能力值:
( LV2,RANK:10 )
|
-
-
2 楼
试试ExitProcess呀
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
bp ExitProcess 试过了,F9运行到此断,可我还是没看明白,我太菜,看过几个教程都是校验软件大小的,但这个应该不是!
7C810C2E > 8BFF mov edi,edi
7C810C30 55 push ebp
7C810C31 8BEC mov ebp,esp
7C810C33 83EC 28 sub esp,28
7C810C36 8B45 08 mov eax,dword ptr ss:[ebp+8]
7C810C39 25 03000010 and eax,10000003
7C810C3E 83F8 03 cmp eax,3
7C810C41 0F84 2EBF0200 je kernel32.7C83CB75
7C810C47 53 push ebx
7C810C48 8B5D 10 mov ebx,dword ptr ss:[ebp+10]
7C810C4B 85DB test ebx,ebx
7C810C4D 56 push esi
7C810C4E 57 push edi
7C810C4F 0F85 A2000000 jnz kernel32.7C810CF7
7C810C55 8B45 0C mov eax,dword ptr ss:[ebp+C]
7C810C58 99 cdq
7C810C59 8BF0 mov esi,eax
7C810C5B 8BFA mov edi,edx
7C810C5D 8B45 14 mov eax,dword ptr ss:[ebp+14]
7C810C60 83E8 00 sub eax,0
7C810C63 0F84 87000000 je kernel32.7C810CF0
7C810C69 48 dec eax
7C810C6A 0F85 A82B0000 jnz kernel32.7C813818
7C810C70 6A 0E push 0E
7C810C72 6A 08 push 8
7C810C74 8D45 F8 lea eax,dword ptr ss:[ebp-8]
7C810C77 50 push eax
7C810C78 8D45 F0 lea eax,dword ptr ss:[ebp-10]
7C810C7B 50 push eax
7C810C7C FF75 08 push dword ptr ss:[ebp+8]
7C810C7F FF15 1810807C call dword ptr ds:[<&ntdll.NtQueryInformat>; ntdll.ZwQueryInformationFile
7C810C85 85C0 test eax,eax
7C810C87 0F8C 09BF0200 jl kernel32.7C83CB96
7C810C8D 0175 F8 add dword ptr ss:[ebp-8],esi
7C810C90 8B45 FC mov eax,dword ptr ss:[ebp-4]
7C810C93 13C7 adc eax,edi
7C810C95 85C0 test eax,eax
7C810C97 8945 FC mov dword ptr ss:[ebp-4],eax
7C810C9A 7F 10 jg short kernel32.7C810CAC
7C810C9C 0F8C FCBE0200 jl kernel32.7C83CB9E
7C810CA2 837D F8 00 cmp dword ptr ss:[ebp-8],0
7C810CA6 0F82 F2BE0200 jb kernel32.7C83CB9E
7C810CAC 85DB test ebx,ebx
7C810CAE 75 0B jnz short kernel32.7C810CBB
7C810CB0 A9 FFFFFF7F test eax,7FFFFFFF
7C810CB5 0F85 CCBE0200 jnz kernel32.7C83CB87
7C810CBB 6A 0E push 0E
7C810CBD 6A 08 push 8
7C810CBF 8D45 F8 lea eax,dword ptr ss:[ebp-8]
7C810CC2 50 push eax
7C810CC3 8D45 F0 lea eax,dword ptr ss:[ebp-10]
7C810CC6 50 push eax
7C810CC7 FF75 08 push dword ptr ss:[ebp+8]
7C810CCA FF15 3010807C call dword ptr ds:[<&ntdll.NtSetInformatio>; ntdll.ZwSetInformationFile
7C810CD0 85C0 test eax,eax
7C810CD2 0F8C D9BE0200 jl kernel32.7C83CBB1
7C810CD8 85DB test ebx,ebx
7C810CDA 75 25 jnz short kernel32.7C810D01
7C810CDC 837D F8 FF cmp dword ptr ss:[ebp-8],-1
7C810CE0 0F84 BFBE0200 je kernel32.7C83CBA5
7C810CE6 8B45 F8 mov eax,dword ptr ss:[ebp-8]
7C810CE9 5F pop edi
7C810CEA 5E pop esi
7C810CEB 5B pop ebx
7C810CEC C9 leave
7C810CED C2 1000 retn 10
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
看过几个教程都是校验软件大小的
|