还是一个未解的问题 for PECompact 2 Dll 重定位 RVA 与 大小
10242CA0 > B8 8C352410 mov eax,DivX.1024358C <<<<<<<<<<<<<<入口点
10242CA5 50 push eax
10242CA6 64:FF35 00000>push dword ptr fs:[0]
10242CAD 64:8925 00000>mov dword ptr fs:[0],esp
10242CB4 33C0 xor eax,eax
10242CB6 8908 mov dword ptr ds:[eax],ecx <<<<<<<<<<<<<<<异常
1024358C B8 36242400 mov eax,242436
10243591 8D88 79110010 lea ecx,dword ptr ds:[eax+10001179]
10243597 8941 01 mov dword ptr ds:[ecx+1],eax
1024359A 8B5424 04 mov edx,dword ptr ss:[esp+4]
1024359E 8B52 0C mov edx,dword ptr ds:[edx+C]
102435A1 C602 E9 mov byte ptr ds:[edx],0E9
102435A4 83C2 05 add edx,5
102435A7 2BCA sub ecx,edx
102435A9 894A FC mov dword ptr ds:[edx-4],ecx
102435AC 33C0 xor eax,eax
102435AE C3 retn <<<<<<<<<<<<<<<<中断后按F9两次123456789会变242436
102435AF B8 78563412 mov eax,12345678
102435B4 64:8F05 00000>pop dword ptr fs:[0]
102435BB 83C4 04 add esp,4
102435BE 55 push ebp
102435BF 53 push ebx
102435C0 51 push ecx
102435C1 57 push edi
102435C2 56 push esi
102435C3 52 push edx
102435C4 8D98 32110010 lea ebx,dword ptr ds:[eax+10001132]
102435CA 8B53 18 mov edx,dword ptr ds:[ebx+18]
102435CD 52 push edx
102435CE 8BE8 mov ebp,eax
102435D0 6A 40 push 40
102435D2 68 00100000 push 1000
102435D7 FF73 04 push dword ptr ds:[ebx+4]
102435DA 6A 00 push 0
102435DC 8B4B 10 mov ecx,dword ptr ds:[ebx+10]
102435DF 03CA add ecx,edx
102435E1 8B01 mov eax,dword ptr ds:[ecx]
102435E3 FFD0 call eax
102435E5 5A pop edx
102435E6 8BF8 mov edi,eax
102435E8 50 push eax
102435E9 52 push edx
102435EA 8B33 mov esi,dword ptr ds:[ebx]
102435EC 8B43 20 mov eax,dword ptr ds:[ebx+20]
102435EF 03C2 add eax,edx
102435F1 8B08 mov ecx,dword ptr ds:[eax]
102435F3 894B 20 mov dword ptr ds:[ebx+20],ecx
102435F6 8B43 1C mov eax,dword ptr ds:[ebx+1C]
102435F9 03C2 add eax,edx
102435FB 8B08 mov ecx,dword ptr ds:[eax]
102435FD 894B 1C mov dword ptr ds:[ebx+1C],ecx
10243600 03F2 add esi,edx
10243602 8B4B 0C mov ecx,dword ptr ds:[ebx+C]
10243605 03CA add ecx,edx
10243607 8D43 1C lea eax,dword ptr ds:[ebx+1C]
1024360A 50 push eax
1024360B 57 push edi
1024360C 56 push esi
1024360D FFD1 call ecx
1024360F 5A pop edx
10243610 58 pop eax
10243611 0343 08 add eax,dword ptr ds:[ebx+8]
10243614 8BF8 mov edi,eax
10243616 52 push edx
10243617 8BF0 mov esi,eax
10243619 8B46 FC mov eax,dword ptr ds:[esi-4]
1024361C 83C0 04 add eax,4
1024361F 2BF0 sub esi,eax
10243621 8956 08 mov dword ptr ds:[esi+8],edx
10243624 8B4B 10 mov ecx,dword ptr ds:[ebx+10]
10243627 894E 24 mov dword ptr ds:[esi+24],ecx
1024362A 8B4B 14 mov ecx,dword ptr ds:[ebx+14]
1024362D 51 push ecx
1024362E 894E 28 mov dword ptr ds:[esi+28],ecx
10243631 8B4B 0C mov ecx,dword ptr ds:[ebx+C]
10243634 894E 14 mov dword ptr ds:[esi+14],ecx
10243637 FFD7 call edi
10243639 8985 23120010 mov dword ptr ss:[ebp+10001223],eax
1024363F 8BF0 mov esi,eax
10243641 59 pop ecx
10243642 5A pop edx
10243643 03CA add ecx,edx
10243645 68 00800000 push 8000
1024364A 6A 00 push 0
1024364C 57 push edi
1024364D FF11 call dword ptr ds:[ecx]
1024364F 8BC6 mov eax,esi
10243651 5A pop edx
10243652 5E pop esi
10243653 5F pop edi
10243654 59 pop ecx
10243655 5B pop ebx
10243656 5D pop ebp
10243657 FFE0 jmp eax <<<<<<<<<<<<<<<To OEP
翻了很多教程找不到 重定位的 RVA
也没有见到 Fly 教程里面的 序列代码:
add esi,ebx
xor eax,eax
有哪位大侠愿意详细指导
THX
附件
[课程]Linux pwn 探索篇!
