-
-
[旧帖] [求助]VirtualProtectEx 有什么方法使用汇编来实现? 0.00雪花
-
发表于: 2013-6-12 13:54
-
人家HOOK VirtualProtectEx 就可以看到我要写入哪个地址了 可否像驱动那样使用汇编去更改
VOID WPOFF() //驱动去掉页面保护
{
__asm
{
cli
push eax
mov eax, cr0
and eax, 0FFFEFFFFh
mov cr0, eax
pop eax
}
}
[培训]科锐软件逆向54期预科班、正式班开始火爆招生报名啦!!!
|
|
|---|---|
|
|
|
|
|
|
|
|
R3下自己实现个,凑合着用
 #define OUT
#define IN
BOOL __stdcall SDI_VirtualProtect(
IN LPVOID lpAddress, // region of committed pages
IN SIZE_T dwSize, // size of the region
IN DWORD flNewProtect, // desired access protection
OUT PDWORD lpflOldProtect // old protection
)
{
BOOL bResult;
lpAddress = (LPVOID)((DWORD)lpAddress & 0xFFFFF000);
__asm
{
jmp L_X0;
}
C_SysEnter:
__asm
{
mov edx, esp;
__asm _emit 0x0F;//sysenter
__asm _emit 0x34;
ret;
}
C_NTVitrualProtect:
__asm
{
mov eax, 0x89;
call C_SysEnter;
ret 0x14;
}
L_X0:
__asm
{
push lpflOldProtect;
push flNewProtect;
lea eax, dwSize;
push eax;
lea eax, lpAddress;
push eax;
push -1;
call C_NTVitrualProtect;
test eax, eax;
jnz L_X1;
inc eax;
jmp L_X2;
L_X1:
xor eax, eax;
L_X2:
mov bResult, eax;
}
return bResult;
}
|
|
|
|
