Sometimes, we have to face the situation where we need to read or write process memory but want the process to be completely unaware. In general, users can achieve this by utilizing the process_vm_readv and process_vm_writev syscalls provided from Android kernel. However, there are several methods to detect such malicious behaviors. Some anti-cheaters insert a type of special memory pages into the game’s memory, they can detect these memory pages being read or written by mincore.
Sometimes, we may need hide our process from various programs in order to achieve specific objectives. For instance, we may want to hide our virus from antivirus software, or conceal our cheat from anti-cheat programs. There are lots of different approaches introduced by blogs in internet. In this article, I will introduce a few methods that I believe are both effective and relatively straightforward. Unlink EPROCESS First and foremost, I
Sometimes, we need to implement some libs using rust, and these libs should be loaded by other programs, which means we have to implement some interface for these libs based on the specific foreign interface standard. Usually, this specific standard is called FFI(Foreign Function Interface). It is an important mechanism that allows libraries to access functions from other programming language. In this way, we can use this mechanism call C functions in Rust language or call Rust functions in C language.
前言 大体设计思路与 Qriver2.0出题思路 差不多，依旧是使用自己写的LLVM混淆编译了一个Windows驱动程序。主要原因是去年是0解，感
With the accelerating advancement of Rust language, more and more tech companies are recompiling their programs using Rust, especially client security software. However, there are few documents available that explain how to hook any functions using Rust. Therefore, I have written this blog to help you understand how to hook programs using the retour-rs crate for Rust. In the C language, two hook libraries, detour and MinHook, are commonly used and both have been implemented in Rust.
一月的时候分析了一下Riot Vanguard，并且得知在三月的时候Vanguard有重大更新，遂现在公开此分析报告。 整体门槛与难点 Vangu
Vue Install Install Node.js 先安装 nodejs 下载 LTS Windows Installer (.msi)然后运行安装就可以了。安装时有一个勾选项是“是否安装其他依赖库”可以不勾选 安装完毕后 node -v 和 npm -v 查看是否
校队参赛，Re方向拿了一个一血一个二血。这次Re题目质量还可以，没有那种特别恶心的乱七八糟算法来恶心人，考的都是一些针对性的知识点。 Dual personality 经典
有的时候，因为一些特殊目的，需要编译不带导入表甚至无PE头和初始化函数的shellcode。这里记录两种方法。 纯shellcode 当shel
在写OLLVM的时候，经常会遇到各种坑点，这里就专门开一篇来记录一些自己遇到的、比较难处理的坑。本文动态更新。 复制基本块相关 在Obf的时候经