我XP系统下在脱一个Armdillo4.4加壳的Windows 2000下的记事本时,DUMP,并且修复IAT之后,利用ImportREC 修复时出现下面的情况
Can't read memory of the process!
是什么原因啊?
下面是 ImportREC 的 LOG
综合分析程序...
Module loaded: f:\windows\system32\ntdll.dll
Module loaded: f:\windows\system32\kernel32.dll
Module loaded: f:\windows\system32\user32.dll
Module loaded: f:\windows\system32\gdi32.dll
Module loaded: f:\windows\system32\shimeng.dll
Module loaded: f:\windows\apppatch\acgenral.dll
Module loaded: f:\windows\system32\advapi32.dll
Module loaded: f:\windows\system32\rpcrt4.dll
Module loaded: f:\windows\system32\winmm.dll
Module loaded: f:\windows\system32\ole32.dll
Module loaded: f:\windows\system32\msvcrt.dll
Module loaded: f:\windows\system32\oleaut32.dll
Module loaded: f:\windows\system32\msacm32.dll
Module loaded: f:\windows\system32\version.dll
Module loaded: f:\windows\system32\shell32.dll
Module loaded: f:\windows\system32\shlwapi.dll
Module loaded: f:\windows\system32\userenv.dll
Module loaded: f:\windows\system32\uxtheme.dll
Module loaded: f:\windows\system32\imm32.dll
Module loaded: f:\windows\system32\lpk.dll
Module loaded: f:\windows\system32\usp10.dll
Module loaded: f:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
Module loaded: f:\windows\system32\comctl32.dll
Module loaded: f:\windows\system32\comdlg32.dll
Module loaded: f:\windows\system32\ws2_32.dll
Module loaded: f:\windows\system32\ws2help.dll
Module loaded: f:\windows\system32\inetmib1.dll
Module loaded: f:\windows\system32\iphlpapi.dll
Module loaded: f:\windows\system32\snmpapi.dll
Module loaded: f:\windows\system32\wsock32.dll
Module loaded: f:\windows\system32\mprapi.dll
Module loaded: f:\windows\system32\activeds.dll
Module loaded: f:\windows\system32\adsldpc.dll
Module loaded: f:\windows\system32\netapi32.dll
Module loaded: f:\windows\system32\wldap32.dll
Module loaded: f:\windows\system32\atl.dll
Module loaded: f:\windows\system32\rtutils.dll
Module loaded: f:\windows\system32\samlib.dll
Module loaded: f:\windows\system32\setupapi.dll
Module loaded: f:\windows\system32\msvbvm60.dll
Module loaded: f:\windows\system32\winspool.drv
Getting associated modules done.
Image Base:01000000 Size:000C0000
Can't read memory of the process!
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!