DLL为什么有时能加载成功-付费问答-看雪-安全社区|安全招聘|kanxue.com

最新回复 (4)
jsphuang 雪币： 42 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 20 粉丝 0 关注私信	jsphuang 2 楼 bytes pages size description --------- ----- ---- -------------------------------------------- 6225920 760 8192 allocating memory for b-tree... 6225920 760 8192 allocating memory for virtual array... 262144 32 8192 allocating memory for name pointers... ----------------------------------------------------------------- 12713984 total memory allocated Loading IDP module D:\Program Files\IDA Free\procs\pc.w32 for processor metapc...OK Autoanalysis subsystem has been initialized. Possible file format: MS-DOS executable (EXE) (D:\Program Files\IDA Free\loaders\dos.ldw) Possible file format: Portable executable for 80386 (PE) (D:\Program Files\IDA Free\loaders\pe.ldw) Loading file 'D:\Program Files\microsoftVC6\MSDev98\MyProjects\IIDMod\Test.exe' into database... Detected file format: Portable executable for 80386 (PE) 0. Creating a new segment (00401000-00511000) ... ... OK 1. Creating a new segment (00511000-00540000) ... ... OK 2. Creating a new segment (00540000-005570AC) ... ... OK Reading exports directory... Reading imports directory... 3. Creating a new segment (0053FADE-00540000) ... ... OK Name 'const CxFile::`vftable'' at 00511DD8 is deleted... Name 'const CxIOFile::`vftable'' at 00511E10 is deleted... Name 'const CxMemFile::`vftable'' at 00511E48 is deleted... Name 'const CxImage::`vftable'' at 00511E80 is deleted... Name 'const CxImageJPG::`vftable'' at 00512190 is deleted... Name 'const CxImageGIF::`vftable'' at 00512194 is deleted... Name 'const CxImageTIF::`vftable'' at 00512198 is deleted... LoadLibrary(D:\Program Files\IDA Free\plugins\tds.plw) => error code 126 D:\Program Files\IDA Free\plugins\tds.plw: can't load file Plan FLIRT signature: Microsoft VisualC 2-8/net runtime autoload.cfg: vc32rtf.sig autoloads vc6win.til Assuming __cdecl calling convention by default Plan FLIRT signature: MFC 3.1/4.0/4.2/8.0 32bit autoload.cfg: vc32mfc.sig autoloads vc6win.til main() function at 50C2B6, named "_WinMain@16" Marking typical code sequences... Flushing buffers, please wait...ok File 'D:\Program Files\microsoftVC6\MSDev98\MyProjects\IIDMod\Test.exe' is successfully loaded into the database. Compiling file 'D:\Program Files\IDA Free\idc\ida.idc'... Executing function 'main'... Compiling file 'D:\Program Files\IDA Free\idc\onload.idc'... Executing function 'OnLoad'... IDA is analysing the input file... You may start to explore the input file right now. Using FLIRT signature: Microsoft VisualC 2-8/net runtime Using FLIRT signature: MFC 3.1/4.0/4.2/8.0 32bit Propagating type information... Function argument information is propagated The initial autoanalysis has been finished. Debugger: Process started: D:\Program Files\microsoftVC6\MSDev98\MyProjects\IIDMod\Test.exe Debugger: Library loaded: C:\WINDOWS\system32\ntdll.dll Debugger: Library loaded: C:\WINDOWS\system32\kernel32.dll Debugger: Library loaded: C:\WINDOWS\system32\wininet.dll Debugger: Library loaded: C:\WINDOWS\system32\msvcrt.dll Debugger: Library loaded: C:\WINDOWS\system32\shlwapi.dll Debugger: Library loaded: C:\WINDOWS\system32\advapi32.dll Debugger: Library loaded: C:\WINDOWS\system32\rpcrt4.dll Debugger: Library loaded: C:\WINDOWS\system32\secur32.dll Debugger: Library loaded: