2008年12月01日

kd> dd nt!NtCancelDeviceWakeupRequest
805bde0e 000002b8 0004c2c0 cccccccc 74a0cccc
805bde1e 2480559a 1ad8f603 c3c0fec0 cccccccc
805bde2e 1c6acccc 4daa1068 a2a4e880 a164fff7
805bde3e 00000124 0140808a db330000 3874c33a
805bde4e 8bfc5d89 b4a10c7d 3b80558b 890272f8
805bde5e 89078b18 fc4d8307 8b20ebff 008bec45
805bde6e 4589008b 40c033dc e8658bc3 fffc4d83
805bde7e e9dc458b 00000082 640c7d8b 000124a1
kd> u 805bde0e
nt!NtModifyBootEntry:
805bde0e b8020000c0 mov eax,0C0000002h
805bde13 c20400 ret 4
805bde16 cc int 3
805bde17 cc int 3
805bde18 cc int 3
805bde19 cc int 3
805bde1a cc int 3
805bde1b cc int 3

2007年03月08日

因为GFW,我们永远成了历史上的愚蠢代名词!

“焚书坑儒”行径、愚民政策、默认“焚书坑儒”的我们……电子储存将这些愚蠢记录成为历史,直到千百年,直到永远!

信息自由!若为自由故,生命爱情皆可抛!有人强奸了我们信息处女,然后把还带着血丝的过滤信息送到我们怀抱!

竟然这一切就是因为中国政府愚蠢的GFW!愚蠢啊!

用拆分URL(/search?q=cache:)的方法访问Google网页快照

不同浏览器不同的选择:

Firefox浏览器(推荐)

对于Firefox浏览器,立即安装绕过中国防火金长城(GFW)访问Google网页快照的Greasemonkey脚本!(直接点击可以查看脚本:恶意脚本?不是!)

此方法要求使用Firefox浏览器。该款浏览器也是本站强烈推荐的浏览器。这里是我们为什么选择Firefox而不再使用IE的理由

Greasemonkey脚本方法的安装步骤:

更新:如果在10月10日以前安装了脚本后近来发现不能够正常访问Google网页快照的,请更新脚本。步骤:通过菜单中“Tools”–> “Manage User Scripts”打开配置窗口,选择“Google Cached Pages”,然后点击“Uninstall”按钮卸载原有脚本,然后从下面步骤“安装脚本”开始,再安装一次脚本就好了。

  • 安装Firefox
    点击右边按钮安装带有Google工具条的Firefox浏览器
  • 安装Greasemonkey
    用Firefox浏览Greasemonkey主页,并依照提示(主要是点击安装“Install Greasemonkey”按钮)安装Greasemonkey扩展插件
  • 重启Firefox
    重启Firefox浏览器从而激活Greasemonkey,并重新浏览本页
  • 安装脚本
    右键点击上面的绕过中国防火金长城(GFW)访问Google网页快照的Greasemonkey脚本链接,选择右键菜单中的“Install This User Script”选项,或者直接点击上面的链接,然后对应点击右上角的“Install”按钮
  • 测试网页快照
    用Google进行搜索(如果你安装了“带Google工具条的Firefox”,则可以方便地在工具条中输入一关键字进行搜索了),然后检查网页快照是能正常打开了(如果你告诉我这个方法帮助你打开网页快照,我会感觉到很荣幸的)或者是不能打开(如果不能正常打开网页快照,请给我留言

Internet Explorer

对于Internet Explorer浏览器,本站强烈推荐改用Firefox浏览器;另外可以保存替换Google网页快照URL的JavaScript脚本为IE书签!

JavaScript脚本+IE书签方法的安装步骤:

更新:如果在10月10日以前收藏了JavaScript脚本IE书签后近来发现使用书签不能够正常访问Google网页快照的,请更新IE书签。步骤为:先删除原有的JavaScript脚本IE书签,再重新收藏书签。

  • 将JavaScript脚本保存到收藏夹
    右键点击替换Google网页快照URL的JavaScript脚本的链接,选择右键菜单中的“Add to Favorite”或者“添加到收藏夹”选项,如果IE提示说可能链接不安全是否继续,则选择“是”继续保存(实际上你可以查看这段JavaScript,是一段安全的代码!)
  • 测试网页快照
    用Google进行搜索(如果你安装了“Google工具条”,则可以方便地在工具条中输入一关键字进行搜索了),当搜索页面加载完毕之后,选择打开收藏夹中的“替换Google网页快照URL的JavaScript脚本”选项(你可以通过整理收藏夹,将此项放到所有收藏项的顶端)。然后检查网页快照是能正常打开了(如果你告诉我这个方法帮助你打开网页快照,我会感觉到很荣幸的)或者是不能打开(如果不能正常打开网页快照,请给我留言

更多技术细节,可以访问Google Cached Pages over GFW.

