711E4517 8B45 E8 mov eax,dword ptr ss:[ebp-18]711E451A 8B10 mov edx,dword ptr ds:[eax]711E451C 8B45 D8 mov eax,dword ptr ss:[ebp-28]711E451F E8 0CA3FCFF call 711AE830711E4524 837D D8 00 cmp dword ptr ss:[ebp-28],0//硬件执行断点 [ebp-28]=[0013FF5C]=00E4D6DC ★711E4528 0F84 AE0C0000 je 711E51DC711E452E 837D D4 00 cmp dword ptr ss:[ebp-2C],0711E4532 0F8E A40C0000 jle 711E51DC711E4538 8B45 D8 mov eax,dword ptr ss:[ebp-28]711E453B 8B40 3C mov eax,dword ptr ds:[eax+3C]711E453E 0345 D8 add eax,dword ptr ss:[ebp-28]711E4541 8B40 28 mov eax,dword ptr ds:[eax+28]711E4544 0345 DC add eax,dword ptr ss:[ebp-24]//EAX=000010CC+00400000=004010CC ★ OEP值711E4547 83F0 FF xor eax,FFFFFFFF//异或FFFFFFFF后作为下面解码的参数711E454A 8945 F0 mov dword ptr ss:[ebp-10],eax在711E4524处中断后在数据窗口察看[0013FF5C]=00E4D6DC处数据:00E4D6DC 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 MZ?......?..00E4D6EC B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ?......@.......00E4D6FC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................00E4D70C 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 ............?..00E4D71C 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68 ?.???L?Th00E4D72C 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F is program canno00E4D73C 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 t be run in DOS00E4D74C 6D 6F 64 65 2E 0D 0D 0A 24 00 00 00 00 00 00 00 mode....$.......00E4D75C 50 45 00 00 4C 01 05 00 65 91 46 35 00 00 00 00 PE..L.e?5....
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课