出し方 - ILoveMisuzuchin’s diary

1. 以下の 5 ファイルを作成
C:\s1.txt

bu kernel32!getprocaddress "$<C:\\s2.txt"
gc

C:\s2.txt

.if( 0x401000 <= @$ra and @$ra < 0x1238000 ){ .if( poi( @esp + 0x8 ) < 0x10000 ){ $<C:\\s2_2.txt } .else{ $<C:\\s2_1.txt }} .else{ gc }

C:\s2_1.txt

as /x ${/v:Value} poi( @esp + 0x4 )
lm a ${Value}
ad ${/v:Value}
.printf "### %p, %ma\n", @$ra, poi( @esp + 0x8 )
gc

C:\s2_2.txt

as /x ${/v:Value} poi( @esp + 0x4 )
lm a ${Value}
ad ${/v:Value}
.printf "### %p, %d\n", @$ra, dwo( @esp + 0x8 )
gc

C:\a.pl

#!perl -w

use strict;

my $buffer = '';

open FH, 'a.txt';
while( sysread( FH, $buffer, 4096, length( $buffer ))){}
close FH;

$buffer =~ s/\r\n/\n/g;

while( $buffer =~ /start +?end +?module name\n[0-9a-f]{8} [0-9a-f]{8} +([^ ]+)[\x00-\xff]+?\n###.{11}(.+?)\n/g )
{
print $1, '!', $2, "\n";
}

2. WinDbg を実行し Winny1.14 を起動
3. C:\s1.txt を実行
4. ログを C:\a.txt に保存
5. C:\ で a.pl を実行