 37 | 38 | Header Files 39 | 40 | 41 | Header Files 42 | 43 | 44 | Header Files 45 | 46 | 47 | 48 | 49 | Resource Files 50 | 51 | 52 | Resource Files 53 | 54 | 55 | Resource Files 56 | 57 | 58 | Resource Files 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | Resource Files 67 | 68 | 69 | -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/DetectODDlg.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/DetectOD/DetectODDlg.cpp -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/DetectODDlg.h: -------------------------------------------------------------------------------- 1 | // DetectODDlg.h : header file 2 | // 3 | 4 | #if !defined(AFX_DETECTODDLG_H__878B65B9_998E_4718_93F3_D147DB13A90D__INCLUDED_) 5 | #define AFX_DETECTODDLG_H__878B65B9_998E_4718_93F3_D147DB13A90D__INCLUDED_ 6 | 7 | #if _MSC_VER > 1000 8 | #pragma once 9 | #endif // _MSC_VER > 1000 10 | 11 | ///////////////////////////////////////////////////////////////////////////// 12 | // CDetectODDlg dialog 13 | 14 | class CDetectODDlg : public CDialog 15 | { 16 | // Construction 17 | public: 18 | CDetectODDlg(CWnd* pParent = NULL); // standard constructor 19 | 20 | // Dialog Data 21 | //{{AFX_DATA(CDetectODDlg) 22 | enum { IDD = IDD_DETECTOD_DIALOG }; 23 | // NOTE: the ClassWizard will add data members here 24 | //}}AFX_DATA 25 | 26 | // ClassWizard generated virtual function overrides 27 | //{{AFX_VIRTUAL(CDetectODDlg) 28 | protected: 29 | virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support 30 | //}}AFX_VIRTUAL 31 | 32 | // Implementation 33 | protected: 34 | HICON m_hIcon; 35 | 36 | // Generated message map functions 37 | //{{AFX_MSG(CDetectODDlg) 38 | virtual BOOL OnInitDialog(); 39 | afx_msg void OnSysCommand(UINT nID, LPARAM lParam); 40 | afx_msg void OnPaint(); 41 | afx_msg HCURSOR OnQueryDragIcon(); 42 | afx_msg void OnWndcls(); 43 | afx_msg void OnTest(); 44 | afx_msg void OnIsdebuggerpresent(); 45 | afx_msg void OnEnumwindow(); 46 | afx_msg void OnEnumProcess(); 47 | afx_msg void OnExplorer(); 48 | afx_msg void OnGetTickCount(); 49 | afx_msg void OnGetStartupInfo(); 50 | afx_msg void OnPebflags(); 51 | afx_msg void OnCheckremotedebuggerpresent(); 52 | afx_msg void OnZwqueryinfomationprocess(); 53 | afx_msg void OnSetUnhandledExceptionFilter(); 54 | afx_msg void OnZwQueryInformationProcess(); 55 | afx_msg void OnSeDebugPrivilege(); 56 | afx_msg void OnNTQueryObject(); 57 | afx_msg void OnDectectBreakpoints(); 58 | afx_msg void OnDectectFuncBreakpoints(); 59 | afx_msg void OnBlockInput(); 60 | afx_msg void OnChecksum(); 61 | afx_msg void OnEnableWindow(); 62 | afx_msg void OnZwSetInformationThread(); 63 | afx_msg void OnOutputDebugString(); 64 | afx_msg void OnGetEntryPoint(); 65 | afx_msg void OnButton1(); 66 | afx_msg void OnButton2(); 67 | afx_msg void OnTrapFlag(); 68 | afx_msg void OnGuardPages(); 69 | afx_msg void OnHardwarebreakpoint(); 70 | virtual void OnCancel(); 71 | afx_msg void OnAbout(); 72 | virtual void OnOK(); 73 | afx_msg void OnMypage2(); 74 | //}}AFX_MSG 75 | DECLARE_MESSAGE_MAP() 76 | 77 | }; 78 | 79 | //{{AFX_INSERT_LOCATION}} 80 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 81 | 82 | #endif // !defined(AFX_DETECTODDLG_H__878B65B9_998E_4718_93F3_D147DB13A90D__INCLUDED_) 83 | -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/StdAfx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // DetectOD.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/StdAfx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #if !defined(AFX_STDAFX_H__1D6A253C_B6C7_47CB_B730_6447CAF4FA7B__INCLUDED_) 7 | #define AFX_STDAFX_H__1D6A253C_B6C7_47CB_B730_6447CAF4FA7B__INCLUDED_ 8 | 9 | #if _MSC_VER > 1000 10 | #pragma once 11 | #endif // _MSC_VER > 1000 12 | 13 | #define VC_EXTRALEAN // Exclude rarely-used stuff from Windows headers 14 | 15 | #include // MFC core and standard components 16 | #include // MFC extensions 17 | #include // MFC Automation classes 18 | #include // MFC support for Internet Explorer 4 Common Controls 19 | #ifndef _AFX_NO_AFXCMN_SUPPORT 20 | #include // MFC support for Windows Common Controls 21 | #endif // _AFX_NO_AFXCMN_SUPPORT 22 | 23 | 24 | //{{AFX_INSERT_LOCATION}} 25 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 26 | 27 | #endif // !defined(AFX_STDAFX_H__1D6A253C_B6C7_47CB_B730_6447CAF4FA7B__INCLUDED_) 28 | -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/res/DetectOD.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/DetectOD/res/DetectOD.ico -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/res/DetectOD.rc2: -------------------------------------------------------------------------------- 1 | // 2 | // DETECTOD.RC2 - resources Microsoft Visual C++ does not edit directly 3 | // 4 | 5 | #ifdef APSTUDIO_INVOKED 6 | #error this file is not editable by Microsoft Visual C++ 7 | #endif //APSTUDIO_INVOKED 8 | 9 | 10 | ///////////////////////////////////////////////////////////////////////////// 11 | // Add manually edited resources here... 12 | 13 | ///////////////////////////////////////////////////////////////////////////// 14 | -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/res/User.