🔬这里是怪物实验室,小心怪物出没!

创建X509证书
openssl genrsa -out key.pem 2048 openssl rsa -in key.pem -pubout -out key.pub openssl req -x509 -new -days 365 -key key.pem -out cert.crt

read more

⚠️服务器重地,闲人免入!

升级到macOS Catalina后需要做的事情

macOS Catalina将不再使用bashrc改用zshrc,所以需要修改下命令行前面提示部分,让它变得精简一些:

sudo vi /etc/zshrc # 替换以下指令 #PS1="%n@%m %1~ %# " PS1="%m@%1~ # "

安装命令行工具:

xcode-select --install

read more

☢️病毒来袭,开启怪物HIPS系统……完成

WIN32汇编实现DLL注入工具
Injection-DLL

DLL注入工具是信息安全相关领域的常用工具,在Windows系统下将动态库注入到一个正在运行的进程中,这样DLL就属于该进程所以可以调用该进程的函数以及获取进程中的数据。大多数游戏内存外挂就会使用DLL注入技术去读取游戏数据和控制游戏人物的行为。这工具是早期学习WIN32汇编时写的。

Download

链接:https://pan.baidu.com/s/1LpRYvGgnf7R4sk-I93CD9g

密码:n3k6

相关代码️️️

Into.asm

;************************************************* ; https://bbs.guaik.org ;************************************************* .386 .model flat,stdcall option casemap:none ;************************************************* include windows.inc include user32.inc includelib user32.lib include kernel32.inc includelib kernel32.lib include advapi32.inc includelib advapi32.lib include comdlg32.inc includelib comdlg32.lib include shell32.inc includelib shell32.lib include into.inc ;************************************************* .data? hInstance dd ? hWinMain dd ? lpLoadLibrary dd ? lpFreeLibrary dd ? hProcess dd ? lpDllName dd ? szDllName db MAX_PATH dup (?) .const szText db '[GuaikBBS]:https://bbs.guaik.org',0 szCaption db '[GhostHand]Message',0 szSetDebug db 'SeDebugPrivilege',0 szATPErr db '[AdjustTokenPrivileges]:Error!!',0 szLPVErr db '[LookupPrivilegeValue]:Error!',0 szOPTErr db '[OpenProcessToken]:Error!',0 szFilter db 'Dll Files(*.dll)',0,'*.dll',0,0 szOpenCaption db 'Select a dll',0 szOD db '[_OpenDll]:请选择Dll文件!',0 szDllKernel db 'Kernel32.dll',0 szLoadLibrary db 'LoadLibraryA',0 szFreeLibrary db 'FreeLibraryAndExitThread',0 szCRTErr db '[CreateRemoteThread]:Error!',0 szVAEErr db '[VirtualAllocEx]:Error!',0 szOPErr db '[OpenProcess]:Error!',0 szCRTOk db '[CreateRemoteThread]:Success!',0 szEmail db 'mailto:luting.gu@gmail.com',0 szNtDll db 'ntdll.dll',0 szNtQueryInformationThread db 'NtQueryInformationThread',0 .code _SetWinPos proc _hWnd LOCAL x_screen:dword LOCAL y_screen:dword LOCAL rtWinMain:RECT invoke GetSystemMetrics,SM_CXSCREEN mov edx,0 mov cx,2 div cx ;商在ax中,余数在dx中 mov x_screen,eax invoke GetSystemMetrics,SM_CYSCREEN mov edx,0 mov cx,2 div cx mov y_screen,eax invoke GetWindowRect,_hWnd,addr rtWinMain mov edx,0 mov eax,rtWinMain.right mov cx,2 div cx mov edx,x_screen sub edx,eax mov x_screen,edx mov edx,0 mov eax,rtWinMain.bottom mov cx,2 div cx mov edx,y_screen sub edx,eax mov y_screen,edx invoke SetWindowPos,_hWnd,NULL,x_screen,y_screen,NULL,NULL,SWP_NOSIZE ret _SetWinPos endp _EnableDebug proc LOCAL hToken:dword