- UID
- 6781
注册时间2006-1-11
阅读权限10
最后登录1970-1-1
周游历练
TA的每日心情 | 开心
2019-12-6 14:02 |
|---|
签到天数: 10 天 [LV.3]偶尔看看II
|
我用OD载入后:
0050F000 > 60 pushad
0050F001 E8 00000000 call EasyDVDC.0050F006
0050F006 5D pop ebp
0050F007 50 push eax
0050F008 51 push ecx
0050F009 0FCA bswap edx
0050F00B F7D2 not edx
0050F00D 9C pushfd
0050F00E F7D2 not edx
0050F010 0FCA bswap edx
0050F012 EB 0F jmp short EasyDVDC.0050F023
0050F014 B9 EB0FB8EB mov ecx,EBB80FEB
0050F019 07 pop es
0050F01A B9 EB0F90EB mov ecx,EB900FEB
0050F01F 08FD or ch,bh
0050F021 EB 0B jmp short EasyDVDC.0050F02E
0050F023 F2: prefix repne:
0050F024 ^ EB F5 jmp short EasyDVDC.0050F01B
0050F026 ^ EB F6 jmp short EasyDVDC.0050F01E
0050F028 F2: prefix repne:
0050F029 EB 08 jmp short EasyDVDC.0050F033
0050F02B FD std
0050F02C ^ EB E9 jmp short EasyDVDC.0050F017
0050F02E F3: prefix rep:
0050F02F ^ EB E4 jmp short EasyDVDC.0050F015
0050F031 FC cld
0050F032 - E9 9D0FC98B jmp 8C19FFD4
0050F037 CA F7D1 retf 0D1F7
按alt+E
选择EasyDVDC 一栏-右键-查看名称,然后找到 "WriteProcessMemory"-右键-"在反汇编窗口中跟随导入函数"
77E77303 > 55 push ebp
77E77304 8BEC mov ebp,esp //我在这里下断点,忽略所以异常同时隐藏OD,按Shift+F9,可是在00512B0F 处停下。
77E77306 51 push ecx
77E77307 51 push ecx
77E77308 8B45 0C mov eax,dword ptr ss:[ebp+C]
77E7730B 53 push ebx
77E7730C 8945 F8 mov dword ptr ss:[ebp-8],eax
77E7730F 56 push esi
77E77310 8B5D 14 mov ebx,dword ptr ss:[ebp+14]
77E77313 8D45 14 lea eax,dword ptr ss:[ebp+14]
77E77316 57 push edi
77E77317 8B7D 08 mov edi,dword ptr ss:[ebp+8]
77E7731A 8B35 7012E677 mov esi,dword ptr ds:[<&NTDLL.NtProtectV>; ntdll.ZwProtectVirtualMemory
77E77320 50 push eax
77E77321 8D45 FC lea eax,dword ptr ss:[ebp-4]
77E77324 6A 04 push 4
而你的教程是:
7C80220F ke> 8BFF mov edi,edi
7C802211 55 push ebp
7C802212 8BEC mov ebp,esp //在这里下断点
7C802214 51 push ecx
7C802215 51 push ecx
7C802216 8B45 0C mov eax,dword ptr ss:[ebp+C]
7C802219 53 push ebx
7C80221A 8B5D 14 mov ebx,dword ptr ss:[ebp+14]
7C80221D 56 push esi
7C80221E 8B35 B812807C mov esi,dword ptr ds:[<&ntdll.NtPr>; ntdll.ZwProtectVirtualMemory
7C802224 57 push edi
7C802225 8B7D 08 mov edi,dword ptr ss:[ebp+8]
7C802228 8945 F8 mov dword ptr ss:[ebp-8],eax
7C80222B 8D45 14 lea eax,dword ptr ss:[ebp+14]
7C80222E 50 push eax
7C80222F 6A 40 push 40
我用windows2000和XP都是一样,OD是论坛[PYG]OD,
按Shift+F9,可是在00512B0F 处停下。并在信息栏出现“被调试的程序无法处理异常”
00512B0F 2382 6152CE3B and eax,dword ptr ds:[edx+3BCE5261]
00512B15 3253 C5 xor dl,byte ptr ds:[ebx-3B]
00512B18 AB stos dword ptr es:[edi]
00512B19 60 pushad
00512B1A 1E push ds
00512B1B B6 33 mov dh,33
00512B1D 70 74 jo short EasyDVDC.00512B93
00512B1F 1F pop ds
00512B20 81B9 E42DFD67 F>cmp dword ptr ds:[ecx+67FD2DE4],BB3B6DF3
00512B2A 17 pop ss
00512B2B C6 ??? ; 未知命令
00512B2C ^ 7C BB jl short EasyDVDC.00512AE9
00512B2E 36:61 popad
00512B30 20B5 37667D19 and byte ptr ss:[ebp+197D6637],dh
00512B36 B1 EE mov cl,0EE
00512B38 C9 leave
00512B39 05 44A6793A add eax,3A79A644
00512B3E 7B 64 jpo short EasyDVDC.00512BA4
00512B40 41 inc ecx
00512B41 9E sahf
00512B42 ^ 76 AE jbe short EasyDVDC.00512AF2
00512B44 3919 cmp dword ptr ds:[ecx],ebx
不知什么原因请帮忙提示一下,谢谢
ARM分为单进程,双进程,标准和非标准,非标准还有很多。。。。单个文章是解释不清楚的
[ 本帖最后由 棒棒糖 于 2006-10-8 15:52 编辑 ] |
|
IP卡
发表于 2006-9-15 10:49:06
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2006-9-15 12:12:31
发表于 2006-9-22 09:34:58
发表于 2006-10-7 15:01:23
