能力值:
( LV5,RANK:60 )
|
-
-
2 楼
膜拜之。坐等海风大牛出现。
|
能力值:
( LV7,RANK:100 )
|
-
-
3 楼
对于方法二,估计有点难!
顺便吧,StrongOD hook的API帖出来
>SSDT State
NtClose
Actual Address 0xF0389268
Hooked by: C:\OllyDBG\plugin\whlsod.sys
NtCreateProcess
Actual Address 0xF03892C8
Hooked by: C:\OllyDBG\plugin\whlsod.sys
NtDuplicateObject
Actual Address 0xF03891E8
Hooked by: C:\OllyDBG\plugin\whlsod.sys
NtOpenProcess
Actual Address 0xF0388E18
Hooked by: C:\OllyDBG\plugin\whlsod.sys
NtOpenThread
Actual Address 0xF0388F28
Hooked by: C:\OllyDBG\plugin\whlsod.sys
NtQueryInformationProcess
Actual Address 0xF0389068
Hooked by: C:\OllyDBG\plugin\whlsod.sys
NtQueryObject
Actual Address 0xF0388D78
Hooked by: C:\OllyDBG\plugin\whlsod.sys
NtQuerySystemInformation
Actual Address 0xF0388988
Hooked by: C:\OllyDBG\plugin\whlsod.sys
NtSetInformationThread
Actual Address 0xF0389018
Hooked by: C:\OllyDBG\plugin\whlsod.sys
NtYieldExecution
Actual Address 0xF0388E08
Hooked by: C:\OllyDBG\plugin\whlsod.sys
>Shadow
NtUserBuildHwndList
Actual Address 0xF0389558
Hooked by: C:\OllyDBG\plugin\whlsod.sys
NtUserFindWindowEx
Actual Address 0xF0389718
Hooked by: C:\OllyDBG\plugin\whlsod.sys
NtUserGetForegroundWindow
Actual Address 0xF03897A8
Hooked by: C:\OllyDBG\plugin\whlsod.sys
NtUserPostMessage
Actual Address 0xF0389518
Hooked by: C:\OllyDBG\plugin\whlsod.sys
NtUserQueryWindow
Actual Address 0xF0389478
Hooked by: C:\OllyDBG\plugin\whlsod.sys
NtUserSetParent
Actual Address 0xF0389838
Hooked by: C:\OllyDBG\plugin\whlsod.sys
>Hooks
[1044]Ollydbg.exe-->kernel32.dll-->ContinueDebugEvent, Type: IAT modification 0x0050D2B8
[StrongOD.dll]
[1044]Ollydbg.exe-->kernel32.dll-->CreateProcessA, Type: IAT modification 0x0050D2C4
[StrongOD.dll]
[1044]Ollydbg.exe-->kernel32.dll-->DebugActiveProcess, Type: IAT modification 0x0050D2C8
[StrongOD.dll]
[1044]Ollydbg.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0050D344
[StrongOD.dll]
[1044]Ollydbg.exe-->kernel32.dll-->MultiByteToWideChar, Type: IAT modification 0x0050D3C8
[StrongOD.dll]
[1044]Ollydbg.exe-->kernel32.dll-->WaitForDebugEvent, Type: IAT modification 0x0050D440
[StrongOD.dll]
[1044]Ollydbg.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C92D754
[StrongOD.dll]
[1044]Ollydbg.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C92D769
[StrongOD.dll]
[1044]Ollydbg.exe-->user32.dll-->CreateMDIWindowA, Type: IAT modification 0x0050D7F4
[StrongOD.dll]
[1044]Ollydbg.exe-->user32.dll-->DialogBoxParamA, Type: IAT modification 0x0050D81C [StrongOD.dll]
[1044]Ollydbg.exe-->user32.dll-->EnumChildWindows, Type: IAT modification 0x0050D83C
[StrongOD.dll]
[1044]Ollydbg.exe-->user32.dll-->GetClassLongA, Type: IAT modification 0x0050D858 [StrongOD.dll]
[1044]Ollydbg.exe-->user32.dll-->GetWindowLongA, Type: IAT modification 0x0050D8B0 [StrongOD.dll]
[1044]Ollydbg.exe-->user32.dll-->GetWindowTextA, Type: Inline - RelativeJump 0x77D3212B
[unknown_code_page]
[1044]Ollydbg.exe-->user32.dll-->RegisterClassA, Type: IAT modification 0x0050D920 [StrongOD.dll]
[1044]Ollydbg.exe-->user32.dll-->SetWindowTextA, Type: IAT modification 0x0050D96C [StrongOD.dll]
还有1个CreateProcess Notfiy
|
能力值:
( LV8,RANK:130 )
|
-
-
4 楼
这些都是小把戏了,一般调试强壳自己都改掉了。
|
能力值:
( LV5,RANK:71 )
|
-
-
5 楼
看不出有什么用!?
|
能力值:
( LV8,RANK:120 )
|
-
-
6 楼
招聘被拒没关系,再来过啊..
|
能力值:
( LV3,RANK:20 )
|
-
-
7 楼
GetWindowText?
来个SetWindowText就搞定了
|
能力值:
( LV7,RANK:100 )
|
-
-
8 楼
关键是已经能够找到窗口的句柄了,这样就有很多方法去判断窗口,GetWindowText只是最简单的一种
|
能力值:
( LV5,RANK:71 )
|
-
-
9 楼
展护卫,我貌似知道楼主为什么招聘被拒了
|
能力值:
( LV2,RANK:10 )
|
-
-
10 楼
我个人觉得靠检测窗口名字来检测调式器 非常不靠铺啊....
|
能力值:
( LV2,RANK:10 )
|
-
-
11 楼
这样就能过StrongOD v0.4.3?
|
能力值:
( LV7,RANK:100 )
|
-
-
12 楼
仅仅作为方法之一,别忘了StrongOD是隐藏窗口的~~试试变知
|
|
|