-
-
[求助]debugport 清零过 od 没有数据
-
发表于: 2018-9-22 20:01
-
自己弄了 一个dnf 私服 就学下 dnf 过驱动保护 代码什么的 都是在看雪 里面找的 也有找的 网上的
双机调试 也弄好 也过去了 debbugport 清零 也弄一下 eprocess+bc 的清零 也过了 winddbg 也在+bc 下来访问断点 基本上没有 清零的代码了
就是调试的时候 OD 跟没有处理过清零一样 接受不到数据
我也有用windbg 在
eprocess+bc 下断点 用od 调试dnf
小弟第一次发帖有不对的地方 请见谅
小弟先谢谢各位大虾
下面是winddbg +od 调试dnf
Breakpoint 0 hit
nt!DbgkpSetProcessDebugObject+0x5c:
8063a8b2 7573 jne nt!DbgkpSetProcessDebugObject+0xd1 (8063a927)
kd> dd edi+bc
8222b414 00000000 e15e21f0 e16f7510 e11c55a5
8222b424 00000001 b28e5d00 00000000 00040001
8222b434 00000000 8222b438 8222b438 00000000
8222b444 000167e7 00000001 b2aa9bf0 00000000
8222b454 00040001 00000000 8222b45c 8222b45c
8222b464 00000000 00000000 00000000 00000000
8222b474 8222b290 81e8e400 00000000 000043a0
8222b484 00000000 e1053008 00000000 e1cb9ed8
kd> g
Breakpoint 0 hit
nt!DbgkpSetProcessDebugObject+0x6a:
8063a8c0 e88b90eeff call nt!ObfReferenceObject (80523950)
kd> dd edi+bc
8222b414 8228c920 e15e21f0 e16f7510 e11c55a5
8222b424 00000001 b28e5d00 00000000 00040001
8222b434 00000000 8222b438 8222b438 00000000
8222b444 000167e7 00000001 b2aa9bf0 00000000
8222b454 00040001 00000000 8222b45c 8222b45c
8222b464 00000000 00000000 00000000 00000000
8222b474 8222b290 81e8e400 00000000 000043a0
8222b484 00000000 e1053008 00000000 e1cb9ed8
kd> g
Breakpoint 0 hit
nt!DbgkpMarkProcessPeb+0x48:
80639868 0f95c0 setne al
kd> dd esi+bc
8222b414 8228c920 e15e21f0 e16f7510 e11c55a5
8222b424 00000001 b28e5d00 00000000 00040001
8222b434 00000000 8222b438 8222b438 00000000
8222b444 000167e7 00000001 b2aa9bf0 00000000
8222b454 00040001 00000000 8222b45c 8222b45c
8222b464 00000000 00000000 00000000 00000000
8222b474 8222b290 81e8e400 00000000 000043a0
8222b484 00000000 e1053008 00000000 e1cb9ed8
kd> g
Breakpoint 0 hit
nt!DbgkCreateThread+0x12b:
8063b0dd 0f8460020000 je nt!DbgkCreateThread+0x391 (8063b343)
kd> dd esi+bc
8222b414 8228c920 e15e21f0 e16f7510 e11c55a5
8222b424 00000001 b2aa9a70 00000000 00040001
8222b434 00000000 8222b438 8222b438 00000000
8222b444 000167e7 00000001 b2aa9b14 00000000
8222b454 00040001 00000000 8222b45c 8222b45c
8222b464 00000000 00000000 00000000 00000000
8222b474 8222b290 81ed10d8 00000000 000043a2
8222b484 00000000 e1053008 00000000 e1cb9ed8
kd> g
Breakpoint 0 hit
nt!DbgkpQueueMessage+0x81:
80639b93 894514 mov dword ptr [ebp+14h],eax
kd> dd eax+bc
8228c9dc 00000001 00000000 00000000 7f000000
8228c9ec 7f000000 7f000000 00000000 00000000
8228c9fc 00000000 00000000 00000000 00000000
8228ca0c 00000000 00000000 00000000 00000000
8228ca1c 00000001 00000000 00000000 0a040019
8228ca2c 53646156 00000f00 00000f3f 81e3b440
8228ca3c 00000000 00000000 84000006 0a060004
8228ca4c ee657645 00000001 00000001 823b6708
kd> g
Breakpoint 0 hit
nt!PspExitThread+0x28c:
805c955a 7424 je nt!PspExitThread+0x2b2 (805c9580)
kd> dd edi+bc
8222b414 8228c920 e15e21f0 e16f7510 e11c55a5
8222b424 00000001 b2aa9ca0 00000000 00040001
8222b434 00000000 8222b438 8222b438 00000000
8222b444 000167e7 00000001 b2aa9ca0 00000000
8222b454 00040001 00000000 8222b45c 8222b45c
8222b464 00000000 00000000 00000000 00000000
8222b474 8222b290 81ed10d8 00000000 000043a2
8222b484 00000000 e1053008 00000000 e1cb9ed8
kd> g
Breakpoint 0 hit
nt!DbgkExitThread+0x26:
8063b376 85c9 test ecx,ecx
