您所在位置:主题:关于 远程控制偏移地址 得问题
zheng77275137
[专家分:0] 发布于 2011-06-05 21:21:00
以上兴3.2为例:
假设编译Server时字符串为下面得内容:
=====================================================================================
ExeFiles: PChar = 'EXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; EXE名称
DLLFiles: PChar = 'LXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; DLL名称
IEFiles: PChar = 'HXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; 宿主
HOST: pchar = 'WXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; FTP主机地址
URL: pchar = 'IXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; 更新页地址
DNSip: pchar = 'PXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; 更新IP 12000h
szID: pchar = 'VXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; 备注
wPort: pchar = 'LXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; 上线端口
==============================================================================================
根据上面得字符串可以很容易在16进制找到.....
假设在 00011ff0h 行找到字符串 ........WXXXXXXXX
那么怎么才能得到像下面得形式得地址呢????
OFFSET_EXE = 78704; // EXE名称 OFFSET_EXE
OFFSET_HOOK = 78772; // DLL名称 OFFSET_EXE + 68
OFFSET_EXP = 78840; // 宿主: OFFSET_EXE + 136
OFFSET_FTP = 219108; // FTP主机地址: OFFSET_FTP
OFFSET_FTXT = 219176; // 更新页地址: OFFSET_FTP + 68
OFFSET_URL = 219244; //更新IP OFFSET_FTP + 136
OFFSET_TORU = 219312; // 备注: OFFSET_FTP + 204
OFFSET_LFILE = 219380; // 上线端口: OFFSET_FTP + 272
OFFSET_PASS = 219448; // 连接密码: OFFSET_FTP + 340
假设编译Server时字符串为下面得内容:
=====================================================================================
ExeFiles: PChar = 'EXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; EXE名称
DLLFiles: PChar = 'LXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; DLL名称
IEFiles: PChar = 'HXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; 宿主
HOST: pchar = 'WXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; FTP主机地址
URL: pchar = 'IXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; 更新页地址
DNSip: pchar = 'PXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; 更新IP 12000h
szID: pchar = 'VXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; 备注
wPort: pchar = 'LXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; 上线端口
==============================================================================================
根据上面得字符串可以很容易在16进制找到.....
假设在 00011ff0h 行找到字符串 ........WXXXXXXXX
那么怎么才能得到像下面得形式得地址呢????
OFFSET_EXE = 78704; // EXE名称 OFFSET_EXE
OFFSET_HOOK = 78772; // DLL名称 OFFSET_EXE + 68
OFFSET_EXP = 78840; // 宿主: OFFSET_EXE + 136
OFFSET_FTP = 219108; // FTP主机地址: OFFSET_FTP
OFFSET_FTXT = 219176; // 更新页地址: OFFSET_FTP + 68
OFFSET_URL = 219244; //更新IP OFFSET_FTP + 136
OFFSET_TORU = 219312; // 备注: OFFSET_FTP + 204
OFFSET_LFILE = 219380; // 上线端口: OFFSET_FTP + 272
OFFSET_PASS = 219448; // 连接密码: OFFSET_FTP + 340