Split URL (/search?q=cache:) for Google cached pages

Different browsers different choices:

Firefox (Strongly Recommended)

For Firefox, install Google Cached Pages over China’s Great Fire Wall (GFW) Greasemonkey User Script Now!

This method requires Firefox browser, which is strongly recommended by us! Here is the reason why choosing Firefox over IE.

Greasemonkey in Firefox Installing Instructions:

Update: If you installed script before Oct 10th, and found Google Cached Page not working these days, try to update the script please: Menu "Tools" –> "Manage User Scripts", in the open dialog select "Google Cached Pages", and then click button "Uninstall" to uninstall the script, and then following "Install User Script" instruction and install it again.And Google Cached Pages will work again.

  • Install Firefox
    Click the right button to get Firefox with Google Toolbar, which is one of the most popular extension in Firefox
  • Install Greasemonkey
    Use Firefox to visit Greasemonkey and follow instructions there to install Greasemonkey extension
  • Restart Firefox
    Restart Firefox (Required for enabling Greasemonkey) and visit this page again
  • Install User Script
    Right click on the above Google Cached Pages over China’s Great Fire Wall (GFW) link and choose "Install This User Script" menu item, or click the link directly and then press "Install" button in the upper corner
  • Test "Cached" Pages
    Make a search on Google (Just input something in the search box and make a search if "Firefox with Google Toolbar" installed), and check the "cached" links are working (I would be glad if you tell me that this method works for you) or not (If not, try to report bugs by leaving a comment)

Internet Explorer

For Internet Explorer, we recommend you to use Firefox strongly. Besides you can bookmark the JavaScript for Google Cached Pages to do so.

JavaScript + IE Bookmark Installing Instruction:

Update: If you bookemark the JavaScript IE Bookmark before Oct 10th, and found Google Cached Page not working these days after using the IE bookmark, try to update JavaScript IE Bookmark please: First delete the old bookmark and then re-bookmark the JavaScript URL again.

  • Bookmark JavaScript URL
    Right click JavaScript for Google Cached Pages link and select the menuitem "Add to Favorite". If IE says the link is not safe and whether to continue or not, choose "Yes" to continue (You can check the JavaScript to see it safe or not. Actaully it’s SAFE!).
  • Test "Cached" Pages
    Make a search on Google (Just input something in the search box and make a search if "Google Toolbar" installed). When the search result is loaded, choose to load the selected bookmark "JavaScript for Google Cached Pages" (You can arrange your favorites to make the item in the top for convenience). And then check the "cached" links are working (I would be glad if you tell me that this method works for you) or not (If not, try to report bugs by leaving a comment)

For more technical details or for Chinese installing instructions, please visit Google Cached Pages over GFW.

Copyright 2006 Zhou Renjian

2005年12月01日

for (int z = 5;0<1;){System.out.print(z);}//在JAVA里这样声明的变量z,作用域是{}里,c++里则是从定义的位置以下

2005年10月21日

一个是模拟系统的过程创建个user的threAd,还有就是用用cAll gAte,,试试用驱动建个cAll GAte就卸载,然后用cAll GAte来完成任务

2005年10月06日

xp就行,其实现在想想可能就是CreAteProcess函数就是通过GetProcAddress来调用的,当时觉得hook住了GetProcAddress,就算它这样我也能知道,可我忘了这样并不会在IAT里加那么一项,而我用的又是改写IAT的,,用inline hook可能就没这事了吧,,,

不过奇怪的是2000的explorer.exe的IAT里有CreAteProcessW,而xp  xp2里的却没有,当然我是在xp sp1里hook成功的,,这两个explorer.exe相差很多,,

把2000的explorer.exe拷到xp下运行,回出个资源浏览器,但进程里并不会新增加个进程,,说明explorer.exe不一般 : )

A special kind of descriptor, called a call gate, can be placed in the LDT or the GDT. A program can make a far call with the descriptor set to the call gate. When the call occurs, a new ring level can be specified. A call gate could be used to allow a user-mode program to make a function call into kernel mode. This would be an interesting back door for a rootkit program. The same mechanism can be used with a far jump, but only when the call gate is of the same privilege level or lower than process performing the jump.[7]

[7] The exception is a far jump to a "conforming" code segment.

When a call gate is used, the address is ignored—only the descriptor number matters. The call gate data structure tells the CPU where the code for the called function lives. Optionally, arguments can be read from the stack. For example, a call gate could be created such that the caller puts secret command arguments onto the stack.

可以考虑用这个玩玩 : )

如果像migbot那样把自己的程序拷到一块空间中,不知道里面用到的函数还用不用重定位,比如用个Rtl…什么的,,,,对编译的过程一点都不了解……….. en