刚才尝试着修改程序的import table
然后加入自己的dll跟函数
可是发现tdump的结果跟W32dsm的结果居然不一样
tdump出来的东西,修改前
Object table:
# Name VirtSize RVA PhysSize Phys off Flags
-- -------- -------- -------- -------- -------- --------
01 .text 001B3D82 00001000 001B4000 00001000 E0000060 [CIERW]
02 .rdata 001031C4 001B5000 00104000 001B5000 E0000060 [CIERW]
03 .data 1FC3F8A8 002B9000 00011000 002B9000 E0000060 [CIERW]
04 .tls 00070739 1FEF9000 00071000 002CA000 E0000060 [CIERW]
05 .rsrc 00001250 1FF6A000 00002000 0033B000 E0000060 [CIERW]
Imports from WS2_32.dll
Imports from pdh.dll
Imports from PSAPI.DLL
Imports from KERNEL32.dll
Imports from USER32.dll
Imports from GDI32.dll
Imports from ADVAPI32.dll
================================================
tdump出来的东西,修改后
Object table:
# Name VirtSize RVA PhysSize Phys off Flags
-- -------- -------- -------- -------- -------- --------
01 .text 001B3D82 00001000 001B4000 00001000 E0000060 [CIERW]
02 .rdata 001031C4 001B5000 00104000 001B5000 E0000060 [CIERW]
03 .data 1FC3F8A8 002B9000 00011000 002B9000 E0000060 [CIERW]
04 .tls 00070739 1FEF9000 00071000 002CA000 E0000060 [CIERW]
05 .rsrc 00001250 1FF6A000 00002000 0033B000 E0000060 [CIERW]
Imports from WS2_32.dll
Imports from pdh.dll
Imports from PSAPI.DLL
Imports from KERNEL32.dll
Imports from USER32.dll
Imports from GDI32.dll
Imports from ADVAPI32.dll
Imports from torune.dll
TorunezHook(hint = 0001)
然后加入自己的dll跟函数
可是发现tdump的结果跟W32dsm的结果居然不一样
tdump出来的东西,修改前
Object table:
# Name VirtSize RVA PhysSize Phys off Flags
-- -------- -------- -------- -------- -------- --------
01 .text 001B3D82 00001000 001B4000 00001000 E0000060 [CIERW]
02 .rdata 001031C4 001B5000 00104000 001B5000 E0000060 [CIERW]
03 .data 1FC3F8A8 002B9000 00011000 002B9000 E0000060 [CIERW]
04 .tls 00070739 1FEF9000 00071000 002CA000 E0000060 [CIERW]
05 .rsrc 00001250 1FF6A000 00002000 0033B000 E0000060 [CIERW]
Imports from WS2_32.dll
Imports from pdh.dll
Imports from PSAPI.DLL
Imports from KERNEL32.dll
Imports from USER32.dll
Imports from GDI32.dll
Imports from ADVAPI32.dll
================================================
tdump出来的东西,修改后
Object table:
# Name VirtSize RVA PhysSize Phys off Flags
-- -------- -------- -------- -------- -------- --------
01 .text 001B3D82 00001000 001B4000 00001000 E0000060 [CIERW]
02 .rdata 001031C4 001B5000 00104000 001B5000 E0000060 [CIERW]
03 .data 1FC3F8A8 002B9000 00011000 002B9000 E0000060 [CIERW]
04 .tls 00070739 1FEF9000 00071000 002CA000 E0000060 [CIERW]
05 .rsrc 00001250 1FF6A000 00002000 0033B000 E0000060 [CIERW]
Imports from WS2_32.dll
Imports from pdh.dll
Imports from PSAPI.DLL
Imports from KERNEL32.dll
Imports from USER32.dll
Imports from GDI32.dll
Imports from ADVAPI32.dll
Imports from torune.dll
TorunezHook(hint = 0001)
