|
[讨论]如何让看VC的反汇编代码
真是高,学习了 |
|
|
|
[求助]关于并口驱动
我用的是RadASM 我本来是想象MakeBeep程序那样: out 378h,al, 但编译通不过. 于是,我就加了一个byte ptr,这样编译就通过了,程序运行也没有异常, 结果还是这里出了问题 |
|
[求助]如何对一个自解压的文件,添加汇编代码
用内存补丁,应该比较方便 |
|
|
|
[求助]关于并口驱动
forgot大哥指点得太好了, 正是如此,谢谢,让小弟走出迷津. 其实我是从KmdKit那份教程中,控制扬声器例程中那样学的,其代码如下: MakeBeep1 proc dwPitch:DWORD cli mov al, 10110110y out 43h, al mov eax, dwPitch out 42h, al mov al, ah out 42h, al ; Turn speaker ON in al, 61h or al, 11y out 61h, al sti DO_DELAY cli ; Turn speaker OFF in al, 61h and al, 11111100y out 61h, al sti ret MakeBeep1 endp 它这里控制计算机端口地址就直接用的是数值,而不是用寄存器间接表示的. 而控制并口的地址却要用寄存器来间接寻址, 有点不解.(也许是此时地址已超过了8位,就要求用寄存器来表示了吧) 再次感谢forgot大哥! |
|
[讨论]一DLL注入进程源码
看不明白,不知有什么特别之处 |
|
[求助]关于并口驱动
看来这个问题太简单了,高手都不愿意理会 网上也有一个很流行的并口驱动及源码(WinIO), 看了一下源码,它是利用 I/O许可位图 来实现的, 从而允许用户程序直接操作端口. 我想用另一种方式来实现, 在驱动程序中直接用out指令来操作端口,怎么就不行了 |
|
[求助]如何提取调用ml.exe 和link.exe程序所产生的编译链接信息?
是的,RadAsm正是这样用的: ... 0042C34B . 6A 00 PUSH 0 ; /BufSize = 0 0042C34D . 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C] ; | 0042C350 . 50 PUSH EAX ; |pSecurity 0042C351 . 68 5E774900 PUSH RadASM.0049775E ; |pWriteHandle = RadASM.0049775E 0042C356 . 68 5A774900 PUSH RadASM.0049775A ; |pReadHandle = RadASM.0049775A 0042C35B . E8 26A40100 CALL <JMP.&kernel32.CreatePipe> ; \CreatePipe .... |
|
|
|
|
|
[求助]关于并口驱动
怎么也没人理我啊~~~ |
|
辞旧迎新exploit me挑战赛[题目]
观战... ... |
|
[求助]如何提取调用ml.exe 和link.exe程序所产生的编译链接信息?
呵呵,逆了一下RADASM,轻松解决, 下面是:RADASM里面关于编译链接处理的关键代码: 0042C336 . C745 F4 0C000>MOV DWORD PTR SS:[EBP-C],0C 0042C33D . C745 F8 00000>MOV DWORD PTR SS:[EBP-8],0 0042C344 . C745 FC 01000>MOV DWORD PTR SS:[EBP-4],1 0042C34B . 6A 00 PUSH 0 ; /BufSize = 0 0042C34D . 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-C] ; | 0042C350 . 50 PUSH EAX ; |pSecurity 0042C351 . 68 5E774900 PUSH RadASM.0049775E ; |pWriteHandle = RadASM.0049775E 0042C356 . 68 5A774900 PUSH RadASM.0049775A ; |pReadHandle = RadASM.0049775A 0042C35B . E8 26A40100 CALL <JMP.&kernel32.CreatePipe> ; \CreatePipe 0042C360 . 0BC0 OR EAX,EAX 0042C362 . 75 0A JNZ SHORT RadASM.0042C36E 0042C364 . B8 0A000000 MOV EAX,0A 0042C369 . E9 6C010000 JMP RadASM.0042C4DA 0042C36E > C745 B0 44000>MOV DWORD PTR SS:[EBP-50],44 0042C375 . 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50] 0042C378 . 50 PUSH EAX ; /pStartupinfo 0042C379 . E8 D4A40100 CALL <JMP.&kernel32.GetStartupInfoA> ; \GetStartupInfoA 0042C37E . A1 5E774900 MOV EAX,DWORD PTR DS:[49775E] 0042C383 . 8945 EC MOV DWORD PTR SS:[EBP-14],EAX 0042C386 . 8945 F0 MOV DWORD PTR SS:[EBP-10],EAX 0042C389 . C745 DC 01010>MOV DWORD PTR SS:[EBP-24],101 0042C390 . 66:C745 E0 00>MOV WORD PTR SS:[EBP-20],0 0042C396 . 68 62774900 PUSH RadASM.00497762 ; /pProcessInfo = RadASM.00497762 0042C39B . 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50] ; | 0042C39E . 50 PUSH EAX ; |pStartupInfo 0042C39F . 6A 00 PUSH 0 ; |CurrentDir = NULL 0042C3A1 . 6A 00 PUSH 0 ; |pEnvironment = NULL 0042C3A3 . 6A 00 PUSH 0 ; |CreationFlags = 0 0042C3A5 . 6A 01 PUSH 1 ; |InheritHandles = TRUE 0042C3A7 . 6A 00 PUSH 0 ; |pThreadSecurity = NULL 0042C3A9 . 6A 00 PUSH 0 ; |pProcessSecurity = NULL 0042C3AB . 