-
-
[求助]调用Dll函数,代码跳转问题!
-
发表于:
2009-4-30 14:13
4247
-
代码跳转问题!
这是修改前的代码:
007526C0 8B0D 48B47500 mov ecx, dword ptr [75B448] ; 909.00769200
007526C6 A1 2CBC7500 mov eax, dword ptr [75BC2C]
007526CB 8B00 mov eax, dword ptr [eax]
007526CD 8B15 CCDE7400 mov edx, dword ptr [74DECC] ; 909.0074DF18
007526D3 E8 8425D2FF call 00474C5C
007526D8 A1 48B47500 mov eax, dword ptr [75B448]
007526DD 8B00 mov eax, dword ptr [eax]
007526DF 8B10 mov edx, dword ptr [eax]
007526E1 FF92 E8000000 call dword ptr [edx+E8]
007526E7 C3 retn //注:这里返回到:00465DBC
我想用007526C0跳到00995000
00995000 > E8 00000000 call 00995005
00995005 5D pop ebp
00995006 81ED 505A4000 sub ebp, 00405A50
0099500C 8B85 675A4000 mov eax, dword ptr [ebp+405A67] //这里显示出Dll的函数名
00995012 FF10 call dword ptr [eax]
00995014 8B85 6B5A4000 mov eax, dword ptr [ebp+405A6B]
0099501A FFE0 jmp eax
然后再用0099501A跳回007526E7或00465DBC我修改后执行错误,修改后的代码:
00995000 > E8 00000000 call 00995005
00995005 5D pop ebp
00995006 81ED 505A4000 sub ebp, 00405A50
0099500C 8B85 675A4000 mov eax, dword ptr [ebp+405A67] //修改后这后面就不显示Dll的函数名了
00995012 FF10 call dword ptr [eax]
00995014 - E9 A30DADFF jmp 00465DBC //这里修改
00995019 90 nop
0099501A FFE0 jmp eax
007526C0 - E9 3B292400 jmp 00995000 //这里修改
007526C5 90 nop
007526C6 A1 2CBC7500 mov eax, dword ptr [75BC2C]
007526CB 8B00 mov eax, dword ptr [eax]
007526CD 8B15 CCDE7400 mov edx, dword ptr [74DECC] ; 909.0074DF18
007526D3 E8 8425D2FF call 00474C5C
007526D8 A1 48B47500 mov eax, dword ptr [75B448]
007526DD 8B00 mov eax, dword ptr [eax]
007526DF 8B10 mov edx, dword ptr [eax]
007526E1 FF92 E8000000 call dword ptr [edx+E8]
007526E7 C3 retn
说白了就是想在007526C0位置调用一个Dll的函数,函数名:Show!
本人没修改过,请勿见笑!到底需要怎么修改呢?请朋友给予指点一下!谢谢~!~!
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
