-
-
[旧帖] [求助]"在第一节上设置内存访问断点" ,不明白 0.00雪花
-
发表于: 2007-10-20 14:46
-
打开“内存窗口”,在第一节上 设置内存访问断点
这句明白,请高手指点:第一节,究竟是那一节阿?
引自:http://bbs.pediy.com/showthread.php?threadid=36219(12月专题:手脱Yoda 1.03.3版本教程)
如下表
Memory map
Address Size Owner Section Contains
00010000 00001000
00020000 00001000
0012A000 00001000
0012B000 00005000 stack of mai
00130000 00003000
00140000 00015000
00240000 00006000
00250000 00003000
00260000 00016000
00280000 0003D000
002C0000 00041000
00310000 00006000
00320000 00041000
00370000 00004000
00380000 00003000
00390000 00008000
003A0000 00001000
003B0000 00001000
00400000 00001000 Crackme0 PE header
00401000 00007000 Crackme0 code
00408000 00001000 Crackme0 data
00409000 00001000 Crackme0
0040A000 00001000 Crackme0
0040B000 00001000 Crackme0
0040C000 00001000 Crackme0
0040D000 00001000 Crackme0
0040E000 00004000 Crackme0 .rsrc resources
00412000 00004000 Crackme0 .x01
00416000 00009000 Crackme0 Booooo! SFX,imports,
00420000 00005000
004E0000 00002000
004F0000 00103000
00600000 0009E000
0FFD0000 00001000 rsaenh PE header
0FFD1000 00021000 rsaenh .text code,imports
0FFF2000 00003000 rsaenh .data data
0FFF5000 00001000 rsaenh .rsrc resources
0FFF6000 00002000 rsaenh .reloc relocations
62C20000 00001000 LPK PE header
62C21000 00005000 LPK .text code,imports
62C26000 00001000 LPK .data data
62C27000 00001000 LPK .rsrc resources
62C28000 00001000 LPK .reloc relocations
73FA0000 00001000 USP10 PE header
73FA1000 00044000 USP10 .text code,imports
73FE5000 00010000 USP10 .data data
73FF5000 00002000 USP10 Shared
73FF7000 00012000 USP10 .rsrc resources
74009000 00002000 USP10 .reloc relocations
76300000 00001000 IMM32 PE header
76301000 00015000 IMM32 .text code,imports
76316000 00001000 IMM32 .data data
76317000 00005000 IMM32 .rsrc resources
7631C000 00001000 IMM32 .reloc relocations
76990000 00001000 ole32 PE header
76991000 0011E000 ole32 .text code,imports
76AAF000 00006000 ole32 .orpc code
76AB5000 00007000 ole32 .data data
76ABC000 00002000 ole32 .rsrc resources
76ABE000 0000E000 ole32 .reloc relocations
770F0000 00001000 oleaut32 PE header
770F1000 0007F000 oleaut32 .text code,imports
77170000 00002000 oleaut32 .orpc code
77172000 00003000 oleaut32 .data data
77175000 00001000 oleaut32 .rsrc resources
77176000 00006000 oleaut32 .reloc relocations
77BE0000 00001000 msvcrt PE header
77BE1000 0004C000 msvcrt .text code,imports
77C2D000 00007000 msvcrt .data data
77C34000 00001000 msvcrt .rsrc resources
77C35000 00003000 msvcrt .reloc relocations
77D10000 00001000 User32 PE header
77D11000 0005F000 User32 .text code,imports
77D70000 00002000 User32 .data data
77D72000 0002A000 User32 .rsrc resources
77D9C000 00003000 User32 .reloc relocations
77DA0000 00001000 ADVAPI32 PE header
77DA1000 00075000 ADVAPI32 .text code,imports
77E16000 00005000 ADVAPI32 .data data
77E1B000 00029000 ADVAPI32 .rsrc resources
77E44000 00005000 ADVAPI32 .reloc relocations
77E50000 00001000 RPCRT4 PE header
77E51000 00082000 RPCRT4 .text code,imports
77ED3000 00007000 RPCRT4 .orpc code
77EDA000 00001000 RPCRT4 .data data
77EDB000 00001000 RPCRT4 .rsrc resources
77EDC000 00005000 RPCRT4 .reloc relocations
77EF0000 00001000 GDI32 PE header
77EF1000 00041000 GDI32 .text code,imports
77F32000 00001000 GDI32 .data data
77F33000 00001000 GDI32 .rsrc resources
77F34000 00002000 GDI32 .reloc relocations
7C800000 00001000 kernel32 PE header
7C801000 00082000 kernel32 .text code,imports
7C883000 00005000 kernel32 .data data
7C888000 0008E000 kernel32 .rsrc resources
7C916000 00006000 kernel32 .reloc relocations
7C920000 00001000 ntdll PE header
7C921000 0007B000 ntdll .text code,exports
7C99C000 00005000 ntdll .data data
7C9A1000 00010000 ntdll .rsrc resources
7C9B1000 00003000 ntdll .reloc relocations
7F6F0000 00007000
7FFA0000 00033000
7FFDB000 00001000
7FFDF000 00001000 data block o
7FFE0000 00001000
这句明白,请高手指点:第一节,究竟是那一节阿?
