解老王的壳,-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

最新回复 (3)
WindElf 雪币： 200 能力值： (RANK：10 ) 在线值：发帖 7 回帖 27 粉丝 0 关注私信	WindElf 2 楼论坛搜一下,这样的文章不少 2005-8-11 09:13 0
fy5388 雪币： 204 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 13 回帖 47 粉丝 0 关注私信	fy5388 3 楼怎么样下断点用这个可以吗 bp CreateFileA 2005-8-11 09:47 0
fy5388 雪币： 204 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 13 回帖 47 粉丝 0 关注私信	fy5388 4 楼用 bp CreateFileA下断, 会断在 77E7C1F7 > 55 PUSH EBP ; newPhoto.00FB500E 77E7C1F8 8BEC MOV EBP,ESP 77E7C1FA FF75 08 PUSH DWORD PTR SS:[EBP+8] 77E7C1FD E8 65D20000 CALL kernel32.77E89467 77E7C202 85C0 TEST EAX,EAX 77E7C204 75 05 JNZ SHORT kernel32.77E7C20B 77E7C206 83C8 FF OR EAX,FFFFFFFF 77E7C209 EB 1A JMP SHORT kernel32.77E7C225 77E7C20B FF75 20 PUSH DWORD PTR SS:[EBP+20] 77E7C20E FF75 1C PUSH DWORD PTR SS:[EBP+1C] 77E7C211 FF75 18 PUSH DWORD PTR SS:[EBP+18] 77E7C214 FF75 14 PUSH DWORD PTR SS:[EBP+14] 77E7C217 FF75 10 PUSH DWORD PTR SS:[EBP+10] 77E7C21A FF75 0C PUSH DWORD PTR SS:[EBP+C] 77E7C21D FF70 04 PUSH DWORD PTR DS:[EAX+4] 77E7C220 E8 04000000 CALL kernel32.CreateFileW 77E7C225 5D POP EBP 77E7C226 C2 1C00 RETN 1C 77E7C229 > 55 PUSH EBP 77E7C22A 8BEC MOV EBP,ESP 77E7C22C 83EC 5C SUB ESP,5C 77E7C22F 8B45 18 MOV EAX,DWORD PTR SS:[EBP+18] 77E7C232 53 PUSH EBX 77E7C233 56 PUSH ESI 77E7C234 48 DEC EAX 77E7C235 57 PUSH EDI 77E7C236 74 3E JE SHORT kernel32.77E7C276 77E7C238 48 DEC EAX 77E7C239 74 32 JE SHORT kernel32.77E7C26D 77E7C23B 48 DEC EAX 77E7C23C 74 26 JE SHORT kernel32.77E7C264 77E7C23E 48 DEC EAX 77E7C23F 74 1A JE SHORT kernel32.77E7C25B 77E7C241 48 DEC EAX 77E7C242 75 0D JNZ SHORT kernel32.77E7C251 77E7C244 F645 0F 40 TEST BYTE PTR SS:[EBP+F],40 77E7C248 C745 F8 01000000 MOV DWORD PTR SS:[EBP-8],1 77E7C24F 75 2C JNZ SHORT kernel32.77E7C27D 77E7C251 68 0D0000C0 PUSH C000000D 77E7C256 E9 3D020000 JMP kernel32.77E7C498 77E7C25B C745 F8 03000000 MOV DWORD PTR SS:[EBP-8],3 77E7C262 EB 19 JMP SHORT kernel32.77E7C27D 77E7C264 C745 F8 01000000 MOV DWORD PTR SS:[EBP-8],1 77E7C26B EB 10 JMP SHORT kernel32.77E7C27D 77E7C26D C745 F8 05000000 MOV DWORD PTR SS:[EBP-8],5 77E7C274 EB 07 JMP SHORT kernel32.77E7C27D 77E7C276 C745 F8 02000000 MOV DWORD PTR SS:[EBP-8],2 77E7C27D 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+8] 77E7C280 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C] 77E7C283 57 PUSH EDI 77E7C284 50 PUSH EAX 77E7C285 FF15 3C10E677 CALL DWORD PTR DS:[<&ntdll.RtlInitUnicod>; ntdll.RtlInitUnicodeString 77E7C28B 6A 01 PUSH 1 2005-8-11 09:48 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (3)