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/DetectOD/res/User.ico -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/res/dog.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/DetectOD/res/dog.ico -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/res/home.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/DetectOD/res/home.ico -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Developer Studio generated include file. 3 | // Used by DetectOD.rc 4 | // 5 | #define IDC_ABOUT 3 6 | #define IDM_ABOUTBOX 0x0010 7 | #define IDD_ABOUTBOX 100 8 | #define IDS_ABOUTBOX 101 9 | #define IDD_DETECTOD_DIALOG 102 10 | #define IDR_MAINFRAME 128 11 | #define IDI_DOG 129 12 | #define IDI_ICON2 133 13 | #define IDC_WNDCLS 1000 14 | #define IDC_ISDEBUGGERPRESENT 1002 15 | #define IDC_ENUMWINDOW 1003 16 | #define IDC_EnumProcess 1004 17 | #define IDC_Explorer 1005 18 | #define IDC_GetTickCount 1006 19 | #define IDC_GetStartupInfo 1007 20 | #define IDC_PEBFLAGS 1008 21 | #define IDC_CHECKREMOTEDEBUGGERPRESENT 1009 22 | #define IDC_ZwQueryInformationProcess 1010 23 | #define IDC_SetUnhandledExceptionFilter 1014 24 | #define IDC_MYPAGE 1014 25 | #define IDC_SeDebugPrivilege 1015 26 | #define IDC_COMEON 1015 27 | #define IDC_MYICON 1016 28 | #define IDC_MYPAGE2 1016 29 | #define IDC_NTQueryObject 1017 30 | #define IDC_DectectBreakpoints 1018 31 | #define IDC_DectectFuncBreakpoints 1019 32 | #define IDC_BlockInput 1020 33 | #define IDC_CHECKSUM 1021 34 | #define IDC_EnableWindow 1022 35 | #define IDC_ZwSetInformationThread 1023 36 | #define IDC_OutputDebugString 1024 37 | #define IDC_GetEntryPoint 1025 38 | #define IDC_TrapFlag 1026 39 | #define IDC_GuardPages 1027 40 | #define IDC_HARDWAREBREAKPOINT 1028 41 | 42 | // Next default values for new objects 43 | // 44 | #ifdef APSTUDIO_INVOKED 45 | #ifndef APSTUDIO_READONLY_SYMBOLS 46 | #define _APS_NEXT_RESOURCE_VALUE 134 47 | #define _APS_NEXT_COMMAND_VALUE 32771 48 | #define _APS_NEXT_CONTROL_VALUE 1017 49 | #define _APS_NEXT_SYMED_VALUE 101 50 | #endif 51 | #endif 52 | -------------------------------------------------------------------------------- /course/ScyllaHide/DetectOD/tlssup.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/DetectOD/tlssup.c -------------------------------------------------------------------------------- /course/ScyllaHide/MyScyllaHide/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/MyScyllaHide/.gitignore -------------------------------------------------------------------------------- /course/ScyllaHide/MyScyllaHide/HelloDll/HelloDll.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/MyScyllaHide/HelloDll/HelloDll.cpp -------------------------------------------------------------------------------- /course/ScyllaHide/MyScyllaHide/HelloDll/HelloDll.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 头文件 20 | 21 | 22 | 头文件 23 | 24 | 25 | 26 | 27 | 源文件 28 | 29 | 30 | 源文件 31 | 32 | 33 | 源文件 34 | 35 | 36 | -------------------------------------------------------------------------------- /course/ScyllaHide/MyScyllaHide/HelloDll/dllmain.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/MyScyllaHide/HelloDll/dllmain.cpp -------------------------------------------------------------------------------- /course/ScyllaHide/MyScyllaHide/HelloDll/stdafx.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/MyScyllaHide/HelloDll/stdafx.cpp -------------------------------------------------------------------------------- /course/ScyllaHide/MyScyllaHide/HelloDll/stdafx.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/MyScyllaHide/HelloDll/stdafx.h -------------------------------------------------------------------------------- /course/ScyllaHide/MyScyllaHide/HelloDll/targetver.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/MyScyllaHide/HelloDll/targetver.h -------------------------------------------------------------------------------- /course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.27703.2042 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MyTestAntiDebuger", "MyTestAntiDebuger\MyTestAntiDebuger.vcxproj", "{DD451A89-40FF-4B1A-930C-7606AA87ABFE}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HelloDll", "HelloDll\HelloDll.vcxproj", "{43602D74-7A62-40EC-B920-EB1CF80EAEA8}" 9 | EndProject 10 | Global 11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 12 | Debug|x64 = Debug|x64 13 | Debug|x86 = Debug|x86 14 | Release|x64 = Release|x64 15 | Release|x86 = Release|x86 16 | EndGlobalSection 17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 18 | {DD451A89-40FF-4B1A-930C-7606AA87ABFE}.Debug|x64.ActiveCfg = Debug|x64 19 | {DD451A89-40FF-4B1A-930C-7606AA87ABFE}.Debug|x64.Build.0 = Debug|x64 20 | {DD451A89-40FF-4B1A-930C-7606AA87ABFE}.Debug|x86.ActiveCfg = Debug|Win32 21 | {DD451A89-40FF-4B1A-930C-7606AA87ABFE}.Debug|x86.Build.0 = Debug|Win32 22 | {DD451A89-40FF-4B1A-930C-7606AA87ABFE}.Release|x64.ActiveCfg = Release|x64 23 | {DD451A89-40FF-4B1A-930C-7606AA87ABFE}.Release|x64.Build.0 = Release|x64 24 | {DD451A89-40FF-4B1A-930C-7606AA87ABFE}.Release|x86.ActiveCfg = Release|Win32 25 | {DD451A89-40FF-4B1A-930C-7606AA87ABFE}.Release|x86.Build.0 = Release|Win32 26 | {43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Debug|x64.ActiveCfg = Debug|x64 27 | {43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Debug|x64.Build.0 = Debug|x64 28 | {43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Debug|x86.ActiveCfg = Debug|Win32 29 | {43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Debug|x86.Build.0 = Debug|Win32 30 | {43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Release|x64.ActiveCfg = Release|x64 31 | {43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Release|x64.Build.0 = Release|x64 32 | {43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Release|x86.ActiveCfg = Release|Win32 33 | {43602D74-7A62-40EC-B920-EB1CF80EAEA8}.Release|x86.Build.0 = Release|Win32 34 | EndGlobalSection 35 | GlobalSection(SolutionProperties) = preSolution 36 | HideSolutionNode = FALSE 37 | EndGlobalSection 38 | GlobalSection(ExtensibilityGlobals) = postSolution 39 | SolutionGuid = {F38E92CC-68F3-4BE0-A324-C50EDDAAFC50} 40 | EndGlobalSection 41 | EndGlobal 42 | -------------------------------------------------------------------------------- /course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/DynamicMapping.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | typedef struct _SameTebFlags 6 | { 7 | union 8 | { 9 | struct 10 | { 11 | USHORT DbgSafeThunkCall : 1; 12 | USHORT DbgInDebugPrint : 1; 13 | USHORT DbgHasFiberData : 1; 14 | USHORT DbgSkipThreadAttach : 1; 15 | USHORT DbgWerInShipAssertCode : 1; 16 | USHORT DbgIssuedInitialBp : 1; 17 | USHORT DbgClonedThread : 1; 18 | USHORT SpareSameTebBits : 9; 19 | }; 20 | USHORT SameTebFlags; 21 | }; 22 | } SameTebFlags; 23 | 24 | #ifdef _WIN64 25 | #define TEB_OFFSET_SAME_TEB_FLAGS 0x17EE 26 | #else 27 | #define TEB_OFFSET_SAME_TEB_FLAGS 0xFCA 28 | #endif 29 | 30 | LPVOID MapModuleToProcess(HANDLE hProcess, BYTE * dllMemory, bool wipeHeaders); 31 | void DoBaseRelocation(PIMAGE_BASE_RELOCATION relocation, DWORD_PTR memory, DWORD_PTR dwDelta); 32 | DWORD GetDllFunctionAddressRVA(BYTE * dllMemory, LPCSTR apiName); 33 | DWORD RVAToOffset(PIMAGE_NT_HEADERS pNtHdr, DWORD dwRVA); 34 | HMODULE GetModuleBaseRemote(HANDLE hProcess, const wchar_t* szDLLName); 35 | DWORD StartDllInitFunction(HANDLE hProcess, DWORD_PTR functionAddress, LPVOID imageBase); 36 | bool SkipThreadAttach(HANDLE hProcess, HANDLE hThread); 37 | bool ResolveImports(PIMAGE_IMPORT_DESCRIPTOR pImport, DWORD_PTR module); 38 | 39 | bool StartSystemBreakpointInjection(DWORD threadi, HANDLE hProcess, DWORD_PTR functionAddress, LPVOID imageBase); 40 | #ifndef _WIN64 41 | int GetInjectStubSize(); 42 | void PrepareInjectStub(DWORD memoryAddress, DWORD dllImageBase, DWORD systemBreakpointContinue, DWORD dllInitAddress, BYTE * result); 43 | #else 44 | int GetInjectStubSize(); 45 | void PrepareInjectStub(DWORD_PTR memoryAddress, DWORD_PTR dllImageBase, DWORD_PTR systemBreakpointContinue, DWORD_PTR dllInitAddress, BYTE * result); 46 | #endif 47 | -------------------------------------------------------------------------------- /course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/MyTestAntiDebuger.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/MyTestAntiDebuger.cpp -------------------------------------------------------------------------------- /course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/MyTestAntiDebuger.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 头文件 20 | 21 | 22 | 头文件 23 | 24 | 25 | 头文件 26 | 27 | 28 | 29 | 30 | 源文件 31 | 32 | 33 | 源文件 34 | 35 | 36 | 源文件 37 | 38 | 39 | -------------------------------------------------------------------------------- /course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/stdafx.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/stdafx.cpp -------------------------------------------------------------------------------- /course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/stdafx.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/stdafx.h -------------------------------------------------------------------------------- /course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/targetver.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/ScyllaHide/MyScyllaHide/MyTestAntiDebuger/targetver.h -------------------------------------------------------------------------------- /course/WinDriver/HelloWorld/HelloWorld.