Rooking大佬请进
想了解下这个主题的附件...https://www.chinapyg.com/forum.php?mod=viewthread&tid=75039&highlight=
收集文件:
https://c.wss.pet/s/azs4or6hlz7
@Rooking
这个没有附件 只有部分代码 我是他小弟 我是他徒孙 这个还真不懂,帮你顶一下吧 抢个位置,支持一下 找不开链接,应该是某个DLL的秘密 boot 发表于 2023-4-18 12:10
@Rooking
format MS64 COFF
extrnPatchData
extrnSetShellCodeData
extrnFreeApi
extrnSaveReturnValue
extrnGetReturnValue
extrnSaveEip
extrnGetEip
extrnGetRealApi
extrnGetInArray
public DoMyStaffInDll
public AheadLib_vSetDdrawflag
public AheadLib_AlphaBlend
public AheadLib_DllInitialize
public AheadLib_GradientFil
public AheadLib_TransparentBlt
DoMyStaffInDll:
pop rax
push rcx
push rdx
push r8
mov rcx,rax
call SaveEip ;save current eip
call FreeApi ;release api LoadLibraryExW
call GetRealApi ;eax = addr of LoadLibraryExW
pop r8
pop rdx
pop rcx
call rax ;call LoadLibraryExW
mov rcx,rax ;param of SaveReturnValue
call SaveReturnValue;save return value of LoadLibraryExW
call SetShellCodeData ;reset api
call PatchData ;my business
call GetEip ;get eip back
push rax ;push retn
call GetReturnValue ;get return value of LoadLibraryExW back
retn
AheadLib_vSetDdrawflag:
push rcx
push rcx
mov rcx,0
call GetInArray
pop rcx
pop rcx
push rax
retn
AheadLib_AlphaBlend:
push rcx
push rcx
mov rcx,1
call GetInArray
pop rcx
pop rcx
push rax
retn
AheadLib_DllInitialize:
push rcx
push rcx
mov rcx,2
call GetInArray
pop rcx
pop rcx
push rax
retn
AheadLib_GradientFil:
push rcx
push rcx
mov rcx,3
call GetInArray
pop rcx
pop rcx
push rax
retn
AheadLib_TransparentBlt:
push rcx
push rcx
mov rcx,4
call GetInArray
pop rcx
pop rcx
push rax
retn Rooking 发表于 2023-4-17 19:35
这个没有附件 只有部分代码
老大接单吗?骑士单
页:
[1]