-
-
[原创]公共变量查询脚本
-
发表于:
2011-1-12 21:51
4917
-
mov findaddr, 401000
mov findover, findaddr
add findover, 8C7000
START:
cmp findaddr, findover
jae END
findop findaddr, #8B??#
cmp $RESULT, 0
je END
mov findaddr, $RESULT
add findaddr, 2
cmp [findaddr], 0118
je FIND118
cmp [findaddr], 05F8
je FIND5F8
jmp START
FIND118:
mov opcode, findaddr
sub opcode, 2
eval "{opcode} MOV E?X,DWORD PTR DS:[E?X+118]"
log $RESULT
jmp START
FIND5F8:
mov opcode, findaddr
sub opcode, 2
eval "{opcode} MOV E?X,DWORD PTR DS:[E?X+5F8]"
log $RESULT
jmp START
END:
ret
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
