能力值:
( LV8,RANK:130 )
|
-
-
26 楼
最初由 asmway 发布 “木马克星 5.51”???? 能把具体的版本号写更详细一点不? 要不就请把 你的“木马克星 5.51”发一份到asmway@tom.com???
很抱歉,无法上传,请自己在网上搜索一下,能找到的。
版本号:
木马克星 5.51(引擎版本号 0515)
|
能力值:
( LV2,RANK:10 )
|
-
-
27 楼
我按照楼主的步骤,打第一次补丁时刚F9,程序就出错了,可能是反调试吧,不知道怎么解决?
报错:OS: Windows XP Professional, SP1
CPU: GenuineIntel, Intel Pentium 4, MMX @ 2400 MHz
Application data:
VmVyc2lvbjogMXRYUnl5OGpOU28xQ0F3M0tUUTdLR3Q4WTJadkt6dy9
JejA1TGwxcWZIVndZbmM4DQpJbWFnZUJhc2U6IDAwNDAwMDAwDQotMQ
0KQ29kZSA9IFsyMTBdDQotIDM2DQotIDIwOQ0KLSAyMjcNCi0gMA0KL
SBbXQ0KPiBDOlxEb2N1bWVudHMgYW5kIFNldHRpbmdzXHdlaSB5aVzX
wMPmXFlCSkhGUk0xLjIuZXhlDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJ
cbnRkbGwuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJca2VybmVsMz
IuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcdXNlcjMyLmRsbA0KP
iBDOlxXSU5ET1dTXHN5c3RlbTMyXEdESTMyLmRsbA0KPiBDOlxXSU5E
T1dTXHN5c3RlbTMyXEFEVkFQSTMyLmRsbA0KPiBDOlxXSU5ET1dTXHN
5c3RlbTMyXFJQQ1JUNC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMl
xvbGVhdXQzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxNU1ZDU
lQuRExMDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcT0xFMzIuRExMDQo+
IEM6XFdJTkRPV1Ncc3lzdGVtMzJcdmVyc2lvbi5kbGwNCj4gQzpcV0l
ORE9XU1xzeXN0ZW0zMlxjb21jdGwzMi5kbGwNCj4gQzpcV0lORE9XU1
xzeXN0ZW0zMlxzaGVsbDMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3Rlb
TMyXFNITFdBUEkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcY29t
ZGxnMzIuZGxsDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcd3MyXzMyLmR
sbA0KPiBDOlxXSU5ET1dTXFN5c3RlbTMyXFdTMkhFTFAuZGxsDQo+IE
M6XFdJTkRPV1NcU3lzdGVtMzJcd3NvY2szMi5kbGwNCj4gQzpcV0lOR
E9XU1xTeXN0ZW0zMlxJTU0zMi5ETEwNCj4gQzpcV0lORE9XU1xTeXN0
ZW0zMlxMUEsuRExMDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcVVNQMTA
uZGxsDQo+IEM6XFdJTkRPV1NcV2luU3hTXHg4Nl9NaWNyb3NvZnQuV2
luZG93cy5Db21tb24tQ29udHJvbHNfNjU5NWI2NDE0NGNjZjFkZl82L
jAuMTAuMF94LXd3X2Y3ZmI1ODA1XGNvbWN0bDMyLmRsbA0KPiBDOlxX
SU5ET1dTXHN5c3RlbTMyXElORElDRExMLmRsbA0KPiBDOlxXSU5ET1d
TXFN5c3RlbTMyXG1zY3RmaW1lLmltZQ0KPiBDOlxXSU5ET1dTXFN5c3
RlbTMyXE1zaW10Zi5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxNU
0NURi5kbGw=
|
能力值:
( LV9,RANK:450 )
|
-
-
28 楼
然后 F9 运行,IAT 随即被解密,可从命令槽口 d 5a3294,再在数据窗口观察验证。接下来,撤销 00DB75F4 处的更改(切记!),补丁是否撤销无碍,Shift+F9 至最后一次异常 00DBFAA5 C700 EFCA5C85 MOV DWORD PTR DS:[EAX],855CCAEF,Ctrl+B 搜索“89,45,F0,B8,00,07,00,00”,在 00DB7190 CALL 00D9254C 设断,Shift+F9 至此,撤销断点,沿用前面申请到的内存空间,改 CALL 00D9254C 为 JMP 010B0037 后,转到(注意不是运行到...)该内存空间,粘贴补丁:
Ctrl+B 搜索“89,45,F0,B8,00,07,00,00” 这段代码是怎么得来的?
|
能力值:
( LV2,RANK:10 )
|
-
-
29 楼
精品贴,顶........
|
|
|