vftable'; LocalFree(*(HLOCAL *)(this + 56)); v2 = *(void **)(this + 64); *(_QWORD *)(this + 56) = 0i64...LocalFree(v2); v3 = *(void **)(this + 80); // <-- [0] uninitialized *(_QWORD *)(this + 64) = 0i64...; LocalFree(v3); // <-- [1] free *(_QWORD *)(this + 80) = 0i64; } 复制品 通过 Gflags
; LocalFree(*(HLOCAL *)(this + 56)); v2 = *(void **)(this + 64); *(_QWORD *)(this + 56) = 0i64...; 本地免费(v2); v3 = *(void **)(this + 80); // <-- [0] 未初始化 *(_QWORD *)(this + 64) = 0i64; 本地免费...(v3);// <-- [1] 免费 *(_QWORD *)(this + 80) = 0i64; } 复制品 通过 Gflags 开启 PageHeapwinword.exe 启动 Word,将调试器附加到它
B8h] [rbp+10h] BYREF void *ProcessHandle; // [rsp+C0h] [rbp+18h] BYREF ClientId.UniqueThread = 0i64...; ObjectAttributes.Length = 48; ObjectAttributes.RootDirectory = 0i64; ObjectAttributes.Attributes...= 0; ObjectAttributes.ObjectName = 0i64; ObjectAttributes.SecurityDescriptor = 0i64; ObjectAttributes.SecurityQualityOfService...= 0i64; ClientId.UniqueProcess = (HANDLE)pid;//pid传入的地方 KeStackAttachProcess(Process, &ApcState)...ObReferenceObjectByHandle(ProcessHandle, 0, 0i64, 0, &Object, 0i64) ) { switch ( dword_1CE40
if ( ZwCreateFile(&FileHandle, 0x120089u, &ObjectAttributes, &IoStatusBlock, 0i64, 0x80u, 7u, 1u, 0x20u..., 0i64, 0) >= 0 ) { current_thread = __readgsqword(0x188u); FileHandle_1 = FileHandle...; status = NtDeviceIoControlFile( FileHandle_1, 0i64..., 0i64, 0i64, &IoStatusBlock,
; // rcx 无效*qword33E8; // rcx 如果(这个-> qword33E0) { IpcFreeMemory (); 这-> qword33E0 = 0i64...CoTaskMemFree (v2); // <--- [1] free *(_QWORD *)& this -> gap33F0 [ 104 ] = 0i64
a-flsTest bool flsTest(void){ return FlsAlloc(0i64) !...void){ HANDLE hProcess; // rax hProcess = GetCurrentProcess(); return VirtualAllocExNuma(hProcess, 0i64...= 0i64;} c-timeDistortionTest _BOOL8 timeDistortionTest(void){ DWORD ticks_after; // [rsp+28h] [rbp-...d-systemProcessTest bool systemProcessTest(void){ return OpenProcess(PROCESS_ALL_ACCESS, 0, 4u) == 0i64...Block ) return 0i64; memset(Block, 0, 100000000ui64); free(Block); return 1i64;} 收集系统信息 带有 DGA
858993460; v4 += 4; } sub_1400113DE(&unk_1400240BE); strcpy(v13, "0123456789+/"); Str1 = 0i64...; v17 = a2; if ( a2 == 1 ) { hWnd = CreateWindowExW(0, L"EDIT", 0i64, 0x50810000u, 0, 0, 390...); LABEL_17: v7 = 0i64; goto LABEL_18; } switch ( v17 ) { case 2u: PostQuitMessage...j_strcmp(Str1, Str2) ) MessageBoxW(0i64, &Text, &Caption, 0); else MessageBoxW...(0i64, &word_14001AF20, &word_14001AF18, 0); } goto LABEL_17; } v7 = DefWindowProcW(a1
评估函数 最后选择的评函数为: self.evaluated = min_occupied.iter().enumerate().fold(0i64, |a, (_col, b)|...avg_occupied; // a - b * b // } // } //}) + space_count.iter().fold(0i64..., |a, b| a - std::cmp::min(6, *b) * 15) }) + space_count.iter().fold(0i64, |a, b| a - b * 20)
ebp-14h] int v15; // [esp+20h] [ebp-10h] __int64 v16; // [esp+24h] [ebp-Ch] v13 = 0; v10 = 0i64...; v11 = 0i64; v12 = 0i64; v14 = 9; v15 = 2; v16 = 0i64; ((void (__cdecl *)(const char *,
PptpCmActivateVcComplete ( ActiveateVcRetCode, lpCallCtx, ( PVOID ) lpCallCtx- > CallParams ) ; } 返回0i64...ExFreePoolWithTag (( PVOID ) lpCallContext- > CallParams, 0 ) ; lpCallContext- > CallParams = 0i64
[0i64; n as usize]; n as usize]; // 存储回文子序列数量的二维数组 for i in 0..n { dp[i as usize][i as usize
- v5) + 8 > 0xFFFF || (v10 = Dns_AllocateRecordEx((unsigned __int16)(v9 + 8), 0), (v11 = v10) == 0i64...) ) { v7 = 14;LABEL_5: SetLastError(v7); return 0i64; } *((_BYTE *)v10 + 32) = *(_BYTE *)
Inputbuffer->dwCounter) ) //这里要满足这个条件让其进入循环,将其counter 设为1 { if ( pre_mode ) { v24 = 0i64...; v25 = 0i64; v15 = v13; pData1 = Inputbuffer->pData1; if ( v12 )
if ( (int)ZwQuerySystemInformation(0xBi64, v4, (unsigned int)NumberOfBytes, 0i64) < 0 ) { ExFreePoolWithTag
0x1FFFFFi64, v39, hProcess, v37, v38, v14, 0i64
JVMTI_ERROR_INTERNAL); _cxa_throw(exception, (struct type_info *)&`typeinfo for'AgentException, 0i64..., JVMTI_ERROR_INTERNAL); _cxa_throw(v18, (struct type_info *)&`typeinfo for'AgentException, 0i64
STATUS_INVALID_PARAMETER, 1); gWfpGlobal - >field_BC = 1; KeGenericCallDpc(WfpSyncDpcCallback, 0i64...// [rsp+48h] [rbp+10h] BYREF void Dst; // [rsp+50h] [rbp+18h] BYREF NtStatus = 0; Dst = 0i64
v28 = 0x56; memcpy(Dst, &Src, 0x10ui64); *((_QWORD *)&hFileMappingObject + 1) = CreateEventW(0i64
pExHandleHandle.Value & 0xFFFFFFFFFFFFFFFCui64; if ( tagBits >= a1->NextHandleNeedingPool ) return 0i64
领取专属 10元无门槛券
手把手带您无忧上云
云服务器
ICP备案
对象存储
即时通信 IM
实时音视频
