-
-
[看雪CTF2016]第十五题分析
-
发表于:
2016-12-1 00:20
4005
-
1. 去除反调试
SizeOfCode: 78005000 -> 00005000
00402150
0040227A
00402280
00402390
004023A0
xor eax, eax
retn
00402410
00402450
00402570
004027C0
00402DE0
retn
0040322D
nop掉NtSetInformationThread调用
.text:004031E0 CXXApp__InitInstance proc near
.text:00403980 CXXDlg__DoDataExchange proc near
.text:004039D0 CXXDlg__GetMessageMap
.text:004039E0 CXXDlg__OnInitDialog
.rdata:004063E8 dd WM_COMMAND
.rdata:004063EC dd 300h
.rdata:004063F0 dd 3E8h
.rdata:004063F4 dd 3E8h
.rdata:004063F8 dd 0Ch
.rdata:004063FC dd offset sub_403F80
.text:00404001 cmp ebx, 26h
.text:00404004 mov dword ptr [ebp+184h], 1
.text:0040400E jle short loc_40404C
.text:004040D3 push ecx ; char *
.text:004040D4 push edx ; Source
.text:004040D5 mov ecx, ebp
.text:004040D7 call xx_404440
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
