验证逻辑:
if ( (signed __int64)v5 <= 96000 && (signed __int64)v5 >= 90000 )
{
...
dwIoControlCode = 0x222041;
...
v7 = DeviceIoControl(hDevice, dwIoControlCode, &InBuffer, 0x107u, &OutBuffer, 0x400u, &BytesReturned, 0i64);
if ( !v7 )
{
MessageBoxW(0i64, L"wrong!", L"err", 0);
return 0i64;
}
}
输入数SN的范围在90000~96000之间,通过DeviceIoControl与驱动交互
InBuffer:
F0 F8 2C 00 00 00 00 00 //
50 20 99 3F 01 00 00 00 //
E0 1F 00 00 00 00 00 00 //pid
62 64 01 00 00 00 00 00 //SN
EB 18 //一段可执行代码
00 00 00 00 00 00 00 00
08 00 00 00 00 00 00 00
60 6B 99 3F 01 00 00 00 //
55 48 8B EC E8 01 00 00 00 90 48 8B C4 48 C7 C1 10 00 00 00 48 33 D2 48 F7 F1 83 FA 00 75 17 48
8B 04 24 48 89 44 24 F8 48 8B 44 24 08 48 89 04 24 48 8D 64 24 F8 48 8B 0C 24 48 8B 51 DF 48 83
FA 00 74 04 48 89 55 08 48 8B 51 E7 48 83 FA 00 48 BA 2D 7F 6C 43 F6 7F 00 00 48 B8 CE 7F 6C 43
F6 7F 00 00 9C 48 2B C2 9D 74 17 48 8D 51 DD 48 8D 14 10 48 8B 41 E7 48 8D 04 10 48 8B 49 EF 51
FF D0 48 8B E5 5D C3
00 00 00 00
E8 59 0D 6D 80 3C A2 78 15 87 16 16 07 26 68 55 7F 12 F1 EF F9 A1 9C E8 EA 9C 90 F4 9F 3A A8 8C //一段密文
27 47 79 F6 DC 20 7F 86 ED 34 7E F7 1C 55 6B F6 EF F2 2A 7A F0 44 50 8A 9B E1 C4 E1 45 90 2B 0E
CF AF
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
