请问heXer怎样把幻影改成专业版????????
下面转heXer的文章
;标准版的dbpe2.10可以改造成支持SDK的专业版
;需要改造的是其dbpe.dll和dbpe2.dll
;这里不公布改造方法,只展示一下SDK
;有能力的自行改造吧,很有意思PEDIY
;
;dbpe2.10 SDK for asm
;
GetUserName_dbpe PROTO :DWORD
GetHardCode_dbpe PROTO :DWORD
Md5Hash_dbpe PROTO :DWORD,:DWORD
;以下6个proc用法十分简单,与原API用法完全一样
;建议调试程序时用原始API,最后换成_dbpe的,再用dbpe2.10专业版加壳就OK了
;
CreateFile_dbpe PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD
ReadFile_dbpe PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD
WriteFile_dbpe PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD
SetFilePointer_dbpe PROTO :DWORD,:DWORD,:DWORD,:DWORD
CloseHandle_dbpe PROTO :DWORD
DeleteFile_dbpe PROTO :DWORD
.code
GetUserName_dbpe proc pUserName:DWORD
invoke GetClassName,0FEFE2002h,pUserName,4
ret
GetUserName_dbpe endp
GetHardCode_dbpe proc pHardCode:DWORD
invoke GetClassName,0FEFE2003h,pHardCode,4
ret
GetHardCode_dbpe endp
Md5Hash_dbpe proc pSrcData:DWORD,
pResMd5:DWORD
LOCAL ClassName[2]:DWORD
mov eax,pSrcData
mov ClassName,eax
mov eax,pResMd5
mov ClassName[4],eax
invoke GetClassName,0FEFE2004h,ADDR ClassName,8
ret
Md5Hash_dbpe endp
CreateFile_dbpe proc pFileName:DWORD,
dwDesiredAccess:DWORD,
dwShareMode:DWORD,
pSecurityAttributes:DWORD,
dwCreationDistribution:DWORD,
dwFlagsAndAttributes:DWORD,
hTemplateFile:DWORD
LOCAL ClassName[7]:DWORD
mov eax,pFileName
mov ClassName,eax
mov eax,dwDesiredAccess
mov ClassName[4],eax
mov eax,dwShareMode
mov ClassName[8],eax
mov eax,pSecurityAttributes
mov ClassName[12],eax
mov eax,dwCreationDistribution
mov ClassName[16],eax
mov eax,dwFlagsAndAttributes
mov ClassName[20],eax
mov eax,hTemplateFile
mov ClassName[24],eax
invoke GetClassName,0FEFE2011h,ADDR ClassName,1Ch
ret
CreateFile_dbpe endp
ReadFile_dbpe proc hFile:DWORD,
pBuffer:DWORD,
nNumberOfBytesToRead:DWORD,
pNumberOfBytesRead:DWORD,
pOverlapped:DWORD
LOCAL ClassName[5]:DWORD
mov eax,hFile
mov ClassName,eax
mov eax,pBuffer
mov ClassName[4],eax
mov eax,nNumberOfBytesToRead
mov ClassName[8],eax
mov eax,pNumberOfBytesRead
mov ClassName[12],eax
mov eax,pOverlapped
mov ClassName[16],eax
invoke GetClassName,0FEFE2012h,ADDR ClassName,14h
ret
ReadFile_dbpe endp
WriteFile_dbpe proc hFile:DWORD,
pBuffer:DWORD,
nNumberOfBytesToWrite:DWORD,
pNumberOfBytesWritten:DWORD,
pOverlapped:DWORD
LOCAL ClassName[5]:DWORD
mov eax,hFile
mov ClassName,eax
mov eax,pBuffer
mov ClassName[4],eax
mov eax,nNumberOfBytesToWrite
mov ClassName[8],eax
mov eax,pNumberOfBytesWritten
mov ClassName[12],eax
mov eax,pOverlapped
mov ClassName[16],eax
invoke GetClassName,0FEFE2013h,ADDR ClassName,14h
ret
WriteFile_dbpe endp
SetFilePointer_dbpe proc hFile:DWORD,
lDistanceToMove:DWORD,
lDistanceToMoveHigh:DWORD,
dwMoveMethod:DWORD
LOCAL ClassName[4]:DWORD
mov eax,hFile
mov ClassName,eax
mov eax,lDistanceToMove
mov ClassName[4],eax
mov eax,lDistanceToMoveHigh
mov ClassName[8],eax
mov eax,dwMoveMethod
mov ClassName[12],eax
invoke GetClassName,0FEFE2014h,ADDR ClassName,10h
ret
SetFilePointer_dbpe endp
CloseHandle_dbpe proc hFile:DWORD,
LOCAL ClassName:DWORD
mov eax,hFile
mov ClassName,eax
invoke GetClassName,0FEFE2015h,ADDR ClassName,4
ret
CloseHandle_dbpe endp
DeleteFile_dbpe proc pFileName:DWORD,
LOCAL ClassName:DWORD
mov eax,pFileName
mov ClassName,eax
invoke GetClassName,0FEFE2016h,ADDR ClassName,4
ret
DeleteFile_dbpe endp
请问heXer怎样把幻影改成专业版!!!!!!!!!!!!!!!
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)