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.28307.572 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HelloWorld", "HelloWorld\HelloWorld.vcxproj", "{00800425-FD39-46C9-8950-8ACC78A4DE26}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|ARM = Debug|ARM 11 | Debug|ARM64 = Debug|ARM64 12 | Debug|x64 = Debug|x64 13 | Debug|x86 = Debug|x86 14 | Release|ARM = Release|ARM 15 | Release|ARM64 = Release|ARM64 16 | Release|x64 = Release|x64 17 | Release|x86 = Release|x86 18 | EndGlobalSection 19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 20 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Debug|ARM.ActiveCfg = Debug|ARM 21 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Debug|ARM.Build.0 = Debug|ARM 22 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Debug|ARM.Deploy.0 = Debug|ARM 23 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Debug|ARM64.ActiveCfg = Debug|ARM64 24 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Debug|ARM64.Build.0 = Debug|ARM64 25 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Debug|ARM64.Deploy.0 = Debug|ARM64 26 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Debug|x64.ActiveCfg = Debug|x64 27 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Debug|x64.Build.0 = Debug|x64 28 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Debug|x64.Deploy.0 = Debug|x64 29 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Debug|x86.ActiveCfg = Debug|Win32 30 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Debug|x86.Build.0 = Debug|Win32 31 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Debug|x86.Deploy.0 = Debug|Win32 32 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Release|ARM.ActiveCfg = Release|ARM 33 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Release|ARM.Build.0 = Release|ARM 34 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Release|ARM.Deploy.0 = Release|ARM 35 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Release|ARM64.ActiveCfg = Release|ARM64 36 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Release|ARM64.Build.0 = Release|ARM64 37 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Release|ARM64.Deploy.0 = Release|ARM64 38 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Release|x64.ActiveCfg = Release|x64 39 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Release|x64.Build.0 = Release|x64 40 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Release|x64.Deploy.0 = Release|x64 41 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Release|x86.ActiveCfg = Release|Win32 42 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Release|x86.Build.0 = Release|Win32 43 | {00800425-FD39-46C9-8950-8ACC78A4DE26}.Release|x86.Deploy.0 = Release|Win32 44 | EndGlobalSection 45 | GlobalSection(SolutionProperties) = preSolution 46 | HideSolutionNode = FALSE 47 | EndGlobalSection 48 | GlobalSection(ExtensibilityGlobals) = postSolution 49 | SolutionGuid = {1D46AEE7-2413-457A-84D8-271E3A9E359F} 50 | EndGlobalSection 51 | EndGlobal 52 | -------------------------------------------------------------------------------- /course/WinDriver/HelloWorld/HelloWorld/HelloWorld.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {8E41214B-6785-4CFE-B992-037D68949A14} 18 | inf;inv;inx;mof;mc; 19 | 20 | 21 | 22 | 23 | Source Files 24 | 25 | 26 | -------------------------------------------------------------------------------- /course/WinDriver/HelloWorld/HelloWorld/main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/WinDriver/HelloWorld/HelloWorld/main.c -------------------------------------------------------------------------------- /course/WinDriver/tools/tools-MFC/Resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ 生成的包含文件。 3 | // 供 toolsMFC.rc 使用 4 | // 5 | #define IDM_ABOUTBOX 0x0010 6 | #define IDD_ABOUTBOX 100 7 | #define IDS_ABOUTBOX 101 8 | #define IDD_TOOLSMFC_DIALOG 102 9 | #define IDR_MAINFRAME 128 10 | #define IDC_EDIT_LENGTH 1000 11 | #define IDC_EDIT_ADDRESS 1001 12 | #define IDC_COMBO_PROCESS 1002 13 | #define IDC_EDIT_MEM_DATA 1003 14 | #define IDC_BUTTON_READ 1004 15 | #define IDC_COMBO1 1005 16 | #define IDC_COMBO_READ_TYPE 1005 17 | 18 | // Next default values for new objects 19 | // 20 | #ifdef APSTUDIO_INVOKED 21 | #ifndef APSTUDIO_READONLY_SYMBOLS 22 | #define _APS_NEXT_RESOURCE_VALUE 130 23 | #define _APS_NEXT_COMMAND_VALUE 32771 24 | #define _APS_NEXT_CONTROL_VALUE 1006 25 | #define _APS_NEXT_SYMED_VALUE 101 26 | #endif 27 | #endif 28 | -------------------------------------------------------------------------------- /course/WinDriver/tools/tools-MFC/res/tools-MFC.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/WinDriver/tools/tools-MFC/res/tools-MFC.ico -------------------------------------------------------------------------------- /course/WinDriver/tools/tools-MFC/res/toolsMFC.rc2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/WinDriver/tools/tools-MFC/res/toolsMFC.rc2 -------------------------------------------------------------------------------- /course/WinDriver/tools/tools-MFC/stdafx.cpp: -------------------------------------------------------------------------------- 1 |  2 | // stdafx.cpp : 只包括标准包含文件的源文件 3 | // tools-MFC.pch 将作为预编译标头 4 | // stdafx.obj 将包含预编译类型信息 5 | 6 | #include "stdafx.h" 7 | 8 | 9 | -------------------------------------------------------------------------------- /course/WinDriver/tools/tools-MFC/stdafx.h: -------------------------------------------------------------------------------- 1 |  2 | // stdafx.h : 标准系统包含文件的包含文件, 3 | // 或是经常使用但不常更改的 4 | // 特定于项目的包含文件 5 | 6 | #pragma once 7 | 8 | #ifndef VC_EXTRALEAN 9 | #define VC_EXTRALEAN // 从 Windows 头中排除极少使用的资料 10 | #endif 11 | 12 | #include "targetver.h" 13 | 14 | #define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS // 某些 CString 构造函数将是显式的 15 | 16 | // 关闭 MFC 对某些常见但经常可放心忽略的警告消息的隐藏 17 | #define _AFX_ALL_WARNINGS 18 | 