x32dbg/x64dbg去除汇编多余|线的补丁
每次复制汇编代码,就会呈现下面的样子:00007FF95FDF11E6 | CC | int3 |
00007FF95FDF11E7 | CC | int3 |
00007FF95FDF11E8 | CC | int3 |
00007FF95FDF11E9 | CC | int3 |
00007FF95FDF11EA | CC | int3 |
00007FF95FDF11EB | CC | int3 |
00007FF95FDF11EC | 48:895C24 10 | mov qword ptr ss:,rbx | rbx:PEB.InheritedAddressSpace
00007FF95FDF11F1 | 48:897424 18 | mov qword ptr ss:,rsi |
00007FF95FDF11F6 | 55 | push rbp |
00007FF95FDF11F7 | 57 | push rdi |
00007FF95FDF11F8 | 41:56 | push r14 | r14:"minkernel\ntdll\ldrinit.c"
十分的不爽,还得活人手动替换掉 |
这个补丁 就是为了解决这个问题而为。
打完补丁后的:
0016DD32 68 A00F0000 push 0xFA0
0016DD37 68 ECB03500 push wnconfig.35B0EC
0016DD3C E8 486D1000 call 0x274A89
0016DD41 83C4 0C add esp,0xC
0016DD44 68 40CC2A00 push wnconfig.2ACC40 2ACC40:L"kernel32.dll"
0016DD49 FF15 8CB72A00 call dword ptr ds:[<&GetModuleHandleW>]
(Every time the assembly code is copied, it will look like the following:
00007FF95FDF11E6 | CC | int3 |
00007FF95FDF11E7 | CC | int3 |
00007FF95FDF11E8 | CC | int3 |
00007FF95FDF11E9 | CC | int3 |
00007FF95FDF11EA | CC | int3 |
00007FF95FDF11EB | CC | int3 |
00007FF95FDF11EC | 48:895C24 10 | mov qword ptr ss:,rbx | rbx:PEB.InheritedAddressSpace
00007FF95FDF11F1 | 48:897424 18 | mov qword ptr ss:,rsi |
00007FF95FDF11F6 | 55 | push rbp |
00007FF95FDF11F7 | 57 | push rdi |
00007FF95FDF11F8 | 41:56 | push r14 | r14:"minkernel\ntdll\ldrinit.c"
I am very upset, and have to be replaced manually by a living person |
This patch is to solve this problem.
After patching:
0016DD32 68 A00F0000 push 0xFA0
0016DD37 68 ECB03500 push wnconfig.35B0EC
0016DD3C E8 486D1000 call 0x274A89
0016DD41 83C4 0C add esp,0xC
0016DD44 68 40CC2A00 push wnconfig.2ACC40 2ACC40:L"kernel32.dll"
0016DD49 FF15 8CB72A00 call dword ptr ds:[<&GetModuleHandleW>])
页:
[1]