LOCAL tkp:TOKEN_PRIVILEGES LOCAL @luid:LUID invoke GetCurrentProcess lea ebx,hToken invoke OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,ebx .if eax invoke LookupPrivilegeValue,NULL,offset szSetDebug,addr tkp.Privileges.Luid .if eax mov tkp.PrivilegeCount,1 mov tkp.Privileges.Attributes,SE_PRIVILEGE_ENABLED invoke AdjustTokenPrivileges,hToken, FALSE,addr tkp,sizeof tkp,NULL,NULL .if !eax invoke CloseHandle,hToken invoke MessageBox,hWinMain,offset szATPErr,offset szCaption,MB_OK .endif .else invoke CloseHandle,hToken invoke MessageBox,hWinMain,offset szLPVErr,offset szCaption,MB_OK .endif .else invoke MessageBox,hWinMain,offset szOPTErr,offset szCaption,MB_OK .endif ret _EnableDebug endp _OpenDll proc LOCAL @stOF:OPENFILENAME invoke RtlZeroMemory,addr @stOF,sizeof @stOF mov @stOF.lStructSize,sizeof @stOF push hWinMain pop @stOF.hwndOwner mov @stOF.lpstrFilter,offset szFilter mov @stOF.lpstrFile,offset szDllName mov @stOF.nMaxFile,MAX_PATH mov @stOF.Flags,OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST mov @stOF.lpstrTitle,offset szOpenCaption invoke GetOpenFileName,addr @stOF .if eax invoke SetDlgItemText,hWinMain,IDC_DLLPATH,offset szDllName .endif ret _OpenDll endp _GetProcessList proc _hWnd LOCAL @stProcess:PROCESSENTRY32 LOCAL @hSnapShot invoke RtlZeroMemory,addr @stProcess,sizeof @stProcess invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_RESETCONTENT,0,0 mov @stProcess.dwSize,sizeof @stProcess invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0 mov @hSnapShot,eax invoke Process32First,@hSnapShot,addr @stProcess .while eax invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_ADDSTRING,0,addr @stProcess.szExeFile invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_SETITEMDATA,eax,@stProcess.th32ProcessID invoke Process32Next,@hSnapShot,addr @stProcess .endw invoke CloseHandle,@hSnapShot ret _GetProcessList endp _GetModelList proc _dwProcessId,_hWnd,_hModule LOCAL @stModule:MODULEENTRY32 LOCAL @hSnapShot LOCAL @ModuleSize mov @ModuleSize,0 invoke RtlZeroMemory,addr @stModule,sizeof @stModule invoke SendDlgItemMessage,_hWnd,IDC_MODELLIST,LB_RESETCONTENT,0,0 mov @stModule.dwSize,sizeof @stModule invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,_dwProcessId ;枚举进程模块 mov @hSnapShot,eax invoke Module32First,@hSnapShot,addr @stModule .while eax mov eax,_hModule .if eax == @stModule.modBaseAddr push @stModule.modBaseSize pop @ModuleSize .endif invoke SendDlgItemMessage,_hWnd,IDC_MODELLIST,LB_ADDSTRING,0,addr @stModule.szModule invoke SendDlgItemMessage,_hWnd,IDC_MODELLIST,LB_SETITEMDATA,eax,@stModule.modBaseAddr invoke Module32Next,@hSnapShot,addr @stModule .endw invoke CloseHandle,@hSnapShot mov eax,@ModuleSize ret _GetModelList endp _KillThread proc _ProcessId,_lpModelBase,dwModelSize LOCAL @stThread:THREADENTRY32 LOCAL @hSnapShot LOCAL @hThread LOCAL @NtQueryInformationThread LOCAL @ThreadBase invoke GetModuleHandle,offset szNtDll invoke GetProcAddress,eax,offset szNtQueryInformationThread mov @NtQueryInformationThread,eax invoke RtlZeroMemory,addr @stThread,sizeof @stThread mov @stThread.dwSize,sizeof @stThread invoke CreateToolhelp32Snapshot,TH32CS_SNAPTHREAD,_ProcessId mov @hSnapShot,eax invoke Thread32First,@hSnapShot,addr @stThread .while eax invoke OpenThread,THREAD_ALL_ACCESS,FALSE,@stThread.th32ThreadID mov @hThread,eax lea edx,@ThreadBase mov ecx,@NtQueryInformationThread push NULL push 4h push edx push 9 push @hThread call ecx mov eax,@ThreadBase sub eax,_lpModelBase .if (eax < dwModelSize) || (eax == dwModelSize) invoke TerminateThread,@hThread,0 .endif invoke CloseHandle,@hThread invoke Thread32Next,@hSnapShot,addr @stThread .endw invoke CloseHandle,@hSnapShot ret _KillThread endp _Into proc dwProcessId,_hWnd LOCAL @hThread invoke GetModuleHandle,offset szDllKernel invoke GetProcAddress,eax,offset szLoadLibrary mov lpLoadLibrary,eax invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_GETCURSEL,0,0 invoke SendDlgItemMessage,_hWnd,IDC_PROCESSLIST,LB_GETITEMDATA,eax,0 invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,eax .if eax mov hProcess,eax invoke lstrlen,offset szDllName inc eax invoke VirtualAllocEx,hProcess,NULL,eax,MEM_COMMIT,PAGE_READWRITE .if eax mov lpDllName,eax ;将DLL路径写入目标进程 invoke lstrlen,offset szDllName inc eax invoke WriteProcessMemory,hProcess,lpDllName,offset szDllName,eax,NULL invoke CreateRemoteThread,hProcess,NULL,0,lpLoadLibrary,lpDllName,0,NULL .if eax mov @hThread,eax invoke WaitForSingleObject,eax,INFINITE;等待线程执行 invoke CloseHandle,@hThread invoke SetDlgItemText,hWinMain,IDC_MSG,offset szCRTOk .else invoke SetDlgItemText,hWinMain,IDC_MSG,offset szCRTErr .endif invoke lstrlen,offset szDllName inc eax invoke VirtualFreeEx,hProcess,lpDllName,eax,MEM_DECOMMIT .else invoke SetDlgItemText,hWinMain,IDC_MSG,offset szVAEErr .endif invoke CloseHandle,hProcess .else invoke SetDlgItemText,hWinMain,IDC_MSG,offset szOPErr .endif ret _Into endp _Out proc _dwProcessId,_Model LOCAL @dwHandle:dword LOCAL @hThread:dword invoke GetModuleHandle,offset szDllKernel invoke GetProcAddress,eax,offset szFreeLibrary mov lpFreeLibrary,eax invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,_dwProcessId ;打开Services.exe的进程 .if eax mov hProcess,eax invoke _GetModelList,_dwProcessId,hWinMain,_Model invoke _KillThread,_dwProcessId,_Model,eax invoke CreateRemoteThread,hProcess,NULL,0,lpFreeLibrary,_Model,0,NULL .if eax mov @hThread,eax invoke WaitForSingleObject,eax,INFINITE invoke CloseHandle,@hThread