19 | #include // MFC 核心组件和标准组件 20 | #include // MFC 扩展 21 | 22 | 23 | #include // MFC 自动化类 24 | 25 | 26 | 27 | #ifndef _AFX_NO_OLE_SUPPORT 28 | #include // MFC 对 Internet Explorer 4 公共控件的支持 29 | #endif 30 | #ifndef _AFX_NO_AFXCMN_SUPPORT 31 | #include // MFC 对 Windows 公共控件的支持 32 | #endif // _AFX_NO_AFXCMN_SUPPORT 33 | 34 | #include // 功能区和控件条的 MFC 支持 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | #ifdef _UNICODE 45 | #if defined _M_IX86 46 | #pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\"") 47 | #elif defined _M_X64 48 | #pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='amd64' publicKeyToken='6595b64144ccf1df' language='*'\"") 49 | #else 50 | #pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"") 51 | #endif 52 | #endif 53 | 54 | 55 | -------------------------------------------------------------------------------- /course/WinDriver/tools/tools-MFC/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // 包括 SDKDDKVer.h 将定义可用的最高版本的 Windows 平台。 4 | 5 | // 如果要为以前的 Windows 平台生成应用程序,请包括 WinSDKVer.h,并将 6 | // 将 _WIN32_WINNT 宏设置为要支持的平台,然后再包括 SDKDDKVer.h。 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /course/WinDriver/tools/tools-MFC/tools-MFC.cpp: -------------------------------------------------------------------------------- 1 |  2 | // tools-MFC.cpp: 定义应用程序的类行为。 3 | // 4 | 5 | #include "stdafx.h" 6 | #include "tools-MFC.h" 7 | #include "tools-MFCDlg.h" 8 | 9 | #ifdef _DEBUG 10 | #define new DEBUG_NEW 11 | #endif 12 | 13 | 14 | // CtoolsMFCApp 15 | 16 | BEGIN_MESSAGE_MAP(CtoolsMFCApp, CWinApp) 17 | ON_COMMAND(ID_HELP, &CWinApp::OnHelp) 18 | END_MESSAGE_MAP() 19 | 20 | 21 | // CtoolsMFCApp 构造 22 | 23 | CtoolsMFCApp::CtoolsMFCApp() 24 | { 25 | // 支持重新启动管理器 26 | m_dwRestartManagerSupportFlags = AFX_RESTART_MANAGER_SUPPORT_RESTART; 27 | 28 | // TODO: 在此处添加构造代码, 29 | // 将所有重要的初始化放置在 InitInstance 中 30 | } 31 | 32 | 33 | // 唯一的 CtoolsMFCApp 对象 34 | 35 | CtoolsMFCApp theApp; 36 | 37 | 38 | // CtoolsMFCApp 初始化 39 | 40 | BOOL CtoolsMFCApp::InitInstance() 41 | { 42 | // 如果一个运行在 Windows XP 上的应用程序清单指定要 43 | // 使用 ComCtl32.dll 版本 6 或更高版本来启用可视化方式, 44 | //则需要 InitCommonControlsEx()。 否则,将无法创建窗口。 45 | INITCOMMONCONTROLSEX InitCtrls; 46 | InitCtrls.dwSize = sizeof(InitCtrls); 47 | // 将它设置为包括所有要在应用程序中使用的 48 | // 公共控件类。 49 | InitCtrls.dwICC = ICC_WIN95_CLASSES; 50 | InitCommonControlsEx(&InitCtrls); 51 | 52 | CWinApp::InitInstance(); 53 | 54 | 55 | AfxEnableControlContainer(); 56 | 57 | // 创建 shell 管理器,以防对话框包含 58 | // 任何 shell 树视图控件或 shell 列表视图控件。 59 | CShellManager *pShellManager = new CShellManager; 60 | 61 | // 激活“Windows Native”视觉管理器,以便在 MFC 控件中启用主题 62 | CMFCVisualManager::SetDefaultManager(RUNTIME_CLASS(CMFCVisualManagerWindows)); 63 | 64 | // 标准初始化 65 | // 如果未使用这些功能并希望减小 66 | // 最终可执行文件的大小,则应移除下列 67 | // 不需要的特定初始化例程 68 | // 更改用于存储设置的注册表项 69 | // TODO: 应适当修改该字符串, 70 | // 例如修改为公司或组织名 71 | SetRegistryKey(_T("应用程序向导生成的本地应用程序")); 72 | 73 | CtoolsMFCDlg dlg; 74 | m_pMainWnd = &dlg; 75 | INT_PTR nResponse = dlg.DoModal(); 76 | if (nResponse == IDOK) 77 | { 78 | // TODO: 在此放置处理何时用 79 | // “确定”来关闭对话框的代码 80 | } 81 | else if (nResponse == IDCANCEL) 82 | { 83 | // TODO: 在此放置处理何时用 84 | // “取消”来关闭对话框的代码 85 | } 86 | else if (nResponse == -1) 87 | { 88 | TRACE(traceAppMsg, 0, "警告: 对话框创建失败,应用程序将意外终止。\n"); 89 | TRACE(traceAppMsg, 0, "警告: 如果您在对话框上使用 MFC 控件,则无法 #define _AFX_NO_MFC_CONTROLS_IN_DIALOGS。\n"); 90 | } 91 | 92 | // 删除上面创建的 shell 管理器。 93 | if (pShellManager != nullptr) 94 | { 95 | delete pShellManager; 96 | } 97 | 98 | #if !defined(_AFXDLL) && !defined(_AFX_NO_MFC_CONTROLS_IN_DIALOGS) 99 | ControlBarCleanUp(); 100 | #endif 101 | 102 | // 由于对话框已关闭,所以将返回 FALSE 以便退出应用程序, 103 | // 而不是启动应用程序的消息泵。 104 | return FALSE; 105 | } 106 | 107 | -------------------------------------------------------------------------------- /course/WinDriver/tools/tools-MFC/tools-MFC.h: -------------------------------------------------------------------------------- 1 |  2 | // tools-MFC.h: PROJECT_NAME 应用程序的主头文件 3 | // 4 | 5 | #pragma once 6 | 7 | #ifndef __AFXWIN_H__ 8 | #error "在包含此文件之前包含“stdafx.h”以生成 PCH 文件" 9 | #endif 10 | 11 | #include "resource.h" // 主符号 12 | 13 | 14 | // CtoolsMFCApp: 15 | // 有关此类的实现,请参阅 tools-MFC.cpp 16 | // 17 | 18 | class CtoolsMFCApp : public CWinApp 19 | { 20 | public: 21 | CtoolsMFCApp(); 22 | 23 | // 重写 24 | public: 25 | virtual BOOL InitInstance(); 26 | 27 | // 实现 28 | 29 | DECLARE_MESSAGE_MAP() 30 | }; 31 | 32 | extern CtoolsMFCApp theApp; 33 | -------------------------------------------------------------------------------- /course/WinDriver/tools/tools-MFC/tools-MFC.