如题,假设一个内核函数(在ntkrnlpa.exe中)前5个字节被Hook了,现在想要将其恢复,那如何获得恢复之前的指令呢,我知道可以使用硬编码,但是这种方法通用性不好,在不同的操作系统之间不可移植,请问高手如何动态的在程序中读到Hook之前的代码呢?
↧
Channel:
看雪安全论坛
X
Are you the publisher?
Claim or
contact us
about this channel.
X
0
Channel Details:
- Title: 看雪安全论坛
- Channel Number: 12816135
- Language: Chinese
- Registered On: April 28, 2013, 4:45 am
- Number of Articles: 9556
- Latest Snapshot: January 28, 2017, 10:17 pm
- RSS URL: http://bbs.pediy.com/external.php?type=rss2
- Publisher: http://bbs.pediy.com/
- Description: 安全,软件安全,WEB安全,加密,解密,加壳,脱壳,加密壳,软件保护,破解,debug,pack,unpack
- Catalog: //unhouses23.rssing.com/catalog.php?indx=12816135
© 2025 //www.rssing.com