|
[原创]驱动开发和调试的环境设置
....希望能过解决 |
|
[推荐]用王艳萍的DriverWizard.awx配置驱动编译环境
3最后一步,添加一个环境变量ddkroot ,内容是你ddk安装的目录D:\WINDDK\3790.1830 这里不知道怎么加? 是在我的 电脑加? |
|
[求助]脱PESin 0.3?-1.3?壳遇到死循环
根据peeler的方法,我来到这里 00396A70 6C ins byte ptr es:[edi], dx 00396A71 67:3900 cmp dword ptr [bx+si], eax 00396A74 0000 add byte ptr [eax], al 00396A76 0000 add byte ptr [eax], al 00396A78 A4 movs byte ptr es:[edi], byte ptr [esi> 00396A79 67:3900 cmp dword ptr [bx+si], eax 00396A7C 55 push ebp//这里应该是OEP了吧, 00396A7D 8BEC mov ebp, esp 00396A7F 83C4 C4 add esp, -3C 00396A82 B8 CC673900 mov eax, 003967CC 00396A87 E8 B8F4F7FF call 00315F44 00396A8C E8 93D4F7FF call 00313F24 00396A91 8D40 00 lea eax, dword ptr [eax] 00396A94 0000 add byte ptr [eax], al 00396A96 0000 add byte ptr [eax], al 00396A98 0000 add byte ptr [eax], al 00396A9A 0000 add byte ptr [eax], al 00396A9C 0000 add byte ptr [eax], al 00396A9E 0000 add byte ptr [eax], al 00396AA0 0000 add byte ptr [eax], al 点了dump怎么脱不出来呢? 我从来没有脱过DLL文件不知道怎么脱 |
|
[求助]脱PESin 0.3?-1.3?壳遇到死循环
我用KuNgBiM 做的脚本脱运行了下 然后得到的是没有加密的了 但是却停在 00301000 /04103000 dd dbt3.00301004 //停在这里 00301004 \03 db 03 00301005 . 07 db 07 00301006 . 42 6F 6F 6C 6>ascii "Boolean" 0030100D 01 db 01 0030100E 00 db 00 0030100F 00 db 00 00301010 00 db 00 00301011 00 db 00 00301012 01 db 01 00301013 00 db 00 00301014 00 db 00 00301015 00 db 00 00301016 00103000 dd dbt3.00301000 0030101A . 05 db 05 0030101B . 46 61 6C 73 6>ascii "False" 00301020 . 04 db 04 00301021 . 54 72 75 65 ascii "True" 00301025 8D40 00 lea eax, dword ptr [eax] 00301028 2C103000 dd dbt3.0030102C 0030102C 02 db 02 0030102D . 04 db 04 0030102E . 43 68 61 72 ascii "Char" 00301032 01 db 01 00301033 00 db 00 00301034 00 db 00 00301035 00 db 00 00301036 00 db 00 00301037 FF db FF 00301038 00 db 00 00301039 00 db 00 0030103A 00 db 00 0030103B 90 nop 0030103C 40103000 dd dbt3.00301040 00301040 01 db 01 00301041 . 08 db 08 00301042 . 53 6D 61 6C 6>ascii "Smallint" 0030104A 02 db 02 0030104B 00 db 00 0030104C 80 db 80 0030104D FF db FF 0030104E FF db FF 0030104F FF db FF 00301050 7F db 7F 00301051 00 db 00 00301052 00 db 00 00301053 90 nop 00301054 58103000 dd dbt3.00301058 00301058 01 db 01 00301059 . 07 db 07 0030105A . 49 6E 74 65 6>ascii "Integer" 00301061 04 db 04 00301062 00 db 00 00301063 00 db 00 00301064 00 db 00 00301065 80 db 80 00301066 FF db FF 00301067 FF db FF 00301068 FF db FF 00301069 7F db 7F 0030106A 8BC0 mov eax, eax 0030106C 70103000 dd dbt3.00301070 00301070 01 db 01 00301071 . 04 db 04 00301072 . 42 79 74 65 ascii "Byte" 00301076 01 db 01 00301077 00 db 00 00301078 00 db 00 00301079 00 db 00 0030107A 00 db 00 0030107B FF db FF 0030107C 00 db 00 0030107D 00 db 00 0030107E 00 db 00 0030107F 90 nop 00301080 84103000 dd dbt3.00301084 00301084 01 db 01 00301085 . 04 db 04 00301086 . 57 6F 72 64 ascii "Word" 0030108A 03 db 03 0030108B 00 db 00 0030108C 00 db 00 0030108D 00 db 00 0030108E 00 db 00 0030108F FF db FF 00301090 FF db FF 00301091 00 db 00 00301092 00 db 00 00301093 90 nop 00301094 98103000 dd dbt3.00301098 00301098 01 db 01 00301099 . 08 db 08 0030109A . 