能力值:
( LV3,RANK:30 )
|
-
-
2 楼
bp VirtualProtectEx
7C801A5D > 8BFF mov edi,edi
7C801A5F 55 push ebp
7C801A60 8BEC mov ebp,esp
7C801A62 56 push esi
7C801A63 8B35 B812807C mov esi,dword ptr ds:[<&ntdll.NtProtectV>; ntdll.ZwProtectVirtualMemory
7C801A69 57 push edi
7C801A6A FF75 18 push dword ptr ss:[ebp+18]
7C801A6D 8D45 10 lea eax,dword ptr ss:[ebp+10]
7C801A70 FF75 14 push dword ptr ss:[ebp+14]
7C801A73 50 push eax
7C801A74 8D45 0C lea eax,dword ptr ss:[ebp+C]
7C801A77 50 push eax
7C801A78 FF75 08 push dword ptr ss:[ebp+8]
7C801A7B FFD6 call esi 下硬件断点
看堆栈,找到合适的机会返回,然后动态搜索关键代码,就到OEP了!
修复的时候,要修若干重定位。
|
|
|