{"id":161717,"date":"2020-09-19T17:44:36","date_gmt":"2020-09-19T09:44:36","guid":{"rendered":"http:\/\/4563.org\/?p=161717"},"modified":"2020-09-19T17:44:36","modified_gmt":"2020-09-19T09:44:36","slug":"%e4%b8%ba%e4%bb%80%e4%b9%88%e6%b8%b8%e6%88%8f%e4%bf%ae%e6%94%b9%e5%99%a8%e8%83%bd%e4%bf%ae%e6%94%b9%e5%85%b6%e5%ae%83%e7%a8%8b%e5%ba%8f%e7%9a%84%e5%86%85%e5%ad%98%ef%bc%9f","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=161717","title":{"rendered":"\u4e3a\u4ec0\u4e48\u6e38\u620f\u4fee\u6539\u5668\u80fd\u4fee\u6539\u5176\u5b83\u7a0b\u5e8f\u7684\u5185\u5b58\uff1f"},"content":{"rendered":"
\n
\n
\n

\u4e3a\u4ec0\u4e48\u6e38\u620f\u4fee\u6539\u5668\u80fd\u4fee\u6539\u5176\u5b83\u7a0b\u5e8f\u7684\u5185\u5b58\uff1f <\/h1>\n

<\/p>\n

\n
\u8cc7\u6df1\u5927\u4f6c : aiqier <\/span> <\/i> 4<\/span> <\/div>\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n
<\/p>\n

\u64cd\u4f5c\u7cfb\u7edf\u4e0d\u662f\u4f7f\u7528\u865a\u62df\u5730\u5740\u7a7a\u95f4\u7ba1\u7406\u6bcf\u4e2a\u8fdb\u7a0b\u7684\u5185\u5b58\uff0c\u6bcf\u4e2a\u8fdb\u7a0b\u7684\u5185\u5b58\u7a7a\u95f4\u662f\u72ec\u7acb\u7684\uff0c\u5176\u5b83\u8fdb\u7a0b\u8bbf\u95ee\u4e0d\u5230\u7684\u4e48\uff0c\u90a3\u4e3a\u5565\u53ef\u4ee5\u5199\u6e38\u620f\u4fee\u6539\u5668\uff0c\u4fee\u6539\u6e38\u620f\u7a0b\u5e8f\u7684\u5185\u5b58\u53d8\u91cf\u3002<\/p>\n<\/p><\/div>\n

\u5927\u4f6c\u6709\u8a71\u8aaa<\/b> (12<\/span>) <\/div>\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n
    \n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : CEBBCAT <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    https:\/\/lmgtfy.app\/?q=%E4%B8%BA%E4%BB%80%E4%B9%88%E6%B8%B8%E6%88%8F%E4%BF%AE%E6%94%B9%E5%99%A8%E8%83%BD%E4%BF%AE%E6%94%B9%E5%85%B6%E5%AE%83%E7%A8%8B%E5%BA%8F%E7%9A%84%E5%86%85%E5%AD%98%EF%BC%9F <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : kernelpanic <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u64cd\u4f5c\u7cfb\u7edf\u63d0\u4f9b\u4e86 API \u5457… <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : lin07hui <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u4e0d\u662f\u4fee\u6539\u7a0b\u5e8f\u5185\u5b58\u53d8\u91cf\uff0c\u662f\u76f4\u63a5\u6539\u5199\u5185\u5b58\u7684\u5185\u5bb9\uff08\u5c31\u50cf\u6539\u786c\u76d8\u5185\u5bb9\uff09\u3002
    \u627e\u4e2a\u5236\u4f5c\u6e38\u620f\u4fee\u6539\u5668\u6559\u7a0b\u770b\u4e00\u4e0b\uff0c\u6216\u7528\u4e00\u4e0b\u8fd9\u4e2a Cheat Engine \u8f6f\u4ef6\uff0c\u5c31\u660e\u4e86\u3002 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : nightwitch <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u64cd\u4f5c\u7cfb\u7edf\u63d0\u4f9b\u652f\u6301\u554a\uff0c\u4e0d\u7136\u8c03\u8bd5\u5668\u600e\u4e48\u53bb\u770b\u8fdb\u7a0b\u7684\u53d8\u91cf\u3002
    Linux \u4e0b\u53bb\u67e5
    pread
    pwrite<\/p>\n