43 61 72 64 6>ascii "Cardinal" 003010A2 05 db 05 003010A3 00 db 00 003010A4 00 db 00 003010A5 00 db 00 003010A6 00 db 00 003010A7 FF db FF 003010A8 FF db FF 003010A9 FF db FF 003010AA FF db FF 003010AB 90 nop 003010AC . B0103000 dd dbt3.003010B0 003010B0 0A db 0A 003010B1 . 06 db 06 003010B2 . 53 74 72 69 6>ascii "String" 003010B8 04113000 dd dbt3.00301104 ; ASCII 07,"TObject" 003010BC 00 db 00 003010BD 00 db 00 003010BE 00 db 00 003010BF 00 db 00 003010C0 00 db 00 003010C1 00 db 00 003010C2 00 db 00 003010C3 00 db 00 003010C4 00 db 00 003010C5 00 db 00 003010C6 00 db 00 003010C7 00 db 00 003010C8 00 db 00 003010C9 00 db 00 003010CA 00 db 00 003010CB 00 db 00 003010CC 00 db 00 003010CD 00 db 00 003010CE 00 db 00 003010CF 00 db 00 003010D0 00 db 00 003010D1 00 db 00 003010D2 00 db 00 003010D3 00 db 00 003010D4 00 db 00 003010D5 00 db 00 003010D6 00 db 00 003010D7 00 db 00 003010D8 04113000 dd dbt3.00301104 ; ASCII 07,"TObject" 003010DC 04 db 04 003010DD 00 db 00 003010DE 00 db 00 003010DF 00 db 00 003010E0 00 db 00 003010E1 00 db 00 003010E2 00 db 00 003010E3 00 db 00 003010E4 84343000 dd dbt3.00303484 ; 入口地址 003010E8 90343000 dd dbt3.00303490 ; 入口地址 003010EC 94343000 dd dbt3.00303494 ; 入口地址 003010F0 98343000 dd dbt3.00303498 003010F4 8C343000 dd dbt3.0030348C ; 入口地址 003010F8 D4313000 dd dbt3.003031D4 ; 入口地址 003010FC F0313000 dd dbt3.003031F0 ; 入口地址 00301100 2C323000 dd dbt3.0030322C ; 入口地址 00301104 . 07 db 07 00301105 . 54 4F 62 6A 6>ascii "TObject" 0030110C 10113000 dd dbt3.00301110 00301110 07 db 07 00301111 . 07 db 07 00301112 . 54 4F 62 6A 6>ascii "TObject" 00301119 04113000 dd dbt3.00301104 ; ASCII 07,"TObject" 0030111D 00 db 00 0030111E 00 db 00 0030111F 00 db 00 00301120 00 db 00 00301121 00 db 00 00301122 00 db 00 00301123 . 06 db 06 00301124 . 53 79 73 74 6>ascii "System" 0030112A 00 db 00 0030112B 00 db 00 0030112C 30113000 dd dbt3.00301130 00301130 0F db 0F 00301131 . 0A db 0A 00301132 . 49 49 6E 74 6>ascii "IInterface" 0030113C 00 db 00 0030113D 00 db 00 0030113E 00 db 00 0030113F 00 db 00 00301140 01 db 01 00301141 00 db 00 00301142 00 db 00 00301143 00 db 00 00301144 00 db 00 00301145 00 db 00 00301146 00 db 00 00301147 00 db 00 00301148 00 db 00 00301149 C0 db C0 0030114A 00 db 00 0030114B 00 db 00 0030114C 00 db 00 0030114D 00 db 00 0030114E 00 db 00 0030114F 00 db 00 00301150 46 db 46 ; CHAR 'F' 00301151 . 06 db 06 00301152 . 53 79 73 74 6>ascii "System" 00301158 03 db 03 00301159 . 00FF add bh, bh 0030115B . FFCC dec esp 0030115D . 834424 04 F8 add dword ptr [esp+4], -8 00301162 . E9 85460000 jmp 003057EC 00301167 . 834424 04 F8 add dword ptr [esp+4], -8 0030116C . E9 A3460000 jmp 00305814 00301171 . 834424 04 F8 add dword ptr [esp+4], -8 00301176 . E9 AD460000 jmp 00305828 0030117B CC int3 0030117C CC int3 0030117D 5D113000 dd dbt3.0030115D 00301181 67113000 dd dbt3.00301167 00301185 71113000 dd dbt3.00301171 00301189 01 db 01 0030118A 00 db 00 0030118B 00 db 00 0030118C 00 db 00 0030118D 00 db 00 0030118E 00 db 00 0030118F 00 db 00 不知道入口在那里 |
|
[注意]启用“课题+成果”的模式+成立“编程技术小组”(最近更新2008.6.27)
我想加入,对WINDOWS编程感兴趣 |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值