破解DNF防止双机调试机制方法
nt!KdDisableDebugger(检测双机调试函数):
804f8876 8bff mov edi,edi //首地址
804f8878 55 push ebp
804f8879 8bec mov ebp,esp
804f887b 51 push ecx
804f887c b102 mov cl,2
804f887e ff152c904d80 call dword ptr
804f8884 8845ff mov byte ptr ,al
804f8887 e81c010000 call nt!KdpPortLock (804f89a8)
804f888c 833d486a558000 cmp dword ptr ,0
804f8893 753a jne nt!KdDisableDebugger+0x59 (804f88cf) // KdDisableDebugger+0x1d
//不让KdDisableDebugger检测双机调试
ew 804f8876 0xc390
804f8876 90 nop //首地址
804f8878 55 ret //返回到检测程序,这里是重点
// call TesSafe+0x26dc (ee0d66dc)进入
ee0d66dc a18c3e0eee mov eax,dword ptr //EAX=85DC1958
kd> u ee0d66dc L30
TesSafe+0x26dc:
ee0d66dc a18c3e0eee mov eax,dword ptr //EAX=804F872E
ee0d66e1 8b402c mov eax,dword ptr
ee0d66e4 3305883e0eee xor eax,dword ptr //EAX=804F8876
ee0d66ea 7402 je TesSafe+0x26ee (ee0d66ee) //修改为 75,跳过KeDisableDebugger函数
ee0d66ec ffd0 call eax // KeDisableDebugger函数
ee0d66ee 8b0dac0e0eee mov ecx,dword ptr
ee0d66f4 85c9 test ecx,ecx
ee0d66f6 740f je TesSafe+0x2707 (ee0d6707) // TesSafe+26f6
ee0d66f8 a1b00e0eee mov eax,dword ptr
ee0d66fd 85c0 test eax,eax
ee0d66ff 7406 je TesSafe+0x2707 (ee0d6707) //// TesSafe+26ff
ee0d6701 3901 cmp dword ptr ,eax //=8066D1F8,EAX=804F8D6C
ee0d6703 7402 je TesSafe+0x2707 (ee0d6707) // TesSafe+2703,跳转处理
ee0d6705 8901 mov dword ptr ,eax
ee0d6707 c3 ret
页:
[1]