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 头文件 20 | 21 | 22 | 头文件 23 | 24 | 25 | 头文件 26 | 27 | 28 | 头文件 29 | 30 | 31 | 头文件 32 | 33 | 34 | 35 | 36 | 源文件 37 | 38 | 39 | 源文件 40 | 41 | 42 | 源文件 43 | 44 | 45 | 46 | 47 | 资源文件 48 | 49 | 50 | 51 | 52 | 资源文件 53 | 54 | 55 | 56 | 57 | 资源文件 58 | 59 | 60 | -------------------------------------------------------------------------------- /course/WinDriver/tools/tools-MFC/tools-MFCDlg.h: -------------------------------------------------------------------------------- 1 |  2 | // tools-MFCDlg.h: 头文件 3 | // 4 | 5 | #pragma once 6 | 7 | 8 | // CtoolsMFCDlg 对话框 9 | class CtoolsMFCDlg : public CDialogEx 10 | { 11 | // 构造 12 | public: 13 | CtoolsMFCDlg(CWnd* pParent = nullptr); // 标准构造函数 14 | 15 | // 对话框数据 16 | #ifdef AFX_DESIGN_TIME 17 | enum { IDD = IDD_TOOLSMFC_DIALOG }; 18 | #endif 19 | 20 | protected: 21 | virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持 22 | 23 | 24 | // 实现 25 | protected: 26 | HICON m_hIcon; 27 | 28 | // 生成的消息映射函数 29 | virtual BOOL OnInitDialog(); 30 | afx_msg void OnSysCommand(UINT nID, LPARAM lParam); 31 | afx_msg void OnPaint(); 32 | afx_msg HCURSOR OnQueryDragIcon(); 33 | DECLARE_MESSAGE_MAP() 34 | public: 35 | CString m_mem_data; 36 | DWORD m_mem_length; 37 | CEdit m_mem_address; 38 | CComboBox m_combo_process; 39 | afx_msg void OnBnClickedButtonRead(); 40 | afx_msg void OnCbnDropdownComboProcess(); 41 | afx_msg void OnCbnSelchangeComboProcess(); 42 | CComboBox m_combo_read_type; 43 | }; 44 | -------------------------------------------------------------------------------- /course/WinDriver/tools/tools-MFC/toolsMFC.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninecents/MyOpen/7a3c7ba80fd0d89fd613e36ceaf21d1bdf8e67a6/course/WinDriver/tools/tools-MFC/toolsMFC.rc -------------------------------------------------------------------------------- /course/WinDriver/tools/tools.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.28307.572 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "tools", "tools\tools.vcxproj", "{C91E38C9-5F8D-40DB-82BD-BF55DCD695C6}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "tools-MFC", "tools-MFC\tools-MFC.vcxproj", "{9619B046-5A11-47B5-9C2F-9437D6191CB9}" 9 | EndProject 10 | Global 11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 12 | Debug|x64 = Debug|x64 13 | Debug|x86 = Debug|x86 14 | Release|x64 = Release|x64 15 | Release|x86 = Release|x86 16 | EndGlobalSection 17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 18 | {C91E38C9-5F8D-40DB-82BD-BF55DCD695C6}.Debug|x64.ActiveCfg = Debug|x64 19 | {C91E38C9-5F8D-40DB-82BD-BF55DCD695C6}.Debug|x64.Build.0 = Debug|x64 20 | {C91E38C9-5F8D-40DB-82BD-BF55DCD695C6}.Debug|x86.ActiveCfg = Debug|Win32 21 | {C91E38C9-5F8D-40DB-82BD-BF55DCD695C6}.Debug|x86.Build.0 = Debug|Win32 22 | {C91E38C9-5F8D-40DB-82BD-BF55DCD695C6}.Release|x64.ActiveCfg = Release|x64 23 | {C91E38C9-5F8D-40DB-82BD-BF55DCD695C6}.Release|x64.Build.0 = Release|x64 24 | {C91E38C9-5F8D-40DB-82BD-BF55DCD695C6}.Release|x86.ActiveCfg = Release|Win32 25 | {C91E38C9-5F8D-40DB-82BD-BF55DCD695C6}.Release|x86.Build.0 = Release|Win32 26 | {9619B046-5A11-47B5-9C2F-9437D6191CB9}.Debug|x64.ActiveCfg = Debug|x64 27 | {9619B046-5A11-47B5-9C2F-9437D6191CB9}.Debug|x64.Build.0 = Debug|x64 28 | {9619B046-5A11-47B5-9C2F-9437D6191CB9}.Debug|x86.ActiveCfg = Debug|Win32 29 | {9619B046-5A11-47B5-9C2F-9437D6191CB9}.Debug|x86.Build.0 = Debug|Win32 30 | {9619B046-5A11-47B5-9C2F-9437D6191CB9}.Release|x64.ActiveCfg = Release|x64 31 | {9619B046-5A11-47B5-9C2F-9437D6191CB9}.Release|x64.Build.0 = Release|x64 32 | {9619B046-5A11-47B5-9C2F-9437D6191CB9}.Release|x86.ActiveCfg = Release|Win32 33 | {9619B046-5A11-47B5-9C2F-9437D6191CB9}.Release|x86.Build.0 = Release|Win32 34 | EndGlobalSection 35 | GlobalSection(SolutionProperties) = preSolution 36 | HideSolutionNode = FALSE 37 | EndGlobalSection 38 | GlobalSection(ExtensibilityGlobals) = postSolution 39 | SolutionGuid = {1DB2713B-B158-4BA9-BA3C-6130E83D4402} 40 | EndGlobalSection 41 | EndGlobal 42 | -------------------------------------------------------------------------------- /course/WinDriver/tools/tools/dllmain.cpp: -------------------------------------------------------------------------------- 1 | // dllmain.cpp : 定义 DLL 应用程序的入口点。 2 | #include "stdafx.h" 3 | 4 | BOOL APIENTRY DllMain( HMODULE hModule, 5 | DWORD ul_reason_for_call, 6 | LPVOID lpReserved 7 | ) 8 | { 9 | switch (ul_reason_for_call) 10 | { 11 | case DLL_PROCESS_ATTACH: 12 | case DLL_THREAD_ATTACH: 13 | case DLL_THREAD_DETACH: 14 | case DLL_PROCESS_DETACH: 15 | break; 16 | } 17 | return TRUE; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /course/WinDriver/tools/tools/stdafx.cpp: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | -------------------------------------------------------------------------------- /course/WinDriver/tools/tools/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h: 标准系统包含文件的包含文件, 2 | // 或是经常使用但不常更改的 3 | // 项目特定的包含文件 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #define WIN32_LEAN_AND_MEAN // 从 Windows 头文件中排除极少使用的内容 11 | // Windows 头文件 12 | #include 13 | 14 | 15 | 16 | // 在此处引用程序需要的其他标头 17 | -------------------------------------------------------------------------------- /course/WinDriver/tools/tools/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // 包括 SDKDDKVer.h 将定义可用的最高版本的 Windows 平台。 4 | 5 | // 如果要为以前的 Windows 平台生成应用程序,请包括 WinSDKVer.h,并 6 | // 将 _WIN32_WINNT 宏设置为要支持的平台,然后再包括 SDKDDKVer.h。 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /course/WinDriver/tools/tools/tools.cpp: -------------------------------------------------------------------------------- 1 | // tools.cpp : 定义 DLL 应用程序的导出函数。 