-
-
[讨论]OD对CreateProcess的断点 如何翻译
-
发表于:
2011-1-18 22:28
4711
-
[讨论]OD对CreateProcess的断点 如何翻译
00128940 00462FA5 /CALL 到 CreateProcessA 来自 DNFchina.00462F9F
00128944 00000000 |ModuleFileName = NULL
00128948 034D55F0 |CommandLine = ""D:\unpack\123.exe" 参数"
0012894C 00000000 |pProcessSecurity = NULL
00128950 00000000 |pThreadSecurity = NULL
00128954 00000000 |InheritHandles = FALSE
00128958 00000000 |CreationFlags = 0
0012895C 00000000 |pEnvironment = NULL
00128960 0355C038 |CurrentDir = "D:\unpack\"
00128964 001289A0 |pStartupInfo = 001289A0 //这个数值是不变的
00128968 00128990 \pProcessInfo = 00128990 //这也是不变的
我相信想自己创建一个进程 如
CreateProcess(NULL,""D:\unpack\123.exe" 参数",NULL,NULL,FALSE,
0,NULL,"D:\unpack\",这里的SI结构如何写,这里的PI结构如何写)
[课程]Linux pwn 探索篇!