一段OD脚本

//start
       DBH
       bd
       gpa "recv", "WS2_32.dll" //Get Procedure  Address
       bp $RESULT  //ws2_32!recv
label1:
       RUN
       var buff
       mov buff, [esp+8]
       var socket
       mov socket, [esp+4]
       RTR //执行到返回
       var finish
       cmp eax, 120a
       jne next
       mov finish, 1
       jmp change_stream

next:
       cmp eax, 800
       jl label1
       var buff2
       mov buff2, buff
       add buff2, 1ae
       find buff2,"UpdateProject.xml"
       cmp $RESULT,0
       je label1
       mov finish, 0

change_stream:
       add buff, 1cc   //xml文件数据流偏移
       LM buff, 0, "D:\work_task\9-2\xxxxx\xxxxx.xml" //修改数据流

       var size
       mov size,35a  //替换的xml文件大小
       add size,1cc
       mov eax, size //修改返回值

       var len_rva
       mov len_rva, 85 //content-length 偏移
       sub buff, 1cc
       add buff, len_rva
       mov [buff], 35a //修改http协议 content-length

       cmp finish, 1
       je bp

label2:
       RUN
       cmp socket, [esp+4]
       jne label2
       RTR
       mov eax, 0
       //jmp label2

bp:
       GMA "DBank_up", MODULEBASE
       var offset
       mov offset, 3ca0a
       add offset, $RESULT
       bp offset
      
       ret

       gpa "recv", "WS2_32.dll"
       bc $RESULT
       gpa "send", "WS2_32.dll"
       BP $RESULT

label3:
       go

       mov buff, [esp+8]
       mov size, [esp+c]
       dma buff, size, "D:\work_task\9-2\xxxxxx\send_data.bin"
       jmp label3

       ret