|
[求助]今天算是开眼了 赶快来求助!
实质上在它ResumeThread的时候 代码已经解压完毕。相应的主进程也准备退出。。所以此时Dump比较好。 |
|
|
|
|
|
[求助]今天算是开眼了 赶快来求助!
soorry...刚才看英语片。。。情不自禁。 |
|
[求助]请教shoooo发布的野猪力量中的一个技术问题。
From MSDN documents we know that..if we wanna go anything from resources we need a hModule for arg (e.t. HRSRC FindResource( HMODULE hModule, LPCTSTR lpName, LPCTSTR lpType );) you can see that first arg. but OllyDbg may thought it runs in exe.so just gives the simplest arg hModule [in] Handle to the module whose executable file contains the resource. A value of NULL specifies the module handle associated with the image file that the operating system used to create the current process. NULL or GetModuleHandle(NULL); So problems occur.... |
|
[求助]今天算是开眼了 赶快来求助!
这个我都不晓得怪归为壳还是算WINRAR 自解压类似的东西哈. |
|
[求助]今天算是开眼了 赶快来求助!
004010CC OEP 004010CC /. 55 push ebp 004010CD |. 8BEC mov ebp,esp 004010CF |. 83EC 44 sub esp,44 004010D2 |. 56 push esi 004010D3 |. FF15 E0634000 call dword ptr ds:[4063E0] ; [GetCommandLineA 004010D9 |. 8BF0 mov esi,eax 004010DB |. 8A00 mov al,byte ptr ds:[eax] 004010DD |. 3C 22 cmp al,22 004010DF |. 75 13 jnz short DNA_记事.004010F4 004010E1 |> 46 /inc esi 004010E2 |. 8A06 |mov al,byte ptr ds:[esi] 004010E4 |. 84C0 |test al,al 004010E6 |. 74 04 |je short DNA_记事.004010EC 004010E8 |. 3C 22 |cmp al,22 004010EA |.^ 75 F5 \jnz short DNA_记事.004010E1 004010EC |> 803E 22 cmp byte ptr ds:[esi],22 004010EF |. 75 0D jnz short DNA_记事.004010FE 004010F1 |. 46 inc esi 004010F2 |. EB 0A jmp short DNA_记事.004010FE 004010F4 |> 3C 20 cmp al,20 004010F6 |. 7E 06 jle short DNA_记事.004010FE 004010F8 |> 46 /inc esi 004010F9 |. 803E 20 |cmp byte ptr ds:[esi],20 004010FC |.^ 7F FA \jg short DNA_记事.004010F8 004010FE |> 803E 00 cmp byte ptr ds:[esi],0 00401101 |. 74 0B je short DNA_记事.0040110E 00401103 |> 803E 20 /cmp byte ptr ds:[esi],20 00401106 |. 7F 06 |jg short DNA_记事.0040110E 00401108 |. 46 |inc esi 00401109 |. 803E 00 |cmp byte ptr ds:[esi],0 0040110C |.^ 75 F5 \jnz short DNA_记事.00401103 0040110E |> C745 E8 00000000 mov [local.6],0 |
|
[求助]请教shoooo发布的野猪力量中的一个技术问题。
simple and easy...you really should try to compile a program for testing...when you try to call Resource function what would you do usually.and for injection to another process what's diffirent between your injected module and exe. |
|
|
|
[讨论]Ollydbg对付驱动壳好象无能为力
本质论... |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值