kd> dd ecx+bc
8228c9dc 00000001 00000000 00000000 7f000000
8228c9ec 7f000000 7f000000 00000000 00000000
8228c9fc 00000000 00000000 00000000 00000000
8228ca0c 00000000 00000000 00000000 00000000
8228ca1c 00000001 00000000 00000000 0a040019
8228ca2c 53646156 00000f00 00000f3f 81e3b440
8228ca3c 00000000 00000000 84000006 0a060004
8228ca4c ee657645 00000001 00000001 823b6708
kd> g
Breakpoint 0 hit
nt!DbgkpQueueMessage+0x81:
80639b93 894514 mov dword ptr [ebp+14h],eax
kd> dd eax+bc
8228c9dc 00000001 00000000 00000000 7f000000
8228c9ec 7f000000 7f000000 00000000 00000000
8228c9fc 00000000 00000000 00000000 00000000
8228ca0c 00000000 00000000 00000000 00000000
8228ca1c 00000001 00000000 00000000 0a040019
8228ca2c 53646156 00000f00 00000f3f 81e3b440
8228ca3c 00000000 00000000 84000006 0a060004
8228ca4c ee657645 00000001 00000001 823b6708
kd> g
od 没有数据
下面是od 剥离dnf
kd> g
Breakpoint 0 hit
nt!DbgkExitThread+0x26:
8063b376 85c9 test ecx,ecx
kd> dd ecx+bc
8228c9dc 00000001 00000000 00000000 7f000000
8228c9ec 7f000000 7f000000 00000000 00000000
8228c9fc 00000000 00000000 00000000 00000000
8228ca0c 00000000 00000000 00000000 00000000
8228ca1c 00000001 00000000 00000000 0a040019
8228ca2c 53646156 00000f00 00000f3f 81e3b440
8228ca3c 00000000 00000000 84000006 0a060004
8228ca4c ee657645 00000001 00000001 823b6708
kd> g
Breakpoint 0 hit
nt!DbgkpQueueMessage+0x81:
80639b93 894514 mov dword ptr [ebp+14h],eax
kd> dd eax+bc
8228c9dc 00000001 00000000 00000000 7f000000
8228c9ec 7f000000 7f000000 00000000 00000000
8228c9fc 00000000 00000000 00000000 00000000
8228ca0c 00000000 00000000 00000000 00000000
8228ca1c 00000001 00000000 00000000 0a040019
8228ca2c 53646156 00000f00 00000f3f 81e3b440
8228ca3c 00000000 00000000 84000006 0a060004
8228ca4c ee657645 00000001 00000001 823b6708
kd> g
Breakpoint 0 hit
nt!DbgkClearProcessDebugObject+0x23:
8063a799 33c9 xor ecx,ecx
kd> dd eax
8222b414 8228c920 e15e21f0 e16f7510 e11c55a5
8222b424 00000001 b2839cb0 00000000 00040001
8222b434 00000000 8222b438 8222b438 00000000
8222b444 000167e7 00000001 b2839cb0 00000000
8222b454 00040001 00000000 8222b45c 8222b45c
8222b464 00000000 00000000 00000000 00000000
8222b474 8222b290 8222b290 00000000 000043f4
8222b484 00000000 e1053008 00000000 e1cb9ed8
kd> g
Breakpoint 0 hit
nt!DbgkClearProcessDebugObject+0x35:
8063a7ab 894d0c mov dword ptr [ebp+0Ch],ecx
kd> dd eax
8222b414 00000000 e15e21f0 e16f7510 e11c55a5
8222b424 00000001 b2839cb0 00000000 00040001
8222b434 00000000 8222b438 8222b438 00000000
8222b444 000167e7 00000001 b2839cb0 00000000
8222b454 00040001 00000000 8222b45c 8222b45c
8222b464 00000000 00000000 00000000 00000000
8222b474 8222b290 8222b290 00000000 000043f4
8222b484 00000000 e1053008 00000000 e1cb9ed8
kd> g
Breakpoint 0 hit
nt!DbgkpMarkProcessPeb+0x48:
80639868 0f95c0 setne al
kd> dd esi+bc
8222b414 00000000 e15e21f0 e16f7510 e11c55a5
8222b424 00000001 b2839cb0 00000000 00040001
8222b434 00000000 8222b438 8222b438 00000000
8222b444 000167e7 00000001 b2839cb0 00000000
8222b454 00040001 00000000 8222b45c 8222b45c
8222b464 00000000 00000000 00000000 00000000
8222b474 8222b290 8222b290 00000000 000043f4
8222b484 00000000 e1053008 00000000 e1cb9ed8
kd> g
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
