我正在尝试在虚拟环境中调试 rootkit。从逆向我知道它使用超级简单的CPU计时检查,看起来像这样(来源pafish):
static inline unsigned long long rdtsc_diff_vmexit() {
unsigned long long ret, ret2;
unsigned eax, edx;
__asm__ volatile("rdtsc" : "=a" (eax), "=d" (edx));
ret = ((unsigned long long)eax) | (((unsigned long long)edx) << 32);
/* vm exit forced here. it uses: eax = 0; cpuid; */
__asm__ volatile("cpuid" : /* no output */ : "a"(0x00));
/**/
__asm__ volatile("rdtsc" : "=a" (eax), "=d" (edx));
ret2 = ((unsigned long long)eax) | (((unsigned long long)edx) << 32);
return ret2 - …想象一下用于 VM 检测的简单 CPU 计时检查。
static inline unsigned long long rdtsc_diff_vmexit() {
unsigned long long ret, ret2;
unsigned eax, edx;
__asm__ volatile("rdtsc" : "=a" (eax), "=d" (edx));
ret = ((unsigned long long)eax) | (((unsigned long long)edx) << 32);
/* vm exit forced here. it uses: eax = 0; cpuid; */
__asm__ volatile("cpuid" : /* no output */ : "a"(0x00));
/**/
__asm__ volatile("rdtsc" : "=a" (eax), "=d" (edx));
ret2 = ((unsigned long long)eax) | (((unsigned long long)edx) << 32);
return ret2 …今天我试图从 BitMap 检查 CSharp 中的一种颜色是否与另一种颜色相似。这是代码,我正在使用:
Color blah = screenshot.GetPixel(x, y);
if (blah == Color.Red) {
...
问题是,我从来没有得到过true,因为颜色有一点不同的色调。有什么方法可以比较这些颜色的公差吗?
谢谢!