📄 chap8-3-4.htm.primary
字号:
<font face="宋体" color="#000000">建立外部帮助文件</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">通过特殊的参数创建外部文件。这个你指定的</font> <font face="Times New Roman" color="#000000">ini</font>
<font face="宋体" color="#000000">文件是由一些特殊的参数组成和建立的。</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">它包括:</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> . </font>
<font face="宋体" color="#000000">进程的</font> <font face="Times New Roman" color="#000000">Pid</font>
<font face="宋体" color="#000000">。</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> . </font>
<font face="宋体" color="#000000">所有寄存器的值包括</font> <font face="Times New Roman" color="#000000">EIP</font>
<font face="宋体" color="#000000">。</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> . </font>
<font face="宋体" color="#000000">当前</font> <font face="Times New Roman" color="#000000">EIP</font>
<font face="宋体" color="#000000">的值</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">例子:</font>
</span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">在</font>
<font face="Times New Roman" color="#000000">script</font> <font face="宋体" color="#000000">中:</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> ...</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> L5=HELP PDHelp.Exe Helper.ini</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">...</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">你的</font>
<font face="Times New Roman" color="#000000">helper</font> <font face="宋体" color="#000000">的命令行会包含</font>
<font face="Times New Roman" color="#000000"><Path to helper.ini>\"helper.ini"</font>
<font face="宋体" color="#000000">。</font> </span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">在</font>
<font face="Times New Roman" color="#000000">helper.ini</font> <font face="宋体" color="#000000">中:</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> [REG]</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Dr0=00000000</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Dr1=00000000</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Dr2=00000000</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Dr3=00000000</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Dr6=00000000</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Dr7=00000000</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> SegGs=00000000</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> SegFs=00000FDF</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> SegEs=00000167</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> SegDs=00000167</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Edi=00000000</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Esi=8161D244</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Ebx=00000000</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Edx=8161D2A4</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Ecx=8161D264</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Eax=0043E9B4</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Ebp=00456000</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Eip=00456264</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> SegCs=0000015F</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Flags=00000216</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Esp=0068FE34</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> SegSs=00000167</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> Pid=FFC1E943</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">Local=00456264</font>
</span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">我想这样做可以比较灵活;)。</font>
</span></span></p>
<p> </p>
<p> <span class="p9"><span class="p9"><font face="宋体" color="#000000">注意:</font>
</span></span></p>
<span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> </font>
<font face="宋体" color="#000000">命令行每行不能使用超过</font> <font face="Times New Roman" color="#000000">512</font>
<font face="宋体" color="#000000">个字每来描述</font> <font face="Times New Roman" color="#000000">helper</font>
<font face="宋体" color="#000000">的</font> <font face="Times New Roman" color="#000000">EXE</font>
<font face="宋体" color="#000000">和</font> <font face="Times New Roman" color="#000000">INI</font>
<font face="宋体" color="#000000">文件的路径,这</font></span></span><span class="p9"><span class="p9"><font face="宋体" color="#000000">个只是</font>
<font face="Times New Roman" color="#000000">ProcDump</font> <font face="宋体" color="#000000">的内部限制,而对于</font>
<font face="Times New Roman" color="#000000">WINDOWS API</font> <font face="宋体" color="#000000">来说来说就不能超过</font>
<font face="Times New Roman" color="#000000">256</font> <font face="宋体" color="#000000">个字</font>母。
</span></span><span class="p9"><span class="p9"> </span></span>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">B) </font>
<font face="宋体" color="#000000">在</font> <font face="Times New Roman" color="#000000">script</font>
<font face="宋体" color="#000000">中</font> <font face="Times New Roman" color="#000000">Options</font>
<font face="宋体" color="#000000">的格式:</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">*************************************</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">Options</font>
<font face="宋体" color="#000000">是通过</font> <font face="Times New Roman" color="#000000">OPTL</font>
<font face="宋体" color="#000000">开始的,并以</font> <font face="Times New Roman" color="#000000">DWORD</font>
<font face="宋体" color="#000000">形式保存的。</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">OPTL1=</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> DWORD : </font>
<font face="宋体" color="#000000">设定</font> <font face="Times New Roman" color="#000000">AutoDump</font>
<font face="宋体" color="#000000">中的延迟时间,以</font> <font face="Times New Roman" color="#000000">ms</font>
<font face="宋体" color="#000000">为单位。</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">OPTL2=</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> BYTE :</font>
<font face="宋体" color="#000000">自动执行</font> <font face="Times New Roman" color="#000000">EIP</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> BYTE :</font>
<font face="宋体" color="#000000">忽略错误</font> </span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> BYTE :</font>
<font face="宋体" color="#000000">快速模式</font> <font face="Times New Roman" color="#000000">Dump</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000"> BYTE :</font>
<font face="宋体" color="#000000">外部</font> <font face="Times New Roman" color="#000000">Predump</font>
</span></span></p>
<p> <span class="p9"><span class="p9"><font face="Times New Roman" color="#000000">OPTL3=</font>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -