在百度VB贴吧里看到有人问,没事就看了看。首先拖到IDA里面看了下,四个导出函数:
InitFSDSystem 100011B0 1
KillFile 100010B0 2
LoadFileKillDriver 10001040 3
UnLoadMyDriver 10001090 4
DllEntryPoint 1000201A
关键的KillFile在IDA里已经帮你分析好了,都无需自己动手,强
; Exported entry 2. KillFile
; int __cdecl KillFile(LPCSTR lpExistingFileName, int Buffer, DWORD NumberOfBytesWritten)
VB测试代码(XP SP3下VB6测试OK):
Private Declare Function KillFile Lib "antiRK.dll" (ByVal lpExistingFileName As String, Buffer As Long, NumberOfBytesWritten As Long) As Long
Private Sub Command1_Click()
Dim buf As Long, nbw As Long
KillFile App.Path & "/1.txt", buf, nbw
End Sub
已经有(0)位网友发表了评论,你也评一评吧!
原创文章如转载,请注明:转载自Eddy Blog
原文地址:http://www.rrgod.com/technique/622.html 欢迎订阅Eddy Blog。