invoke SetDlgItemText,hWinMain,IDC_MSG,offset szCRTOk .else invoke SetDlgItemText,hWinMain,IDC_MSG,offset szCRTErr .endif invoke CloseHandle,hProcess .else invoke SetDlgItemText,hWinMain,IDC_MSG,offset szOPErr .endif ret _Out endp _MainThread proc uses edi esi hWnd,uMsg,wParam,lParam LOCAL @dwProcessId mov eax,uMsg .if eax == WM_COMMAND mov eax,wParam .if ax == IDC_DLL call _OpenDll .elseif ax ==IDC_PROCESSLIST shr eax,16 .if ax == LBN_SELCHANGE invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETCURSEL,0,0 invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETITEMDATA,eax,0 invoke _GetModelList,eax,hWnd,0 invoke GetDlgItem,hWnd,IDC_OUT invoke EnableWindow,eax,FALSE invoke SendDlgItemMessage,hWnd,IDC_MODELLIST,LB_GETCOUNT,0,0 .if eax == 0 invoke GetDlgItem,hWnd,IDC_IN invoke EnableWindow,eax,FALSE .else invoke GetDlgItem,hWnd,IDC_IN invoke EnableWindow,eax,TRUE .endif .endif .elseif ax ==IDC_MODELLIST shr eax,16 .if ax == LBN_SELCHANGE invoke GetDlgItem,hWnd,IDC_OUT invoke EnableWindow,eax,TRUE .endif .elseif ax == IDC_IN invoke lstrlen,offset szDllName .if eax invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETCURSEL,0,0 invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETITEMDATA,eax,0 mov @dwProcessId,eax invoke _Into,eax,hWnd invoke _GetModelList,@dwProcessId,hWnd,0 .else invoke MessageBox,hWinMain,offset szOD,offset szCaption,MB_OK .endif .elseif ax == IDC_OUT invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETCURSEL,0,0 invoke SendDlgItemMessage,hWnd,IDC_PROCESSLIST,LB_GETITEMDATA,eax,0 mov @dwProcessId,eax invoke SendDlgItemMessage,hWnd,IDC_MODELLIST,LB_GETCURSEL,0,0 invoke SendDlgItemMessage,hWnd,IDC_MODELLIST,LB_GETITEMDATA,eax,0 invoke _Out,@dwProcessId,eax invoke _GetModelList,@dwProcessId,hWnd,0 .elseif ax ==IDC_UPDATE invoke _GetProcessList,hWnd invoke SendDlgItemMessage,hWnd,IDC_MODELLIST,LB_RESETCONTENT,0,0 invoke GetDlgItem,hWnd,IDC_IN invoke EnableWindow,eax,FALSE invoke GetDlgItem,hWnd,IDC_OUT invoke EnableWindow,eax,FALSE .elseif ax == IDC_EMAIL invoke ShellExecute,0,0,offset szEmail,0,0,SW_SHOW .endif .elseif eax == WM_INITDIALOG push hWnd pop hWinMain invoke LoadIcon,hInstance,ICO_MAIN invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax invoke _SetWinPos,hWnd call _EnableDebug invoke _GetProcessList,hWnd invoke GetDlgItem,hWnd,IDC_IN invoke EnableWindow,eax,FALSE invoke GetDlgItem,hWnd,IDC_OUT invoke EnableWindow,eax,FALSE invoke SetDlgItemText,hWinMain,IDC_MSG,offset szText .elseif eax == WM_CLOSE invoke EndDialog,hWnd,-1 .else mov eax,FALSE ret .endif mov eax,TRUE ret _MainThread endp start: invoke GetModuleHandle,NULL mov hInstance,eax invoke DialogBoxParam,eax,IDD_MAIN,NULL,offset _MainThread,-1 invoke ExitProcess,0 end start