WindElf 雪币： 200 能力值： (RANK：10 ) 在线值：发帖 7 回帖 27 粉丝 0 关注私信	WindElf 2 楼论坛搜一下,这样的文章不少 2005-8-11 09:13 0
fy5388 雪币： 204 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 13 回帖 47 粉丝 0 关注私信	fy5388 3 楼怎么样下断点用这个可以吗 bp CreateFileA 2005-8-11 09:47 0
fy5388 雪币： 204 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 13 回帖 47 粉丝 0 关注私信	fy5388 4 楼用 bp CreateFileA下断, 会断在 77E7C1F7 > 55 PUSH EBP ; newPhoto.00FB500E 77E7C1F8 8BEC MOV EBP,ESP 77E7C1FA FF75 08 PUSH DWORD PTR SS:[EBP+8] 77E7C1FD E8 65D20000 CALL kernel32.77E89467 77E7C202 85C0 TEST EAX,EAX 77E7C204 75 05 JNZ SHORT kernel32.77E7C20B 77E7C206 83C8 FF OR EAX,FFFFFFFF 77E7C209 EB 1A JMP SHORT kernel32.77E7C225 77E7C20B FF75 20 PUSH DWORD PTR SS:[EBP+20] 77E7C20E FF75 1C PUSH DWORD PTR SS:[EBP+1C] 77E7C211 FF75 18 PUSH DWORD PTR SS:[EBP+18] 77E7C214 FF75 14 PUSH DWORD PTR SS:[EBP+14] 77E7C217 FF75 10 PUSH DWORD PTR SS:[EBP+10] 77E7C21A FF75 0C PUSH DWORD PTR SS:[EBP+C] 77E7C21D FF70 04 PUSH DWORD PTR DS:[EAX+4] 77E7C220 E8 04000000 CALL kernel32.CreateFileW 77E7C225 5D POP EBP 77E7C226 C2 1C00 RETN 1C 77E7C229 > 55 PUSH EBP 77E7C22A 8BEC MOV EBP,ESP 77E7C22C 83EC 5C SUB ESP,5C 77E7C22F 8B45 18 MOV EAX,DWORD PTR SS:[EBP+18] 77E7C232 53 PUSH EBX 77E7C233 56 PUSH ESI 77E7C234 48 DEC EAX 77E7C235 57 PUSH EDI 77E7C236 74 3E JE SHORT kernel32.77E7C276 77E7C238 48 DEC EAX 77E7C239 74 32 JE SHORT kernel32.77E7C26D 77E7C23B 48 DEC EAX 77E7C23C 74 26 JE SHORT kernel32.77E7C264 77E7C23E 48 DEC EAX 77E7C23F 74 1A JE SHORT kernel32.77E7C25B 77E7C241 48 DEC EAX 77E7C242 75 0D JNZ SHORT kernel32.77E7C251 77E7C244 F645 0F 40 TEST BYTE PTR SS:[EBP+F],40 77E7C248 C745 F8 01000000 MOV DWORD PTR SS:[EBP-8],1 77E7C24F 75 2C JNZ SHORT kernel32.77E7C27D 77E7C251 68 0D0000C0 PUSH C000000D 77E7C256 E9 3D020000 JMP kernel32.77E7C498 77E7C25B C745 F8 03000000 MOV DWORD PTR SS:[EBP-8],3 77E7C262 EB 19 JMP SHORT kernel32.77E7C27D 77E7C264 C745 F8 01000000 MOV DWORD PTR SS:[EBP-8],1 77E7C26B EB 10 JMP SHORT kernel32.77E7C27D 77E7C26D C745 F8 05000000 MOV DWORD PTR SS:[EBP-8],5 77E7C274 EB 07 JMP SHORT kernel32.77E7C27D 77E7C276 C745 F8 02000000 MOV DWORD PTR SS:[EBP-8],2 77E7C27D 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+8] 77E7C280 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C] 77E7C283 57 PUSH EDI 77E7C284 50 PUSH EAX 77E7C285 FF15 3C10E677 CALL DWORD PTR DS:[<&ntdll.RtlInitUnicod>; ntdll.RtlInitUnicodeString 77E7C28B 6A 01 PUSH 1 2005-8-11 09:48 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复