能力值:
( LV2,RANK:10 )
|
-
-
2 楼
// IMPortRec 后发现大部分函数 OK, 还有 7 个没搞定, 手动跟踪修复一下, 很容易的
42A0D4 GetCurrentProcess
42A134 GetModuleHandleA
42A1B4 GetCurrentProcessId
42A22C GetVersion
42A230 GetCommandLineA
42A354 DialogBoxParamA
我怎么就跟不到呢?能否详细说说?给个贴图!!
|
能力值:
( LV9,RANK:970 )
|
-
-
3 楼
[42A0D4] = 00D31CB8
00D31CB8 A1 187ED300 MOV EAX,DWORD PTR DS:[D37E18]
00D31CBD C3 RETN
[D37E18] = FFFFFFFF
这不就是 GetCurrentProcess 吗?
你到 Kernel32.dll 看一下就知道了.
[42A354] = 00D31D14
00D31D14 55 PUSH EBP
00D31D15 8BEC MOV EBP,ESP
00D31D17 53 PUSH EBX
00D31D18 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+8]
00D31D1B 8B45 18 MOV EAX,DWORD PTR SS:[EBP+18]
00D31D1E 50 PUSH EAX
00D31D1F 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14]
00D31D22 50 PUSH EAX
00D31D23 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
00D31D26 50 PUSH EAX
00D31D27 6A 05 PUSH 5
00D31D29 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C]
00D31D2C 50 PUSH EAX
00D31D2D 53 PUSH EBX
00D31D2E E8 2534FFFF CALL 00D25158 ; JMP to kernel32.FindResourceA
00D31D33 50 PUSH EAX
00D31D34 53 PUSH EBX
00D31D35 E8 BE34FFFF CALL 00D251F8 ; JMP to kernel32.LoadResource
00D31D3A 50 PUSH EAX
00D31D3B E8 C034FFFF CALL 00D25200 ; JMP to kernel32.SetHandleCount
00D31D40 50 PUSH EAX
00D31D41 53 PUSH EBX
00D31D42 E8 E134FFFF CALL 00D25228 ; JMP to user32.DialogBoxIndirectParamA
00D31D47 5B POP EBX
00D31D48 5D POP EBP
00D31D49 C2 1400 RETN 14
实际上就是 User32.dll 的 DialogBoxParamA
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
好,学习中................................
|
|
|
|