into.inc

IDD_MAIN equ 1000 IDC_DLL equ 1004 IDC_IN equ 1005 IDC_OUT equ 1006 IDC_UPDATE equ 1007 IDC_PROCESSLIST equ 1001 IDC_MODELLIST equ 1002 IDC_DLLPATH equ 1003 IDC_MSG equ 1008 IDC_EMAIL equ 1009 ICO_MAIN equ 1000

into.rc

#define ICO_MAIN 1000 #define IDD_MAIN 1000 #define IDC_DLL 1004 #define IDC_IN 1005 #define IDC_OUT 1006 #define IDC_UPDATE 1007 #define IDC_PROCESSLIST 1001 #define IDC_MODELLIST 1002 #define IDC_DLLPATH 1003 #define IDC_MSG 1008 #define IDC_EMAIL 1009 #include "resource.h" ICO_MAIN ICON DISCARDABLE "main.ico" IDD_MAIN DIALOGEX 0,0,327,192 CAPTION "GuaiK-DLL注入器" FONT 8,"MS Sans Serif",0,0,0 STYLE WS_POPUP|WS_VISIBLE|WS_CAPTION|WS_SYSMENU|DS_MODALFRAME BEGIN CONTROL "选择dll",IDC_DLL,"Button",WS_CHILDWINDOW|WS_VISIBLE|WS_TABSTOP,9,156,54,15 CONTROL "注入",IDC_IN,"Button",WS_CHILDWINDOW|WS_VISIBLE|WS_TABSTOP,210,156,54,15 CONTROL "卸载",IDC_OUT,"Button",WS_CHILDWINDOW|WS_VISIBLE|WS_TABSTOP,267,156,54,15 CONTROL "刷新",IDC_UPDATE,"Button",WS_CHILDWINDOW|WS_VISIBLE|WS_TABSTOP,210,174,54,15 CONTROL "",IDC_PROCESSLIST,"ListBox",WS_CHILDWINDOW|WS_VISIBLE|WS_BORDER|WS_VSCROLL|WS_TABSTOP|LBS_STANDARD|LBS_NOINTEGRALHEIGHT|LBS_HASSTRINGS,9,15,141,126,WS_EX_CLIENTEDGE CONTROL "",IDC_MODELLIST,"ListBox",WS_CHILDWINDOW|WS_VISIBLE|WS_BORDER|WS_VSCROLL|WS_TABSTOP|LBS_STANDARD|LBS_NOINTEGRALHEIGHT|LBS_HASSTRINGS,171,15,141,126,WS_EX_CLIENTEDGE CONTROL "",IDC_DLLPATH,"Edit",WS_CHILDWINDOW|WS_VISIBLE|WS_TABSTOP|ES_READONLY|ES_AUTOHSCROLL,69,156,138,15,WS_EX_CLIENTEDGE CONTROL "",IDC_MSG,"Edit",WS_CHILDWINDOW|WS_VISIBLE|WS_TABSTOP|ES_READONLY,69,174,138,15,WS_EX_CLIENTEDGE CONTROL "进程列表",-1,"Button",WS_CHILDWINDOW|WS_VISIBLE|BS_GROUPBOX,3,3,156,144 CONTROL "模块列表",-1,"Button",WS_CHILDWINDOW|WS_VISIBLE|BS_GROUPBOX,165,3,156,144 CONTROL "提示信息:",-1,"Static",WS_CHILDWINDOW|WS_VISIBLE,18,177,42,9 CONTROL "联系作者",IDC_EMAIL,"Button",WS_CHILDWINDOW|WS_VISIBLE|WS_TABSTOP,267,174,54,15 END

read more

🌋创造怪物的神秘区域

GuaiK Amazing
J

read more

⚙️Help!这里有急需处理的故障

QT 和 OPenGL问题,在Qt开发中如果需要定义一个类,类中需要大量的gl命令该怎么写呢。。。。头文件改引入哪个才可以用这些gl命令呢
H

也可以用这个方法

//引入头文件
#include <QOpenGLFunctions_3_3_Core>

//获取版本
QOpenGLFunctions_3_3_Core *core = QOpenGLContext::currentContext()->versionFunctions<QOpenGLFunctions_3_3_Core>();

//使用
core->glCreateShader(GL_VERTEX_SHADER);

read more

📢GuaiK战区,请时刻关注战报!

帖子内支持Bilibili和Youtube视频嵌入
使用方法: Bilibili [bilibili](https://www.bilibili.com/video/av28823167?from=search&seid=6046375130626082665)

Youtube [youtube](https://www.youtube.com/watch?v=dKjCWfuvYxQ)

read more

BBS状态

1
Online

12
Users

121
Topics

149
Posts

活跃用户