能力值:
![]()
(RANK:1130 )
|
-
-
2 楼
我前一段时间写的忽悠.exe里面的一小段代码,方法不是很好,不过我想不出好方法了
#pragma comment(linker, "/EXPORT:p1=_GetOpCodeSize,@1")
#pragma comment(linker, "/EXPORT:p2=_SetOnBefore,@2")
#pragma comment(linker, "/EXPORT:p3=_SetOnAfter,@3")
#pragma comment(linker, "/EXPORT:p4=_My_ReadProcessMemory,@4")
#pragma comment(linker, "/EXPORT:p5=_My_WriteProcessMemory,@5")
#pragma comment(linker, "/EXPORT:p6=_My_ZwSetContextThread,@6")
#pragma comment(linker, "/EXPORT:p7=_My_CreateProcessA,@7")
#pragma comment(linker, "/EXPORT:p8=_myStrCmp@8,@8,NONAME")
#ifdef __cplusplus
extern "C"
{
#endif
void My_ReadProcessMemory(DWORD RetAddr,HANDLE hProcess, LPVOID lpBaseAddress,LPVOID lpBuffer,DWORD nSize,LPDWORD lpNumberOfBytesWritten);
void My_ZwSetContextThread(DWORD RetAddr,HANDLE ThreadHandle,CONTEXT * pContext);
void My_WriteProcessMemory(DWORD RetAddr,HANDLE hProcess, LPVOID lpBaseAddress,LPVOID lpBuffer,DWORD nSize,LPDWORD lpNumberOfBytesWritten);
void My_CreateProcessA(DWORD RetAddr,
LPCSTR lpApplicationName,
LPSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCSTR lpCurrentDirectory,
LPSTARTUPINFOA lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
);
int __stdcall myStrCmp(const char* a,const char* b);
#ifdef __cplusplus
};
#endif
|
能力值:
![]()
(RANK:1010 )
|
-
-
3 楼
加个DEF文件
|
能力值:
( LV12,RANK:610 )
|
-
-
4 楼
我试了,不行啊!
用IDA看不到要导出的函数。
而OllyDBG.exe用IDA可以看到一堆导出函数的。
|
能力值:
( LV12,RANK:610 )
|
-
-
5 楼
呵呵,谢谢,我来试试!
|
能力值:
![]()
(RANK:1130 )
|
-
-
6 楼
加DEF文件是可以的,但是编译完要把PE头里面dll的标志去掉才能运行,很不方便,也许是VC链接器的原因吧
|
能力值:
( LV9,RANK:250 )
|
-
-
7 楼
__declspec(dllexport) fundef
可以看到导出的函数.
但是,能不能使用是另外一回事.
|
