-
-
[旧帖] [求助]asm 0.00雪花
-
发表于: 2015-9-9 23:24
-
下面的汇编哪句不对?为啥没反应?
Dim asm As New clsASM
With asm
.Push 0
.Mov_DWORD_Ptr_EAX (&H71B5A8)
.Mov_EAX_DWORD_Ptr_EAX
.Push_EAX
.Push 0
.Push 0
.Mov_DWORD_Ptr_EAX (&H71B8E0)
.Mov_EAX_DWORD_Ptr_EAX
.Mov_ECX (&HBD76BF0)
.Mov_EDX (&H3F2)
.Call_DWORD_Ptr (&H6FBFA4)
End With
asm.Run_ASM pid
这是原型
0058335F 6A 00 push 0x0
00583361 A1 A8B57100 mov eax,dword ptr ds:[0x71B5A8]
00583366 8B00 mov eax,dword ptr ds:[eax]
00583368 50 push eax
00583369 6A 00 push 0x0
0058336B 6A 00 push 0x0
0058336D A1 E0B87100 mov eax,dword ptr ds:[0x71B8E0]
00583372 8B00 mov eax,dword ptr ds:[eax]
00583374 8BCE mov ecx,esi //0BE294C0
00583376 BA F2030000 mov edx,0x3F2
0058337B E8 248C1700 call mir1.006FBFA4
下面的用郁金香注入测试通过:
push 0
mov eax,[0x71B5A8]
mov eax,[eax]
push eax
push 0
push 0
mov eax,[0x71B8E0]
mov eax,[eax]
mov ecx,0BD76BF0
mov edx,0x3F2
call 006FBFA4
Dim asm As New clsASM
With asm
.Push 0
.Mov_DWORD_Ptr_EAX (&H71B5A8)
.Mov_EAX_DWORD_Ptr_EAX
.Push_EAX
.Push 0
.Push 0
.Mov_DWORD_Ptr_EAX (&H71B8E0)
.Mov_EAX_DWORD_Ptr_EAX
.Mov_ECX (&HBD76BF0)
.Mov_EDX (&H3F2)
.Call_DWORD_Ptr (&H6FBFA4)
End With
asm.Run_ASM pid
这是原型
0058335F 6A 00 push 0x0
00583361 A1 A8B57100 mov eax,dword ptr ds:[0x71B5A8]
00583366 8B00 mov eax,dword ptr ds:[eax]
00583368 50 push eax
00583369 6A 00 push 0x0
0058336B 6A 00 push 0x0
0058336D A1 E0B87100 mov eax,dword ptr ds:[0x71B8E0]
00583372 8B00 mov eax,dword ptr ds:[eax]
00583374 8BCE mov ecx,esi //0BE294C0
00583376 BA F2030000 mov edx,0x3F2
0058337B E8 248C1700 call mir1.006FBFA4
下面的用郁金香注入测试通过:
push 0
mov eax,[0x71B5A8]
mov eax,[eax]
push eax
push 0
push 0
mov eax,[0x71B8E0]
mov eax,[eax]
mov ecx,0BD76BF0
mov edx,0x3F2
call 006FBFA4
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
|
|
|---|---|
|
|
|
|
|
|
|
|
|
