-
-
[求助]问一个古老的问题,R3下断链隐藏DLL后如何恢复?
-
发表于:
2010-8-11 21:31
7337
-
[求助]问一个古老的问题,R3下断链隐藏DLL后如何恢复?
隐藏代码(有效)
ldm->InLoadOrderModuleList.Blink->Flink = ldm->InLoadOrderModuleList.Flink;
ldm->InLoadOrderModuleList.Flink->Blink = ldm->InLoadOrderModuleList.Blink;
ldm->InInitializationOrderModuleList.Blink->Flink = ldm->InInitializationOrderModuleList.Flink;
ldm->InInitializationOrderModuleList.Flink->Blink = ldm->InInitializationOrderModuleList.Blink;
ldm->InMemoryOrderModuleList.Blink->Flink = ldm->InMemoryOrderModuleList.Flink;
ldm->InMemoryOrderModuleList.Flink->Blink = ldm->InMemoryOrderModuleList.Blink;
恢复代码(无效)
//g_ldm->InLoadOrderModuleList.Flink->Blink = &g_ldm->InLoadOrderModuleList;
//g_ldm->InLoadOrderModuleList.Blink->Flink = &g_ldm->InLoadOrderModuleList;
//g_ldm->InInitializationOrderModuleList.Flink->Blink = &g_ldm->InInitializationOrderModuleList;
//g_ldm->InInitializationOrderModuleList.Blink->Flink = &g_ldm->InInitializationOrderModuleList;
//g_ldm->InMemoryOrderModuleList.Flink->Blink = &g_ldm->InMemoryOrderModuleList;
//g_ldm->InMemoryOrderModuleList.Blink->Flink = &g_ldm->InMemoryOrderModuleList;
我是在隐藏的时候将ldm保存了一份,恢复的时候直接用原来的ldm恢复,但是无效,难道链表顺序会变,恢复的时候顺序与原先不同了?
请大牛们指教啊
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