    Windows \u4e0b\u67e5
    OpenProcess
    ReadProcessMemory
    WriteProcessMemory <\/div>\n<\/p><\/div>\n<\/li>\n

  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : Huelse <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u80af\u5b9a\u662f\u7cfb\u7edf\u63d0\u4f9b\u4e86\u652f\u6301\u5440\uff0c\u60f3\u60f3 VS \u91cc\u7684\u5806\u6808\u5185\u5b58\u8ffd\u8e2a\uff0c\u4f60\u53c8\u6ca1\u5f80\u4f60\u7a0b\u5e8f\u91cc\u5199\u8fd9\u4e9b\uff0c\u603b\u4e0d\u81f3\u4e8e\u7f16\u8bd1\u5668\u81ea\u52a8\u7ed9\u4f60\u52a0\u8fdb\u53bb\u5427 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : reus <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u64cd\u4f5c\u7cfb\u7edf\u9664\u4e86\u6709\u9694\u79bb\uff0c\u4e5f\u80fd\u8ba9\u5176\u4ed6\u8fdb\u7a0b\u8bbf\u95ee\u8fdb\u7a0b\u5185\u5b58\uff0c\u4f8b\u5982\u8c03\u8bd5\u5668\u5c31\u662f\u72ec\u7acb\u7684\u8fdb\u7a0b <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : thedrwu <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u6709\u6743\u9650\u53ef\u4ee5\u76f4\u63a5\u8bfb\u5199\uff0cRead\/WriteProcessMemory \u3002
    \u6216\u8005 DLL \u76f4\u63a5\u6302\u5230\u522b\u7684\u8fdb\u7a0b\u3002 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : Nitroethane <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @nightwitch Linux \u4e0b\u662f ptrace \u7cfb\u7edf\u8c03\u7528\uff0c\u4e0d\u662f pread <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : crclz <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u5206 2 \u79cd\uff0c\u4e00\u79cd External\uff0c\u53e6\u4e00\u79cd Internal \u3002
    External \u7684\uff0c\u4f7f\u7528 WindowsAPI OpenProcess ReadProcessMemory WriteProcessMemory \u6765\u64cd\u4f5c\u5185\u5b58\u3002
    Internal \u7684\uff0c\u901a\u8fc7 dll \u6ce8\u5165\uff0c\u76f4\u63a5\u9644\u7740\u5230\u76ee\u6807\u8fdb\u7a0b\uff0c\u5c31\u50cf\u5728\u81ea\u5df1\u5bb6\u91cc\u9762\u4e00\u6837\uff0c\u4f8b\u5982\u53ef\u4ee5\u76f4\u63a5`player->health = 5000;` <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : codehz <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @nightwitch pread pwrite \u4e0d\u662f\u4f60\u60f3\u8c61\u7684\u90a3\u4e2a p\uff0c\u76f4\u63a5\u8bfb\u5199\u5e94\u8be5\u662f \/proc\/xxx\/mem\uff0c\u95f4\u63a5\u7684\u53ef\u4ee5 ptrace \u8fdb\u53bb\u8bfb\u5199 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : virusdefender <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u4f60\u53ef\u4ee5\u7406\u89e3\u4e3a gdb \u4e00\u6837\u7684\u4e1c\u897f <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : mazhan465 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u9664\u4e86\u76f4\u63a5\u8bfb\u5199\u6307\u5b9a\u8fdb\u7a0b\u5185\u5b58\uff0c\u4e5f\u53ef\u4ee5\u901a\u8fc7\u66ff\u6362\u52a8\u6001\u94fe\u63a5\u5e93\u7684\u65b9\u5f0f hook \u8fdb\u7a0b\uff0c\u4e0d\u8fc7\u6743\u9650\u8981\u6c42\u6bd4\u8f83\u9ad8 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n","protected":false},"excerpt":{"rendered":"

    \u4e3a\u4ec0\u4e48\u6e38\u620f\u4fee\u6539\u5668\u80fd\u4fee\u6539\u5176\u5b83\u7a0b\u5e8f\u7684\u5185…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/161717"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=161717"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/161717\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=161717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=161717"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=161717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}