| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 |
- Injection
- NumPy Unicode Error
- Python
- data distribution
- javascript
- Analysis
- TensorFlow
- mock.patch
- error fix
- idb2pat
- commandline
- open office xml
- why error
- MySQL
- h5py.File
- x64
- hex-rays
- Rat
- idapro
- svn update
- ecma
- malware
- debugging
- 포인터 매핑
- idapython
- ida
- error
- pytest
- ida pro
- Ransomware
- Today
- Total
13 Security Lab
# SHGetFolderPath 출처 : http://msdn.microsoft.com/library/en-us/shellcc/platform/shell/reference/enums/csidl.asp CSIDL values provide a unique system-independent way to identify special folders used frequently by applications, but which may not have the same name or location on any given system. For example, the system folder may be "C:\Windows" on one system and "C:\Winnt" on another. These cons..
권한 설정 해줄 파일에 대해 쉘에서 아래 명령어를 통해 권한 획득 후 진행 takeown /f "path” && icacls "path” /grant administrators:F
gethostbyname
input : url output: ip DNS Query로 Url에 해당하는 IP를 얻음
MoveFileEx
MoveFileEx 함수 "MOVEFILE_DELAY_UNTIL_REBOOT" 파일 이름 변경이나 삭제를 컴퓨터가 재시작할 때 까지 지연시킬 수 있는 유용한 옵션 If dwFlags specifies MOVEFILE_DELAY_UNTIL_REBOOT and lpNewFileName is NULL, MoveFileEx registers the lpExistingFileName file to be deleted when the system restarts. If lpExistingFileName refers to a directory, the system removes the directory at restart only if the directory is empty. 재부팅 후 삭제
REF. http://www.experts-exchange.com/Programming/Microsoft_Development/A_3216-Fast-Base64-Encode-and-Decode.html Windows CryptoAPI: CryptBinaryToString and CryptStringToBinary The Windows CryptoAPI provides a set of general-purpose functions (CryptBinaryToString and CryptStringToBinary) that support base64 encoding and decoding. The following is a pair of functions that wrap that API: #include #..