能力值:
( LV4,RANK:50 )
|
-
-
2 楼
PE编辑工具直接改段属性
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
对汇编工具不熟悉
只知道在程序运行过程中可以设置,参考以下程序
start:
mov esi, (ProgramEnd-start)
invoke VirtualProtect, 401000h, esi, PAGE_EXECUTE_READWRITE, ADDR oldProt ; enable write to code section
test eax, eax
jnz _patch
invoke MessageBox, NULL, szErr, szErr, MB_OK ; error, show it and quit
jmp _end
_patch:
lea edi, _change
mov al, 0e8h ; call opcode
stosb
mov eax, 00000008h ; Will be 08 00 00 00 when written to memory
stosd
invoke VirtualProtect, 401000h, esi, oldProt, ADDR oldProt ; restore the old protection settings
_msgBox: push NULL
push offset szTitle
push offset szText
push NULL
_change: nop ; here will be inserted 'call MessageBox'
nop
nop
nop
nop
_end: invoke ExitProcess, NULL
ProgramEnd:
end start
|
|
|
|
