-
-
OEP在哪里
-
发表于:
2004-10-1 22:52
3690
-
http://www.wizissoft.com/cn/
00401A58 /EB 10 jmp short CyberArt.00401A6A是这里
00401A5A |66:623A bound di,dword ptr ds:[edx]
00401A5D |43 inc ebx
00401A5E |2B2B sub ebp,dword ptr ds:[ebx]
00401A60 |48 dec eax
00401A61 |4F dec edi
00401A62 |4F dec edi
00401A63 |4B dec ebx
00401A64 |90 nop
00401A65 -|E9 98E05A00 jmp 009AFB02
00401A6A \A1 8BE05A00 mov eax,dword ptr ds:[5AE08B]还是这里
00401A6F C1E0 02 shl eax,2
00401A72 A3 8FE05A00 mov dword ptr ds:[5AE08F],eax
00401A77 52 push edx
00401A78 6A 00 push 0
00401A7A E8 6BAF1A00 call CyberArt.005AC9EA ; jmp to kernel32.GetModuleHandleA
00401A7F 8BD0 mov edx,eax
00401A81 E8 CA361700 call CyberArt.00575150
00401A86 5A pop edx
00401A87 E8 28361700 call CyberArt.005750B4
00401A8C E8 FF361700 call CyberArt.00575190
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课