2 | // 3 | 4 | #include "stdafx.h" 5 | 6 | 7 | -------------------------------------------------------------------------------- /course/WinDriver/tools/tools/tools.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 头文件 20 | 21 | 22 | 头文件 23 | 24 | 25 | 26 | 27 | 源文件 28 | 29 | 30 | 源文件 31 | 32 | 33 | 源文件 34 | 35 | 36 | -------------------------------------------------------------------------------- /course/frida/02_Hook基础/02_Hook基础.md: -------------------------------------------------------------------------------- 1 | 2 | ## 大纲 3 | 4 | [TOC] 5 | 6 | 7 | 8 | 9 | 10 | ## Hook打印参数、堆栈 11 | 12 | ``` 13 | D:\Python\Python371\python.exe frida注入测试.py 14 | ```` 15 | 16 | ## 修改参数、返回值 17 | 18 | 19 | ## Hook重载函数 20 | 21 | 22 | 23 | ## Hook静态函数 24 | 25 | 26 | 27 | 28 | ## 参考资料 29 | 30 | - http://frida.re/ 31 | - https://www.freebuf.com/articles/network/190565.html -------------------------------------------------------------------------------- /course/frida/02_Hook基础/frida注入测试.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | # @Time : 2020-9-27 10:02:11 4 | # @Author : khz_ls 5 | # @Site : 6 | # @File : __init__.py.py 7 | # @Software: ce9nt 8 | import os 9 | 10 | 11 | def message(message, data): 12 | if message["type"] == 'send': 13 | print(u"[***] {0}".format(message['payload'])) 14 | else: 15 | print(message) 16 | 17 | 18 | def main(): 19 | import frida 20 | import sys 21 | jsCode = "" 22 | with open("frida注入测试.js", "r", encoding='utf-8') as f: 23 | jsCode = f.read() 24 | 25 | host = '4b0e004e' 26 | app_package_name = 'com.ninecents' 27 | manager = frida.get_device_manager() 28 | device = manager.get_device(host) 29 | process = device.attach(app_package_name) 30 | 31 | script = process.create_script(jsCode) 32 | script.on("message", message) 33 | script.load() 34 | sys.stdin.read() 35 | 36 | 37 | if __name__ == "__main__": 38 | print("------------------ Enter __main__ ------------------") 39 | 40 | print(u"[Current work directory is : ]\t" + os.getcwd()) 41 | print(u"[Current process ID is : ]\t" + str(os.getpid())) 42 | print("\n") 43 | main() 44 | 45 | print("------------------ Leave __main__ ------------------") 46 | -------------------------------------------------------------------------------- /course/frida/MyFridaExample/.gitignore: -------------------------------------------------------------------------------- 1 | *.iml 2 | .gradle 3 | /local.properties 4 | /.idea/caches 5 | /.idea/libraries 6 | /.idea/modules.xml 7 | /.idea/workspace.xml 8 | /.idea/navEditor.xml 9 | /.idea/assetWizardSettings.xml 10 | .DS_Store 11 | /build 12 | /captures 13 | .externalNativeBuild 14 | .cxx 15 | -------------------------------------------------------------------------------- /course/frida/MyFridaExample/.idea/gradle.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 19 | 20 | -------------------------------------------------------------------------------- /course/frida/MyFridaExample/.idea/jarRepositories.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 9 | 10 | 14 | 15 | 19 | 20 | 24 | 25 | -------------------------------------------------------------------------------- /course/frida/MyFridaExample/.idea/misc.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 9 | -------------------------------------------------------------------------------- /course/frida/MyFridaExample/.idea/runConfigurations.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 11 | 12 | -------------------------------------------------------------------------------- /course/frida/MyFridaExample/.idea/vcs.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /course/frida/MyFridaExample/app/.gitignore: -------------------------------------------------------------------------------- 1 | /build -------------------------------------------------------------------------------- /course/frida/MyFridaExample/app/build.gradle: -------------------------------------------------------------------------------- 1 | apply plugin: 'com.android.application' 2 | 3 | android { 4 | compileSdkVersion 30 5 | buildToolsVersion "30.0.2" 6 | 7 | defaultConfig { 8 | applicationId "com.ninecents" 9 | minSdkVersion 14 10 | targetSdkVersion 30 11 | versionCode 1 12 | versionName "1.0" 13 | 14 | testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner" 15 | } 16 | 17 | buildTypes { 18 | release { 19 | minifyEnabled false 20 | proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' 21 | } 22 | } 23 | } 24 | 25 | dependencies { 26 | implementation fileTree(dir: "libs", include: ["*.jar"]) 27 | implementation 'androidx.appcompat:appcompat:1.2.0' 28 | implementation 'androidx.constraintlayout:constraintlayout:2.0.1' 29 | testImplementation 'junit:junit:4.12' 30 | androidTestImplementation 'androidx.test.ext:junit:1.1.2' 31 | androidTestImplementation 'androidx.test.espresso:espresso-core:3.3.0' 32 | 33 | } -------------------------------------------------------------------------------- /course/frida/MyFridaExample/app/proguard-rules.pro: -------------------------------------------------------------------------------- 1 | # Add project specific ProGuard rules here. 2 | # You can control the set of applied configuration files using the 3 | # proguardFiles setting in build.gradle. 