C:\WINDOWS\system32\gdi32.dll Debugger: Library loaded: C:\WINDOWS\system32\user32.dll Debugger: Library loaded: C:\WINDOWS\system32\normaliz.dll Debugger: Library loaded: C:\WINDOWS\system32\urlmon.dll Debugger: Library loaded: C:\WINDOWS\system32\ole32.dll Debugger: Library loaded: C:\WINDOWS\system32\oleaut32.dll Debugger: Library loaded: C:\WINDOWS\system32\iertutil.dll Debugger: Library loaded: C:\WINDOWS\system32\mfc42.dll Debugger: Library loaded: C:\WINDOWS\system32\shell32.dll Debugger: Library loaded: C:\WINDOWS\system32\comctl32.dll Debugger: Library loaded: C:\WINDOWS\system32\ws2_32.dll Debugger: Library loaded: C:\WINDOWS\system32\ws2help.dll Debugger: Library loaded: D:\Program Files\microsoftVC6\MSDev98\MyProjects\IIDMod\my.dll Test.exe: The instruction at 0x7C9375C2 referenced memory at 0x53FAD6. The memory could not be written (0x7C9375C2 -> 0053FAD6) Debugger: Library loaded: D:\Program Files\microsoftVC6\MSDev98\MyProjects\IIDMod\my.dll Test.exe: The instruction at 0x7C9375C2 referenced memory at 0x53FAD6. The memory could not be written (0x7C9375C2 -> 0053FAD6) 提示在加载my.dll的时候出错。 2012-4-18 13:51 0
lirm 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 32 粉丝 0 关注私信	lirm 3 楼这个还真说不清，但听你这么描述，我在想，是不是你的跳转指令有问题呀？有没有类似于 FAR JMP XXXXXXX； 2012-4-19 11:46 0
jsphuang 雪币： 42 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 20 粉丝 0 关注私信	jsphuang 4 楼用ollydbg 打开后，提示加载my.dll出错，但是还没有到调用jmp MyFun_IAT指令的地方，所以不知道这种简单的注入方法哪个地方没有处理好，注入代码是用vc写的，有朋友愿意帮忙，我把vc写的代码发给看看？ 2012-4-22 18:21 0
liuyq 雪币： 285 活跃值： (16) 能力值： ( LV3，RANK：20 ) 在线值：发帖 24 回帖 1199 粉丝 0 关注私信	liuyq 5 楼光写在程序入口没用，看到DLL加载时有个事件吗？写在那里，那个是第一时间调用的 2012-4-23 03:40 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (4)
jsphuang 雪币： 42 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 20 粉丝 0 关注私信	jsphuang 2 楼 bytes pages size description --------- ----- ---- -------------------------------------------- 6225920 760 8192 allocating memory for b-tree... 6225920 760 8192 allocating memory for virtual array... 262144 32 8192 allocating memory for name pointers... ----------------------------------------------------------------- 12713984 total memory allocated Loading IDP module D:\Program Files\IDA Free\procs\pc.w32 for processor metapc...OK Autoanalysis subsystem has been initialized. Possible file format: MS-DOS executable (EXE) (D:\Program Files\IDA Free\loaders\dos.ldw) Possible file format: Portable executable for 80386 (PE) (D:\Program Files\IDA Free\loaders\pe.ldw) Loading file 'D:\Program Files\microsoftVC6\MSDev98\MyProjects\IIDMod\Test.exe' into database... Detected file format: Portable executable for 80386 (PE) 0. Creating a new segment (00401000-00511000) ... ... OK 1. Creating a new segment (00511000-00540000) ... ... OK 2. Creating a new segment (00540000-005570AC) ... ... OK Reading exports directory... Reading imports directory... 3. Creating a new segment (0053FADE-00540000) ... ... OK Name 'const CxFile::`vftable'' at 00511DD8 is deleted... Name 'const CxIOFile::`vftable'' at 00511E10 is deleted... Name 'const CxMemFile::`vftable'' at 00511E48 is deleted... Name 'const CxImage::`vftable'' at 00511E80 is deleted... Name 'const CxImageJPG::`vftable'' at 00512190 is deleted... Name 'const CxImageGIF::`vftable'' at 00512194 is deleted... Name 'const CxImageTIF::`vftable'' at 00512198 is deleted... LoadLibrary(D:\Program Files\IDA