好友
阅读权限10
听众
最后登录1970-1-1
|
小小崎莫超
发表于 2020-12-23 14:58
请问下各位大大,什么是magic跳?如何才能判断一个magic跳呢?ximo的视频里没有解释啊
0043396D 3B85 9CE24100 cmp eax,dword ptr ss:[ebp+41E29C] //处理MessageBoxA
00433973 74 20 je short NgaMy.00433995 //NOP掉
00433975 90 nop
00433976 90 nop
00433977 90 nop
00433978 90 nop
00433979 3B85 9D014100 cmp eax,dword ptr ss:[ebp+41019D] //处理RegisterHotKey
0043397F 74 09 je short NgaMy.0043398A //NOP掉
00433981 90 nop
00433982 90 nop
00433983 90 nop
00433984 90 nop
00433985 EB 14 jmp short NgaMy.0043399B
00433987 90 nop
00433988 90 nop
00433989 90 nop
0043398A 8D85 0A024100 lea eax,dword ptr ss:[ebp+41020A]
00433990 EB 09 jmp short NgaMy.0043399B
00433992 90 nop
00433993 90 nop
00433994 90 nop
00433995 8D85 24024100 lea eax,dword ptr ss:[ebp+410224]
0043399B 56 push esi
0043399C FFB5 17FC4000 push dword ptr ss:[ebp+40FC17]
004339A2 5E pop esi
004339A3 39B5 FA234000 cmp dword ptr ss:[ebp+4023FA],esi
004339A9 74 15 je short NgaMy.004339C0
004339AB 90 nop
004339AC 90 nop
004339AD 90 nop
004339AE 90 nop
004339AF 39B5 FE234000 cmp dword ptr ss:[ebp+4023FE],esi
004339B5 74 09 je short NgaMy.004339C0
004339B7 90 nop
004339B8 90 nop
004339B9 90 nop
004339BA 90 nop
004339BB EB 63 jmp short NgaMy.00433A20
004339BD 90 nop
004339BE 90 nop
004339BF 90 nop
004339C0 80BD D2594100 00 cmp byte ptr ss:[ebp+4159D2],0
004339C7 74 57 je short NgaMy.00433A20 //magic跳,改JMP
|
|
发帖前要善用【论坛搜索】功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。 |
|
|
|
|
|
|