68 56734900 PUSH RadASM.00497356 ; |CommandLine = "C:\RadASM\Masm32\Bin\ML.EXE /c /coff /Cp /nologo /I"C:\RadASM\Masm32\Include" "C:\Te st\MyDrv.asm"" 0042C3B0 . 6A 00 PUSH 0 ; |ModuleFileName = NULL 0042C3B2 . E8 D5A30100 CALL <JMP.&kernel32.CreateProcessA> ; \CreateProcessA 0042C3B7 . 0BC0 OR EAX,EAX 0042C3B9 . 75 20 JNZ SHORT RadASM.0042C3DB 0042C3BB . FF35 5A774900 PUSH DWORD PTR DS:[49775A] ; /hObject = 00000238 (window) 0042C3C1 . E8 A2A30100 CALL <JMP.&kernel32.CloseHandle> ; \CloseHandle 0042C3C6 . FF35 5E774900 PUSH DWORD PTR DS:[49775E] ; /hObject = 000001C4 (window) 0042C3CC . E8 97A30100 CALL <JMP.&kernel32.CloseHandle> ; \CloseHandle 0042C3D1 . B8 0B000000 MOV EAX,0B 0042C3D6 . E9 98000000 JMP RadASM.0042C473 0042C3DB > FF35 5E774900 PUSH DWORD PTR DS:[49775E] ; /hObject = 000001C4 (window) 0042C3E1 . E8 82A30100 CALL <JMP.&kernel32.CloseHandle> ; \CloseHandle 0042C3E6 . 68 00040000 PUSH 400 ; /Length = 400 (1024.) 0042C3EB . 68 56734900 PUSH RadASM.00497356 ; |Destination = RadASM.00497356 0042C3F0 . E8 CFA40100 CALL <JMP.&kernel32.RtlZeroMemory> ; \RtlZeroMemory 0042C3F5 . 33DB XOR EBX,EBX 0042C3F7 > 6A 00 PUSH 0 ; /pOverlapped = NULL 0042C3F9 . 8D45 AC LEA EAX,DWORD PTR SS:[EBP-54] ; | 0042C3FC . 50 PUSH EAX ; |pBytesRead 0042C3FD . 6A 01 PUSH 1 ; |BytesToRead = 1 0042C3FF . 8D83 56734900 LEA EAX,DWORD PTR DS:[EBX+497356] ; | 0042C405 . 50 PUSH EAX ; |Buffer 0042C406 . FF35 5A774900 PUSH DWORD PTR DS:[49775A] ; |hFile = 00000238 (window) 0042C40C . E8 A7A40100 CALL <JMP.&kernel32.ReadFile> ; \ReadFile 0042C411 . 0BC0 OR EAX,EAX 0042C413 . 75 0D JNZ SHORT RadASM.0042C422 0042C415 . 0BDB OR EBX,EBX 0042C417 . 74 05 JE SHORT RadASM.0042C41E 0042C419 . E8 C1000000 CALL RadASM.0042C4DF 0042C41E > EB 1D JMP SHORT RadASM.0042C43D 0042C420 . EB 19 JMP SHORT RadASM.0042C43B 0042C422 > 80BB 56734900>CMP BYTE PTR DS:[EBX+497356],0A 0042C429 . 74 08 JE SHORT RadASM.0042C433 0042C42B . 81FB FF010000 CMP EBX,1FF 0042C431 . 75 07 JNZ SHORT RadASM.0042C43A 0042C433 > E8 A7000000 CALL RadASM.0042C4DF 0042C438 . EB 01 JMP SHORT RadASM.0042C43B 0042C43A > 43 INC EBX 0042C43B >^ EB BA JMP SHORT RadASM.0042C3F7 0042C43D > 68 72774900 PUSH RadASM.00497772 ; /pExitCode = RadASM.00497772 0042C442 . FF35 62774900 PUSH DWORD PTR DS:[497762] ; |hProcess = NULL 0042C448 . E8 A5A30100 CALL <JMP.&kernel32.GetExitCodeProcess> ; \GetExitCodeProcess 0042C44D . FF35 5A774900 PUSH DWORD PTR DS:[49775A] ; /hObject = 00000238 (window) 0042C453 . E8 10A30100 CALL <JMP.&kernel32.CloseHandle> ; \CloseHandle 0042C458 . FF35 66774900 PUSH DWORD PTR DS:[497766] ; /hObject = NULL 0042C45E . E8 05A30100 CALL <JMP.&kernel32.CloseHandle> ; \CloseHandle 0042C463 . FF35 62774900 PUSH DWORD PTR DS:[497762] ; /hObject = NULL 0042C469 . E8 FAA20100 CALL <JMP.&kernel32.CloseHandle> ; \CloseHandle 0042C46E . A1 72774900 MOV EAX,DWORD PTR DS:[497772] 0042C473 > EB 65 JMP SHORT RadASM.0042C4DA 0042C475 > 83F8 01 CMP EAX,1 0042C478 . 74 05 JE SHORT RadASM.0042C47F 0042C47A . 83F8 02 CMP EAX,2 0042C47D . 75 5B JNZ SHORT RadASM.0042C4DA |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值