VOID GetExAcquireFastMutexAddr()
{
ULONG Address=0;
ULONG temp_addr;
char* temp_cr=0;
Address = (ULONG)pSSDT+ 269 * 4;
temp_addr = *(ULONG*)Address;
KdPrint(("temp_addr%x\n",temp_addr));
temp_addr=temp_addr+0x10D;
KdPrint(("temp_addr%x\n",temp_addr));
temp_cr=(char*)temp_addr;
ExAcquireFastMutex_addr=*((ULONG*)&temp_cr[2]);
KdPrint(("ExAcquireFastMutex_addr%x\n",ExAcquireFastMutex_addr));
ExAcquireFastMutex_addr=*(ULONG*)ExAcquireFastMutex_addr;
此处蓝屏求解
KdPrint(("ExAcquireFastMutex_addr%x\n",ExAcquireFastMutex_addr));
;*** Fatal System Error: 0x00000050
(0x85C0B60F,0x00000000,0xB1AF0E64,0x00000000)
用windbg查看ExAcquireFastMutex_addr
kd> dd 85c0b60f
*** ERROR: Module load completed but symbols could not be loaded for intelppm.sys
85c0b60f ???????? ???????? ???????? ????????
85c0b61f ???????? ???????? ???????? ????????
85c0b62f ???????? ???????? ???????? ????????
85c0b63f ???????? ???????? ???????? ????????
85c0b64f ???????? ???????? ???????? ????????
85c0b65f ???????? ???????? ???????? ????????
85c0b66f ???????? ???????? ???????? ????????
85c0b67f ???????? ???????? ???????? ????????
求问题所在!!!!大牛来一位啊
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法