安卓内核编译
设备:Oneplus 5 内核源码:https://github.com/MoKee/android_kernel_oneplus_msm8998 编译器:gcc-arm-9.2 编译脚本: 12345678910export ARCH=arm64export SUBARCH=arm64export AARCH64=/home/rog/project/android_kernel/toolchai
诸葛的博客
UE4 FName & GObject
FName就是NamePoolDataGObject就是GUObjectArray 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950__int64 __fastcall FName::GetPlainNameString(_DWORD *a1, __int64 a2
x64通过页表自映射计算PTE_BASE
1234567891011121314151617181920//InitializePteBase(__readcr3());VOID InitializePteBase(ULONG64 dirbase){ PHYSICAL_ADDRESS phAddr = { 0 }; ULONG64 slot = 0; ULONG_PTR pfn = dirb
x64分页
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950cr3=00000000001ad000gdtr=fffff8003f677fb0kd> !vtop 00000000001ad000 fffff8003f677fb0Amd64VtoP: Virt fffff8
X86 Assembly Instructions
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210
ObRegisterCallbacks C0000022错误
环境:Win7 x64 ntoskrnl.exe12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929
逆向分析MmIsAddressValid
近期跟海哥学习了系统底层的一些知识,此处使用IDA对MmIsAddressValid进行逆向分析,以加深对Windows分页机制的了解废话不多说,上代码 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354;环境:Windows7 x32 ntoskr
切换CR3跨进程读写内存
环境:XPx32、Win7x32 项目历时三天,最终在朋友的帮助下,搞成功了! 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848