能力值:
( LV12,RANK:200 )
|
-
-
2 楼
您试着换个OD看看?
http://download.csdn.net/detail/lostspeed/5276703
OllyICE_1.10_byPediy_GoodOnWin7X64.rar
我用的这个版本的OD, 在Win7X64下,用OD加载这个DLL, 没有退出啊?
您说的一会就退出了, "一会"是多久啊?
|
能力值:
( LV12,RANK:200 )
|
-
-
3 楼
wm818329.dll 的逆向工程
/// wm818329.dll 的逆向工程
/// 用OD可以正常加载, 运行了N久, 不会退出
/// 没壳, 直接扔到IDA中, 整理出代码
/// @note
/// wm818329.dll 作用 : 注册3个自定义消息
/// "WM_HOOKEX_XY"
/// "WM_HOOKEX_XY1"
/// "WM_HOOKEX_XY2"
#include "stdafx.h"
#include <windows.h>
int (__stdcall *g_fnRegisterWindowMessageA)(char *);
HMODULE g_hModule = NULL;
BOOL g_bMsgRegisterOk = FALSE;
const char * pcUserMsg1 = "WM_HOOKEX_XY";
const char * pcUserMsg2 = "WM_HOOKEX_XY1";
const char * pcUserMsg3 = "WM_HOOKEX_XY2";
BOOL __stdcall MyRegisterWindowMessage(char * pcUserMsg);
BOOL APIENTRY DllMain( HMODULE hinstDLL,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
g_hModule = hinstDLL;
DisableThreadLibraryCalls(hinstDLL);
if (!g_bMsgRegisterOk)
{
/// 没有注册过 或 没注册上
g_bMsgRegisterOk = MyRegisterWindowMessage((char *)pcUserMsg1);
g_bMsgRegisterOk += MyRegisterWindowMessage((char *)pcUserMsg2);
if (g_bMsgRegisterOk)
g_bMsgRegisterOk = MyRegisterWindowMessage((char *)pcUserMsg3);
}
}
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
BOOL __stdcall MyRegisterWindowMessage(char * pcUserMsg)
{
HMODULE hMoudule = NULL;
BOOL bResult = TRUE;
if (NULL == g_fnRegisterWindowMessageA)
{
hMoudule = GetModuleHandleA("user32.dll");
if (NULL != hMoudule)
g_fnRegisterWindowMessageA = (int (__stdcall *)(char *))GetProcAddress(hMoudule, "RegisterWindowMessageA");
}
if (NULL != g_fnRegisterWindowMessageA)
bResult = g_fnRegisterWindowMessageA(pcUserMsg);
else
bResult = FALSE;
return bResult;
}
|
能力值:
( LV3,RANK:20 )
|
-
-
4 楼
靠,楼上大牛,我也放IDA里分析过了,我分析的代码怎么这么乱呢?求指点一二呀。。
我用OD加载后,等10几秒左右就会OD退出,楼上二位都说不会退出,看来真是OD有问题,我换个版本再分析。。
|
|
|
|
