您的位置:首页 > 其它

某国内大型网游公司反调试器附加研究

2009-02-13 06:34 225 查看
搞了一个晚上,天终于亮了,问题也解决了,VMP加检测DEBUG,再加代码DEBUG

看了部分记录就知道了。。。原来很简单。

想CE就CE,想OD就OD 爽,累了。。。闪

ThreadId:a8d8 ==Starting:
ThreadId:a8d8 ==Loading:
ThreadId:a8d8 ==LoadLibraryExW:'RPCRT4.dll',0x0,0x0,Address 0x76e30000:
ThreadId:a8d8 ==LoadLibraryExW:'rpcrt4.dll',0x0,0x0,Address 0x7dc10000:
ThreadId:a8d8 ==LoadLibraryExW:'C:/WINDOWS/system32/mswsock.dll',0x0,0x0,Address 0x7db70000:
ThreadId:a8d8 ==LoadLibraryExW:'hnetcfg.dll',0x0,0x0,Address 0x69660000:
ThreadId:a8d8 ==LoadLibraryExW:'C:/WINDOWS/System32/wshtcpip.dll',0x0,0x0,Address 0x71a40000:
ThreadId:a8d8 ==LoadLibraryExW:'WS2_32.dll',0x0,0x0,Address 0x71b60000:
ThreadId:a8d8 ==LoadLibraryExW:'kernel32.dll',0x0,0x0,Address 0x7d4f0000:
ThreadId:a8d8 ==ReMapFile://./SICE://./ASDF:
ThreadId:a8d8 ==ReMapFile://./SIWVID:SAME:
ThreadId:a8d8 ==ReMapFile://./NTICE:SAME:
ThreadId:a8d8 ==ReMapFile://./ICEEXT:SAME:
ThreadId:a8d8 ==ReMapFile://./SYSERBOOT:SAME:
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航