飘云阁这是一个 Frida V(伪)EH 示例(更新 x64 执行异常代码)

PoleStar 发表于 2022-11-30 11:46:02

表哥牛逼了，学习

三十三层天剑主 发表于 2022-11-30 11:47:44

表哥们都用上frida了,膜拜!

Rooking 发表于 2022-11-30 11:52:53

跟着学习frida

sdzcq 发表于 2022-11-30 11:56:23

666表哥牛逼！

侠骨留香 发表于 2022-11-30 11:59:22

表哥666，感谢分享

黑色夜心情 发表于 2022-11-30 13:23:14

感谢楼主分享

sky2 发表于 2022-11-30 13:37:54

学习学习！1

乐活发表于 2022-11-30 13:44:06

没用过，来学习，多谢！

tgcwc 发表于 2022-11-30 15:15:18

Process.setExceptionHandler(function (details) { switch (details.type) { case "breakpoint": console.log("\n", "setExceptionHandler ==> address: ", details.address); console.error(JSON.stringify(details)); console.warn("RVA: ", details.address.sub(editor.base)); // console.log("eip: " + ptr(Memory.readU8(details.context.eip))); // restore //Memory.writeU8(sub_patchaddr, 0x55); Memory.writeU8(sub_patchaddr, cc_origin); console.warn("eip: " + ptr(Memory.readU8(details.context.eip))); console.log("eip: ", details.context.eip); console.log("pc: ", details.context.pc); console.log("eax: ", details.context.eax); // details.context.eax = 0xDB; details.context.eip = ptr(details.context.eip).add(0x7); console.warn("eax: ", details.context.eax); console.warn("eip: ", details.context.eip); console.warn("pc: ", details.context.pc); // int30xCC Memory.protect(sub_patchaddr, 1, 'rwx'); Memory.writeU8(sub_patchaddr, 0xcc); console.log("Process.isDebuggerAttached() = " + Process.isDebuggerAttached()); return true; break; case "abort": break; case "access-violation": break; case "guard-page": break; case "illegal-instruction": break; case "stack-overflow": break; case "arithmetic": break; case "single-step": break; case "system": break; default: break; } });

sxwsong 发表于 2022-11-30 19:13:41

学习一下

页: 1 [2] 3 4 5 6

飘云阁's Archiver