找回密码
 立即注册
00007FDFint3push | 程序非源代码 2021-08-16 808 0star收藏 版权: . 保留作者信息 . 禁止商业使用 . 禁止修改作品
每次复制汇编代码,就会呈现下面的样子:
00007FF95FDF11E6 | CC | int3 |
00007FF95FDF11E7 | CC | int3 |
00007FF95FDF11E8 | CC | int3 |
00007FF95FDF11E9 | CC | int3 |
00007FF95FDF11EA | CC | int3 |
00007FF95FDF11EB | CC | int3 |
00007FF95FDF11EC | 48:895C24 10 | mov qword ptr ss:[rsp+10],rbx | rbx:PEB.InheritedAddressSpace
00007FF95FDF11F1 | 48:897424 18 | mov qword ptr ss:[rsp+18],rsi |
00007FF95FDF11F6 | 55 | push rbp |
00007FF95FDF11F7 | 57 | push rdi |
00007FF95FDF11F8 | 41:56 | push r14 | r14:"minkernel\ntdll\ldrinit.c"
十分的不爽,还得活人手动替换掉 |
这个补丁 就是为了解决这个问题而为。

打完补丁后的:
0016DD32 68 A00F0000 push 0xFA0
0016DD37 68 ECB03500 push wnconfig.35B0EC
0016DD3C E8 486D1000 call 0x274A89
0016DD41 83C4 0C add esp,0xC
0016DD44 68 40CC2A00 push wnconfig.2ACC40 2ACC40:L"kernel32.dll"
0016DD49 FF15 8CB72A00 call dword ptr ds:[<&GetModuleHandleW>]

(Every time the assembly code is copied, it will look like the following:
00007FF95FDF11E6 | CC | int3 |
00007FF95FDF11E7 | CC | int3 |
00007FF95FDF11E8 | CC | int3 |
00007FF95FDF11E9 | CC | int3 |
00007FF95FDF11EA | CC | int3 |
00007FF95FDF11EB | CC | int3 |
00007FF95FDF11EC | 48:895C24 10 | mov qword ptr ss:[rsp+10],rbx | rbx:PEB.InheritedAddressSpace
00007FF95FDF11F1 | 48:897424 18 | mov qword ptr ss:[rsp+18],rsi |
00007FF95FDF11F6 | 55 | push rbp |
00007FF95FDF11F7 | 57 | push rdi |
00007FF95FDF11F8 | 41:56 | push r14 | r14:"minkernel\ntdll\ldrinit.c"
I am very upset, and have to be replaced manually by a living person |
This patch is to solve this problem.

After patching:
0016DD32 68 A00F0000 push 0xFA0
0016DD37 68 ECB03500 push wnconfig.35B0EC
0016DD3C E8 486D1000 call 0x274A89
0016DD41 83C4 0C add esp,0xC
0016DD44 68 40CC2A00 push wnconfig.2ACC40 2ACC40:L"kernel32.dll"
0016DD49 FF15 8CB72A00 call dword ptr ds:[<&GetModuleHandleW>])

Apowersoft Screen Recorder Pro.rar




上一篇:ghidra_9.2.1_PUBLIC_20201215
下一篇:Source Insight 4.0.0107