能力值:
( LV3,RANK:20 )
|
-
-
2 楼
nt!NtCreateProcessEx:
80582e82 6a0c push 0Ch
80582e84 6890f14f80 push offset nt!ObWatchHandles+0x684 (804ff190)
80582e89 e8ad05f6ff call nt!_SEH_prolog (804e343b)
80582e8e 64a124010000 mov eax,dword ptr fs:[00000124h]
80582e94 33d2 xor edx,edx
80582e96 389040010000 cmp byte ptr [eax+140h],dl
80582e9c 0f8434c30300 je nt!NtCreateProcessEx+0x51 (805bf1d6)
80582ea2 8955fc mov dword ptr [ebp-4],edx
指的是这些么?
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
http://bbs.pediy.com/showthread.php?p=650201
用xde反汇编引擎
|
|
|