4 | # 5 | # For more details, see 6 | # http://developer.android.com/guide/developing/tools/proguard.html 7 | 8 | # If your project uses WebView with JS, uncomment the following 9 | # and specify the fully qualified class name to the JavaScript interface 10 | # class: 11 | #-keepclassmembers class fqcn.of.javascript.interface.for.webview { 12 | # public *; 13 | #} 14 | 15 | # Uncomment this to preserve the line number information for 16 | # debugging stack traces. 17 | #-keepattributes SourceFile,LineNumberTable 18 | 19 | # If you keep the line number information, uncomment this to 20 | # hide the original source file name. 21 | #-renamesourcefileattribute SourceFile -------------------------------------------------------------------------------- /course/frida/MyFridaExample/app/src/androidTest/java/com/ninecents/ExampleInstrumentedTest.java: -------------------------------------------------------------------------------- 1 | package com.ninecents; 2 | 3 | import android.content.Context; 4 | 5 | import androidx.test.platform.app.InstrumentationRegistry; 6 | import androidx.test.ext.junit.runners.AndroidJUnit4; 7 | 8 | import org.junit.Test; 9 | import org.junit.runner.RunWith; 10 | 11 | import static org.junit.Assert.*; 12 | 13 | /** 14 | * Instrumented test, which will execute on an Android device. 15 | * 16 | * @see Testing documentation 17 | */ 18 | @RunWith(AndroidJUnit4.class) 19 | public class ExampleInstrumentedTest { 20 | @Test 21 | public void useAppContext() { 22 | // Context of the app under test. 23 | Context appContext = InstrumentationRegistry.getInstrumentation().getTargetContext(); 24 | assertEquals("com.ninecents", appContext.getPackageName()); 25 | } 26 | } -------------------------------------------------------------------------------- /course/frida/MyFridaExample/app/src/main/AndroidManifest.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 5 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /course/frida/MyFridaExample/app/src/main/java/com/ninecents/MainActivity.java: -------------------------------------------------------------------------------- 1 | package com.ninecents; 2 | 3 | import androidx.appcompat.app.AppCompatActivity; 4 | 5 | import android.graphics.Color; 6 | import android.os.Bundle; 7 | import android.view.View; 8 | import android.widget.Button; 9 | import android.widget.Toast; 10 | 11 | public class MainActivity extends AppCompatActivity implements View.OnClickListener { 12 | Button button_member_method; 13 | Button button_static_method; 14 | Button button_overload_method; 15 | static MainActivity _this; 16 | 17 | @Override 18 | protected void onCreate(Bundle savedInstanceState) { 19 | super.onCreate(savedInstanceState); 20 | setContentView(R.layout.activity_main); 21 | 22 | // 绑定事件 23 | button_member_method = (Button) findViewById(R.id.button_member_method); 24 | button_member_method.setOnClickListener(this); 25 | button_static_method = (Button) findViewById(R.id.button_static_method); 26 | button_static_method.setOnClickListener(this); 27 | button_overload_method = (Button) findViewById(R.id.button_overload_method); 28 | button_overload_method.setOnClickListener(this); 29 | _this = this; 30 | } 31 | 32 | private int _member_method(String text) { 33 | Toast.makeText(getApplicationContext(),text,Toast.LENGTH_SHORT).show(); 34 | 35 | // 返回值为0:展示红色,否则展示蓝色 36 | return 0; 37 | } 38 | 39 | private static void _static_method() { 40 | Toast.makeText(MainActivity._this,"button_static_method",Toast.LENGTH_SHORT).show(); 41 | } 42 | 43 | private void _overload_method(String text) { 44 | Toast.makeText(getApplicationContext(),text,Toast.LENGTH_SHORT).show(); 45 | } 46 | 47 | private void _overload_method(int val) { 48 | String text; 49 | if (val == 1) { 50 | text = "111111111"; 51 | } else { 52 | text = "222222222"; 53 | } 54 | Toast.makeText(getApplicationContext(),text,Toast.LENGTH_SHORT).show(); 55 | } 56 | 57 | @Override 58 | public void onClick(View view) { 59 | switch (view.getId()) { 60 | case R.id.button_member_method: 61 | int ret = _member_method("这是button_member_method"); 62 | if (ret == 0) { 63 | button_member_method.setBackgroundColor(Color.parseColor("#FF0000")); 64 | } else { 65 | button_member_method.setBackgroundColor(Color.parseColor("#0000FF")); 66 | } 67 | break; 68 | case R.id.button_static_method: 69 | MainActivity._static_method(); 70 | break; 71 | case R.id.button_overload_method: 72 | _overload_method(1); 73 | break; 74 | } 75 | } 76 | } -------------------------------------------------------------------------------- /course/frida/MyFridaExample/app/src/main/res/drawable-v24/ic_launcher_foreground.xml: -------------------------------------------------------------------------------- 1 | 7 | 8 | 9 | 15 | 18 | 21 | 22 | 23 | 24 | 30 | -------------------------------------------------------------------------------- /course/frida/MyFridaExample/app/src/main/res/layout/activity_main.xml: -------------------------------------------------------------------------------- 1 | 2 | 8 | 9 | 16 | 17 |