-
-
[求助]问一个古老的问题,R3下断链隐藏DLL后如何恢复?
-
发表于:
2010-8-11 21:31
7304
-
[求助]问一个古老的问题,R3下断链隐藏DLL后如何恢复?
隐藏代码(有效)
ldm->InLoadOrderModuleList.Blink->Flink = ldm->InLoadOrderModuleList.Flink;
ldm->InLoadOrderModuleList.Flink->Blink = ldm->InLoadOrderModuleList.Blink;
ldm->InInitializationOrderModuleList.Blink->Flink = ldm->InInitializationOrderModuleList.Flink;
ldm->InInitializationOrderModuleList.Flink->Blink = ldm->InInitializationOrderModuleList.Blink;
ldm->InMemoryOrderModuleList.Blink->Flink = ldm->InMemoryOrderModuleList.Flink;
ldm->InMemoryOrderModuleList.Flink->Blink = ldm->InMemoryOrderModuleList.Blink;
恢复代码(无效)
//g_ldm->InLoadOrderModuleList.Flink->Blink = &g_ldm->InLoadOrderModuleList;
//g_ldm->InLoadOrderModuleList.Blink->Flink = &g_ldm->InLoadOrderModuleList;
//g_ldm->InInitializationOrderModuleList.Flink->Blink = &g_ldm->InInitializationOrderModuleList;
//g_ldm->InInitializationOrderModuleList.Blink->Flink = &g_ldm->InInitializationOrderModuleList;
//g_ldm->InMemoryOrderModuleList.Flink->Blink = &g_ldm->InMemoryOrderModuleList;
//g_ldm->InMemoryOrderModuleList.Blink->Flink = &g_ldm->InMemoryOrderModuleList;
我是在隐藏的时候将ldm保存了一份,恢复的时候直接用原来的ldm恢复,但是无效,难道链表顺序会变,恢复的时候顺序与原先不同了?
请大牛们指教啊
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
