|
|
[求助]是新壳吗???请教!
用了 ZPROTECT 2次加密 |
|
|
[求助]如何将一个函数生成一个拷贝?
include xxxx.lib |
|
|
|
|
|
|
|
|
[求助]PE里面的reloc是什么段?
重定位用的。。。。。。 |
|
|
|
|
|
[讨论]Win32ASM写的lpk.dll
9afK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4g2F1M7r3q4U0K9#2)9J5k6h3y4F1i4K6u0r3N6X3W2W2N6%4c8Z5M7X3g2S2k6q4)9J5k6i4m8Z5M7q4)9K6c8Y4c8A6k6q4)9K6c8o6x3K6x3K6p5&6i4K6t1$3k6i4S2@1M7X3q4Q4x3@1c8H3j5h3N6W2i4K6t1#2x3@1b7I4 这里有完整的 你看看吧 |
|
|
[已解决][求助]这个NAG好变态,三天三夜没解开。貌似竟是主窗口,环环相扣真厉害。
004451C4 8B0D B06D4400 mov ecx, dword ptr [446DB0] ; Nag2.0044787C 004451CA A1 DC6C4400 mov eax, dword ptr [446CDC] 004451CF 8B00 mov eax, dword ptr [eax] 004451D1 8B15 704E4400 mov edx, dword ptr [444E70] ; Nag2.00444EBC 004451D7 E8 A093FFFF call 0043E57C 上面全部NOP 或者 004451D1 mov edx, dword ptr [444E70] ---》 mov edx, dword ptr [444B8C] 004451DC 8B0D D46D4400 mov ecx, dword ptr [446DD4] ; Nag2.00447874 004451E2 . A1 DC6C4400 mov eax, dword ptr [446CDC] 004451E7 . 8B00 mov eax, dword ptr [eax] 004451E9 . 8B15 8C4B4400 mov edx, dword ptr [444B8C] ; Nag2.00444BD8 004451EF . E8 8893FFFF call 0043E57C |
|
|
[讨论]Win32ASM写的lpk.dll
56aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0D9L8$3N6Q4x3X3g2U0K9r3W2F1j5i4g2F1K9i4S2Q4x3X3g2F1k6i4c8Q4x3V1k6#2x3g2)9J5c8U0x3#2x3U0M7^5i4K6u0r3j5i4u0@1K9h3y4D9k6g2)9#2k6U0f1J5y4o6l9#2i4K6u0W2K9s2c8E0L8l9`.`. 自己去看看为什么 |
|
|
[求助]有没有这样的代码?能自动修复 jmp 与 call 这样的指令的?
http://bbs.pediy.com/showthread.php?t=85491&highlight=fixcode&page=2 18楼 仅供参考 看了楼主修复 CALL 和 JXX 的函数,狂晕了一下,这C不是一般难懂,下面来个ASM版本的 fixcode proc PCopyNtOpenProcess_addr:dword,PNtOpenProcess_addr:dword,PNtOpenProcess_Size:dword ;write by fixfix pushad mov edi,PCopyNtOpenProcess_addr mov ecx,PNtOpenProcess_Size mov esi,PNtOpenProcess_addr rep movsb popad pushfd pushad xor ecx,ecx mov eax,PNtOpenProcess_addr j: cmp PNtOpenProcess_Size,ecx jne @F popad popfd ret 12 @@: cmp byte ptr [eax],0e8h jne @f mov edx,dword ptr [eax+1] lea esi,dword ptr [eax+edx+5] mov edi,PCopyNtOpenProcess_addr add edi,ecx sub esi,edi sub esi,5 mov dword ptr [edi+1],esi add eax,5 add ecx,5 jmp j @@: cmp byte ptr [eax],0fh jne @F cmp byte ptr [eax+1],8Fh jg @F mov edx,dword ptr [eax+2] lea esi,dword ptr [eax+edx+6] mov edi,PCopyNtOpenProcess_addr add edi,ecx sub esi,edi sub esi,6 mov dword ptr [edi+2],esi add eax,6 add ecx,6 jmp j @@: inc eax inc ecx jmp j fixcode endp |
|
|
[求助]替换指定内存区域数据汇编指令求助
mov byte ptr ds:[eax+0c],1 |
|
|
|
|
|
[讨论]IDA 能否处理函数指针
call dword ptr [0004DBDCh] 如果是这样可以搜苏常量 0004DBDCh call dword ptr [r32+const] 这样的只能碰运气,上下翻翻代码了 如果不方便调试,可以这样子 data:0004DBDC dd offset sub_3E860, 替换 sub_3E860 输出调用的信息即可 |
|
|
[求助]Kav怎么载入updater.dll的?
设置OD为,当载入dll就停下 |
|
|
[求助]谁有hex2dec的代码
了下 mov ax,@data 不知道这是什么汇编的写法,具体是什么意思 Hi Blip, Do you mean for example 0xffffffff(hex) ==> 4294967295(dec) and displaying heximal in its correct decimal value ?? I'm not sure what your intentions are but here's a little simple peace of code I've ripped off from one of my old (unfinished) source codes. This little sub routine works fine. It translates hex values into real BCD values (longwords). I have used this little code to present realtime mouse coords on screen in video mode (that was the purpose why I coded it anyway). I guess you probably want to do something similar like that. I assume you may want to add this code to your project(s). Notice also that no code setup has been made here since this little code was ment to be only a sub-routine. I assume you're familiar with setup stuff like ".code , .data , .386 , .model , jumps , end<entry point>" etc. so I didn't bother modifying the source for you further (Sorry my friend but I'm a very lazy coder). Well ok then, here's the source... ;********************************************************* ;****** Computing hexadecimal to decimal digits. ****** ;****** eax= Quotient, ebx = Divident / Multiplier. ****** ;****** ecx = counter, edx = Remainder. ****** ;****** Digits (0-9) will be stored ASCII wise. ****** ;********************************************************* Hex2Dec:sub eax,eax ;Initializing.. mov edx,eax mov ax,@data mov ds,ax mov eax,HexInput ;Input: y=???. mov ebx,10 ;Base 10. mov cx,9 ;Digit counter. HexLoop:div ebx ;Formula: x=(y/10). add edx,30h ;Adjust BCD to Ascii. mov si,cx mov [DecDigits+si*1],dl xor edx,edx ;Reset remainder. dec cx ;Decrement counter. jnz hexloop ;Now go see next digit. ret ;Done ! .data HexInput dd 0FFFFFFFFh ;Input: <max 32 bits>. DecDigits db 10 dup (0) ;Temp storage of 10 decimal digits. |
|
|
[求助]谁有hex2dec的代码
谢谢,有人回答的板块都是好版块 嘿嘿 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
勋章
兑换勋章
证书
证书查询 >
能力值