Free\plugins\tds.plw) => error code 126 D:\Program Files\IDA Free\plugins\tds.plw: can't load file Plan FLIRT signature: Microsoft VisualC 2-8/net runtime autoload.cfg: vc32rtf.sig autoloads vc6win.til Assuming __cdecl calling convention by default Plan FLIRT signature: MFC 3.1/4.0/4.2/8.0 32bit autoload.cfg: vc32mfc.sig autoloads vc6win.til main() function at 50C2B6, named "_WinMain@16" Marking typical code sequences... Flushing buffers, please wait...ok File 'D:\Program Files\microsoftVC6\MSDev98\MyProjects\IIDMod\Test.exe' is successfully loaded into the database. Compiling file 'D:\Program Files\IDA Free\idc\ida.idc'... Executing function 'main'... Compiling file 'D:\Program Files\IDA Free\idc\onload.idc'... Executing function 'OnLoad'... IDA is analysing the input file... You may start to explore the input file right now. Using FLIRT signature: Microsoft VisualC 2-8/net runtime Using FLIRT signature: MFC 3.1/4.0/4.2/8.0 32bit Propagating type information... Function argument information is propagated The initial autoanalysis has been finished. Debugger: Process started: D:\Program Files\microsoftVC6\MSDev98\MyProjects\IIDMod\Test.exe Debugger: Library loaded: C:\WINDOWS\system32\ntdll.dll Debugger: Library loaded: C:\WINDOWS\system32\kernel32.dll Debugger: Library loaded: C:\WINDOWS\system32\wininet.dll Debugger: Library loaded: C:\WINDOWS\system32\msvcrt.dll Debugger: Library loaded: C:\WINDOWS\system32\shlwapi.dll Debugger: Library loaded: C:\WINDOWS\system32\advapi32.dll Debugger: Library loaded: C:\WINDOWS\system32\rpcrt4.dll Debugger: Library loaded: C:\WINDOWS\system32\secur32.dll Debugger: Library loaded: C:\WINDOWS\system32\gdi32.dll Debugger: Library loaded: C:\WINDOWS\system32\user32.dll Debugger: Library loaded: C:\WINDOWS\system32\normaliz.dll Debugger: Library loaded: C:\WINDOWS\system32\urlmon.dll Debugger: Library loaded: C:\WINDOWS\system32\ole32.dll Debugger: Library loaded: C:\WINDOWS\system32\oleaut32.dll Debugger: Library loaded: C:\WINDOWS\system32\iertutil.dll Debugger: Library loaded: C:\WINDOWS\system32\mfc42.dll Debugger: Library loaded: C:\WINDOWS\system32\shell32.dll Debugger: Library loaded: C:\WINDOWS\system32\comctl32.dll Debugger: Library loaded: C:\WINDOWS\system32\ws2_32.dll Debugger: Library loaded: C:\WINDOWS\system32\ws2help.dll Debugger: Library loaded: D:\Program Files\microsoftVC6\MSDev98\MyProjects\IIDMod\my.dll Test.exe: The instruction at 0x7C9375C2 referenced memory at 0x53FAD6. The memory could not be written (0x7C9375C2 -> 0053FAD6) Debugger: Library loaded: D:\Program Files\microsoftVC6\MSDev98\MyProjects\IIDMod\my.dll Test.exe: The instruction at 0x7C9375C2 referenced memory at 0x53FAD6. The memory could not be written (0x7C9375C2 -> 0053FAD6) 提示在加载my.dll的时候出错。 2012-4-18 13:51 0
lirm 雪币： 2 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 32 粉丝 0 关注私信	lirm 3 楼这个还真说不清，但听你这么描述，我在想，是不是你的跳转指令有问题呀？有没有类似于 FAR JMP XXXXXXX； 2012-4-19 11:46 0
jsphuang 雪币： 42 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 20 粉丝 0 关注私信	jsphuang 4 楼用ollydbg 打开后，提示加载my.dll出错，但是还没有到调用jmp MyFun_IAT指令的地方，所以不知道这种简单的注入方法哪个地方没有处理好，注入代码是用vc写的，有朋友愿意帮忙，我把vc写的代码发给看看？ 2012-4-22 18:21 0
liuyq 雪币： 285 活跃值： (16) 能力值： ( LV3，RANK：20 ) 在线值：发帖 24 回帖 1199 粉丝 0 关注私信	liuyq 5 楼光写在程序入口没用，看到DLL加载时有个事件吗？写在那里，那个是第一时间调用的 2012-4-23 03:40 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

[旧帖] DLL为什么有时能加载成功 0.00雪花