一个DLL反汇编代码，不知道这样调用是否正确-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] 一个DLL反汇编代码，不知道这样调用是否正确 0.00雪花

发表于: 2008-8-25 16:09 2448

[旧帖] 一个DLL反汇编代码，不知道这样调用是否正确 0.00雪花

jacay

2008-8-25 16:09

2448

; int __stdcall ModifyGame(DWORD dwProcessId,DWORD dwThreadId)
.text:10001EF0                public ModifyGame
.text:10001EF0 ModifyGame    proc near             ; DATA XREF: Kingsoft:loc_10001ED2o
.text:10001EF0
.text:10001EF0 Buffer       = dword ptr -14h
.text:10001EF0 var_10       = byte ptr -10h
.text:10001EF0 var_E          = byte ptr -0Eh
.text:10001EF0 var_D          = byte ptr -0Dh
.text:10001EF0 var_C          = byte ptr -0Ch
.text:10001EF0 var_B          = byte ptr -0Bh
.text:10001EF0 var_A          = byte ptr -0Ah
.text:10001EF0 var_9          = byte ptr -9
.text:10001EF0 var_8          = dword ptr -8
.text:10001EF0 hProcess       = dword ptr -4
.text:10001EF0 dwProcessId    = dword ptr  8
.text:10001EF0 dwThreadId    = dword ptr  0Ch
.text:10001EF0
.text:10001EF0                push ebp
.text:10001EF1                mov    ebp, esp
.text:10001EF3                sub    esp, 14h
.text:10001EF6                mov    eax, dword_1000D060
.text:10001EFB                xor    eax, ebp
.text:10001EFD                mov    [ebp+var_8], eax
.text:10001F00                mov    eax, [ebp+dwProcessId]
.text:10001F03                push eax          ; dwProcessId
.text:10001F04                push 0             ; bInheritHandle
.text:10001F06                push 1F0FFFh       ; dwDesiredAccess
.text:10001F0B                call ds:OpenProcess
.text:10001F11                mov    [ebp+hProcess], eax
.text:10001F14                cmp    [ebp+hProcess], 0
.text:10001F18                jz    short loc_10001F7E
.text:10001F1A                mov    word ptr [ebp+Buffer], 0D2FFh
.text:10001F20                push 0             ; lpNumberOfBytesWritten
.text:10001F22                push 2             ; nSize
.text:10001F24                lea    ecx, [ebp+Buffer]
.text:10001F27                push ecx          ; lpBuffer
.text:10001F28                push 428314h       ; lpBaseAddress
.text:10001F2D                mov    edx, [ebp+hProcess]
.text:10001F30                push edx          ; hProcess
.text:10001F31                call ds:WriteProcessMemory
.text:10001F37                mov    [ebp+var_10], 8Dh
.text:10001F3B                mov    byte ptr [ebp-0Fh], 44h
.text:10001F3F                mov    [ebp+var_E], 24h
.text:10001F43                mov    [ebp+var_D], 30h
.text:10001F47                mov    [ebp+var_C], 55h
.text:10001F4B                mov    [ebp+var_B], 50h
.text:10001F4F                mov    [ebp+var_A], 54h
.text:10001F53                mov    [ebp+var_9], 0BAh
.text:10001F57                push 0             ; lpNumberOfBytesWritten
.text:10001F59                push 8             ; nSize
.text:10001F5B                lea    eax, [ebp+var_10]
.text:10001F5E                push eax          ; lpBuffer
.text:10001F5F                push 428308h       ; lpBaseAddress
.text:10001F64                mov    ecx, [ebp+hProcess]
.text:10001F67                push ecx          ; hProcess
.text:10001F68                call ds:WriteProcessMemory
.text:10001F6E                mov    edx, [ebp+dwThreadId]
.text:10001F71                push edx          ; dwThreadId
.text:10001F72                call sub_10002100
.text:10001F77                mov    eax, 0FFFFFFFEh
.text:10001F7C                jmp    short loc_10001F81
.text:10001F7E ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?
.text:10001F7E
.text:10001F7E loc_10001F7E:                         ; CODE XREF: ModifyGame+28j
.text:10001F7E                or    eax, 0FFFFFFFFh
.text:10001F81
.text:10001F81 loc_10001F81:                         ; CODE XREF: ModifyGame+8Cj
.text:10001F81                mov    ecx, [ebp+var_8]
.text:10001F84                xor    ecx, ebp
.text:10001F86                call sub_1000321C
.text:10001F8B                mov    esp, ebp
.text:10001F8D                pop    ebp
.text:10001F8E                retn 8
.text:10001F8E ModifyGame    endp

直接Setwindowhookex 这个ModifyGame是否正确呢？

谢谢老鸟们了。。

[课程]Linux pwn 探索篇！

收藏・0

免费・0

支持