ULONG_PTR SkipJmpAddress(ULONG_PTR uAddress) { ULONG_PTR TrueAddress = 0; PBYTE pFn = (PBYTE)uAddress; if (pFn[0] == 0xE9) { TrueAddress = (ULONG_PTR)pFn + *(ULONG_PTR*)(pFn + 1) + 5; return TrueAddress; }
int pid = getpid(); bool shd = ReadProcessMemory(OpenProcess(PROCESS_VM_READ, true, pid), (LPVOID)uAddress, pFn, 2, &dwBytesReturned); printf("%d\n", shd);
DWORD dwOLD; MEMORY_BASIC_INFORMATION MemInfo; VirtualQuery((LPCVOID)uAddress, &MemInfo, sizeof(MEMORY_BASIC_INFORMATION)); if (VirtualProtect(MemInfo.BaseAddress, MemInfo.RegionSize, PAGE_READWRITE, &dwOLD)) { PBYTE pFn = (PBYTE)uAddress; printf("fff:%x\n", pFn[0]); }
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法