-
-
[求助]这是什么反调试?
-
发表于: 2013-10-31 00:31
-
CE能附加能搜索,但是用查找访问地址的代码就弹这个框子出来
另外软件还有几个进程钩子,用XT恢复了不再见重新HOOK,还有一个奇怪的现象,XT进程钩子里面显示"模块文件被替换,可能是模块升级后未重启...",我把软件复制到另外一个文件夹用XT再看却找不到了,用查找访问地址的代码一样会弹框子出来.
2d6K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6%4y4J5j5#2)9J5k6h3u0S2K9h3c8#2i4K6u0W2j5$3!0E0i4K6u0r3k6X3!0J5N6h3#2Q4x3V1k6%4i4K6t1#2x3@1b7#2z5o6m8Q4x3V1k6K6K9h3N6F1i4K6y4p5x3K6u0V1x3U0p5J5x3U0S2S2k6h3q4X3x3X3g2V1k6r3b7@1k6U0p5@1z5h3f1I4j5X3b7I4x3e0l9I4x3o6u0Q4x3V1j5$3j5$3b7I4x3o6u0U0k6e0x3$3k6o6y4V1y4e0x3&6k6U0u0V1j5U0j5K6k6h3b7K6z5o6R3%4k6e0V1#2x3o6x3@1x3X3q4T1x3r3j5I4i4K6u0W2K9Y4m8Y4
恢复HOOK后查找访问地址的代码会弹第一个图片里面的框子,而且会出现一个新的挂钩函数
436K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6%4y4J5j5#2)9J5k6h3u0S2K9h3c8#2i4K6u0W2j5$3!0E0i4K6u0r3k6X3!0J5N6h3#2Q4x3V1k6%4i4K6t1#2x3@1b7#2z5o6m8Q4x3V1k6K6K9h3N6F1i4K6y4p5k6e0l9K6z5e0M7J5x3U0j5I4k6o6x3H3k6e0V1J5y4r3y4X3j5e0b7&6j5K6x3&6y4$3x3H3z5o6k6W2y4U0k6Q4x3V1j5I4y4U0t1J5k6X3y4U0y4r3t1%4y4o6f1@1x3$3p5&6y4U0f1I4y4K6V1#2k6e0t1I4j5K6p5%4z5r3p5^5x3X3t1&6x3o6p5I4y4o6c8X3i4K6u0W2K9Y4m8Y4
求高手帮忙解决一下,谢谢
|
|
|---|---|
|
|
 恢复前不能附加调试器,恢复后附加调试器会弹上面的框子,下图是恢复后XT看到的,出来一个新挂钩函数 
|
|
|
|
|
|
|
