int _parsetCppCode(int arg0, int arg1) {
if ((strlen(0x100346888) != 0x0) && (strlen(0x10034688b) != 0x0)) {
*(int8_t *)0x10034688b = *(int8_t *)0x100346888;
}
rdx = arc4random() % strlen(0x10034688a);
rbx = rdx;
rdx = arc4random() % strlen(0x10034688b);
CMP(rbx, rdx);
asm { cmovg ebx, edx };
if (rbx > 0x0) {
*(int8_t *)0x10034688b = *(int8_t *)0x10034688a;
}
ptrace(0x1f, 0x0, 0x0, 0x0);
srand(time(0x0));
rax = arc4random();
return rax;
}
初学逆向可能没那么系统的知识体系,想先练练手找兴趣,但似乎上手就遇到专门反调试的程序了。。
来这问问大佬这段代码可能是什么情况呢,我把ptrace的0x1f改成了0x0a,可以调试了,但似乎这个反调试还在生效