[Asm] 纯文本查看 复制代码 00007FFAA17F1072 | 49:F7F0 | div r8 | r8:&"吚x\n€|$@"
00007FFAA17F1075 | 49:FFCE | dec r14 | r14:"minkernel\\ntdll\\ldrinit.c"
00007FFAA17F1078 | 8BCA | mov ecx,edx |
00007FFAA17F107A | 42:8A0C19 | mov cl,byte ptr ds:[rcx+r11] |
00007FFAA17F107E | 41:880E | mov byte ptr ds:[r14],cl | r14:"minkernel\\ntdll\\ldrinit.c"
00007FFAA17F1081 | 48:85C0 | test rax,rax |
00007FFAA17F1084 | 75 EA | jne ntdll.7FFAA17F1070 |
00007FFAA17F1086 | 48:8D7424 61 | lea rsi,qword ptr ss:[rsp+61] |
00007FFAA17F108B | 41:2BF6 | sub esi,r14d |
00007FFAA17F108E | 85FF | test edi,edi |
00007FFAA17F1090 | 0F88 7E650A00 | js ntdll.7FFAA1897614 |
00007FFAA17F1096 | 3BF7 | cmp esi,edi |
00007FFAA17F1098 | 0F8F 9B650A00 | jg ntdll.7FFAA1897639 |
00007FFAA17F109E | 44:8BC6 | mov r8d,esi |
00007FFAA17F10A1 | 49:8BD6 | mov rdx,r14 | r14:"minkernel\\ntdll\\ldrinit.c"
求大佬帮匹配一个正则表达式,上面是需要替换的内容,下面是我自己手动替换的
00007FFAA17F1072 | 49:F7F0 | div r8
00007FFAA17F1075 | 49:FFCE | dec r14
00007FFAA17F1078 | 8BCA | mov ecx,edx
00007FFAA17F107A | 42:8A0C19 | mov cl,byte ptr ds:[rcx+r11]
00007FFAA17F107E | 41:880E | mov byte ptr ds:[r14],cl
00007FFAA17F1081 | 48:85C0 | test rax,rax
00007FFAA17F1084 | 75 EA | jne ntdll.7FFAA17F1070
00007FFAA17F1086 | 48:8D7424 61 | lea rsi,qword ptr ss:[rsp+61]
00007FFAA17F108B | 41:2BF6 | sub esi,r14d
00007FFAA17F108E | 85FF | test edi,edi
00007FFAA17F1090 | 0F88 7E650A00 | js ntdll.7FFAA1897614
00007FFAA17F1096 | 3BF7 | cmp esi,edi
00007FFAA17F1098 | 0F8F 9B650A00 | jg ntdll.7FFAA1897639
00007FFAA17F109E | 44:8BC6 | mov r8d,esi
00007FFAA17F10A1 | 49:8BD6 | mov rdx,r14
新建文本文档.txt
(23.67 KB, 下载次数: 2)
| 
[复制链接]
粤公网安备 44522102000125 增值电信业务经营许可证 粤B2-20192173
发表于 2023-5-30 11:45:44
主题置顶卡
沉默卡
变色卡
文本 = 文本 + 
扫一扫,关注易界动态