引自:http://bbs.pediy.com/showthread.php?threadid=36219(12月专题:手脱Yoda 1.03.3版本教程)
如下表
Memory map
Address Size Owner Section Contains
00010000 00001000
00020000 00001000
0012A000 00001000
0012B000 00005000 stack of mai
00130000 00003000
00140000 00015000
00240000 00006000
00250000 00003000
00260000 00016000
00280000 0003D000
002C0000 00041000
00310000 00006000
00320000 00041000
00370000 00004000
00380000 00003000
00390000 00008000
003A0000 00001000
003B0000 00001000
00400000 00001000 Crackme0 PE header
00401000 00007000 Crackme0 code
00408000 00001000 Crackme0 data
00409000 00001000 Crackme0
0040A000 00001000 Crackme0
0040B000 00001000 Crackme0
0040C000 00001000 Crackme0
0040D000 00001000 Crackme0
0040E000 00004000 Crackme0 .rsrc resources
00412000 00004000 Crackme0 .x01
00416000 00009000 Crackme0 Booooo! SFX,imports,
00420000 00005000
004E0000 00002000
004F0000 00103000
00600000 0009E000
0FFD0000 00001000 rsaenh PE header
0FFD1000 00021000 rsaenh .text code,imports
0FFF2000 00003000 rsaenh .data data
0FFF5000 00001000 rsaenh .rsrc resources
0FFF6000 00002000 rsaenh .reloc relocations
62C20000 00001000 LPK PE header
62C21000 00005000 LPK .text code,imports
62C26000 00001000 LPK .data data
62C27000 00001000 LPK .rsrc resources
62C28000 00001000 LPK .reloc relocations
73FA0000 00001000 USP10 PE header
73FA1000 00044000 USP10 .text code,imports
73FE5000 00010000 USP10 .data data
73FF5000 00002000 USP10 Shared
73FF7000 00012000 USP10 .rsrc resources
74009000 00002000 USP10 .reloc relocations
76300000 00001000 IMM32 PE header
76301000 00015000 IMM32 .text code,imports
76316000 00001000 IMM32 .data data
76317000 00005000 IMM32 .rsrc resources
7631C000 00001000 IMM32 .reloc relocations
76990000 00001000 ole32 PE header
76991000 0011E000 ole32 .text code,imports
76AAF000 00006000 ole32 .orpc code
76AB5000 00007000 ole32 .data data
76ABC000 00002000 ole32 .rsrc resources
76ABE000 0000E000 ole32 .reloc relocations
770F0000 00001000 oleaut32 PE header
770F1000 0007F000 oleaut32 .text code,imports
77170000 00002000 oleaut32 .orpc code
77172000 00003000 oleaut32 .data data
77175000 00001000 oleaut32 .rsrc resources
77176000 00006000 oleaut32 .reloc relocations
77BE0000 00001000 msvcrt PE header
77BE1000 0004C000 msvcrt .text code,imports
77C2D000 00007000 msvcrt .data data
77C34000 00001000 msvcrt .rsrc resources
77C35000 00003000 msvcrt .reloc relocations
77D10000 00001000 User32 PE header
77D11000 0005F000 User32 .text code,imports
77D70000 00002000 User32 .data data
77D72000 0002A000 User32 .rsrc resources
77D9C000 00003000 User32 .reloc relocations
77DA0000 00001000 ADVAPI32 PE header
77DA1000 00075000 ADVAPI32 .text code,imports
77E16000 00005000 ADVAPI32 .data data
77E1B000 00029000 ADVAPI32 .rsrc resources
77E44000 00005000 ADVAPI32 .reloc relocations
77E50000 00001000 RPCRT4 PE header
77E51000 00082000 RPCRT4 .text code,imports
77ED3000 00007000 RPCRT4 .orpc code
77EDA000 00001000 RPCRT4 .data data
77EDB000 00001000 RPCRT4 .rsrc resources
77EDC000 00005000 RPCRT4 .reloc relocations
77EF0000 00001000 GDI32 PE header
77EF1000 00041000 GDI32 .text code,imports
77F32000 00001000 GDI32 .data data
77F33000 00001000 GDI32 .rsrc resources
77F34000 00002000 GDI32 .reloc relocations
7C800000 00001000 kernel32 PE header
7C801000 00082000 kernel32 .text code,imports
7C883000 00005000 kernel32 .data data
7C888000 0008E000 kernel32 .rsrc resources
7C916000 00006000 kernel32 .reloc relocations
7C920000 00001000 ntdll PE header
7C921000 0007B000 ntdll .text code,exports
7C99C000 00005000 ntdll .data data
7C9A1000 00010000 ntdll .rsrc resources
7C9B1000 00003000 ntdll .reloc relocations
7F6F0000 00007000
7FFA0000 00033000
7FFDB000 00001000
7FFDF000 00001000 data block o
7FFE0000 00001000
|
|
|---|---|
|
|
自己顶起
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 俺就是不晓得在那里下内存访问断点a如果我在:00416000 00009000 Crackme0 Booooo! SFX,imports,这节下内存访问断点,结果断在这里,这是为啥阿! 004187D5 E8 DBDDFFFF call 004165B5 ; jmp to kernel32.GetCurrentProcess 怎么还是 GetCurrentProcess这里呢,如果想按F8,跑飞 请问我接下了,如何处理? |
|
|
|
|
|
|
|
|
|
|
|
|
