|
[求助]求助一个软件对比工具``
比较结果用于 C:\Documents and Settings\Administrator\桌面\YueGuang\YueGuang\脱壳.exe 及 C:\Documents and Settings\Administrator\桌面\YueGuang\YueGuang\脱壳2.exe 2007-11-10 12:39:17 ----------------------------------------------------- L19BB0 8A 45 0F 3C 32 0F 87 AD 00 00 00 84 C0 0F 86 A5 奅.<2.嚟...劺.啣 00 00 00 FF 15 B0 F0 42 00 25 FF FF 00 00 2D ... ..梆B.%....- R19BB0 8A 45 0F 3C 32 0F 87 AD 00 00 00 84 C0 E9 A6 奅.<2.嚟...劺棣 00 00 00 90 FF 15 B0 F0 42 00 25 FF FF 00 00 2D ...?.梆B.%....- ----------------------------------------------------- L19C6F 00 3C 32 0F 86 A5 00 00 00 FF 15 B0 F0 42 00 .<2.啣... ..梆B. R19C6F 00 3C 32 E9 A6 00 00 00 90 FF 15 B0 F0 42 00 .<2棣 ...?.梆B. ----------------------------------------------------- L19D1E C8 0F 87 D9 00 00 00 3C 96 0F 86 D1 00 00 00 ?囐...<?喲... R19D1E C8 0F 87 D9 00 00 00 3C 96 E9 D2 00 00 00 90 ?囐...<栭?...? ----------------------------------------------------- L19DFD C3 3C FA 0F 87 AC 02 00 00 3C C8 0F 86 A4 02 00 ??嚞...<?啢.. 00 6A 01 E8 2B FA FF FF 8A 85 00 FC FF FF 83 C4 .j.??.妳.?.兡 R19DFD C3 3C FA 90 90 90 90 90 90 3C C8 90 90 90 90 90 ?鷲悙悙?葠悙悙 90 6A 01 E8 2B FA FF FF 8A 85 00 FC FF FF 83 C4 恓.??.妳.?.兡 ----------------------------------------------------- L19EBD 04 00 00 0F 84 92 01 00 00 83 E8 09 0F 84 CA 00 ....剴...冭..勈. 00 00 2D F2 03 00 00 74 0A 68 04 04 00 00 E9 .. -?..t.h....? R19EBD 04 00 00 0F 84 92 01 00 00 83 E8 09 E9 CB 00 ....剴...冭.樗 . 00 00 90 2D F2 03 00 00 EB 0A 68 04 04 00 00 E9 ..??..?h....? ----------------------------------------------------- L19EFC 00 80 7D 0C 01 72 26 68 44 C0 43 00 8D 85 6C FF .€}..r&hD繡.崊l. R19EFC 00 80 7D 0C 01 EB 26 68 44 C0 43 00 8D 85 6C FF .€}..?hD繡.崊l. ----------------------------------------------------- L19F2C F6 42 00 80 7D E4 01 72 1E 68 34 C0 43 00 8D 95 鯞.€}?r.h4繡.崟 R19F2C F6 42 00 80 7D E4 01 EB 1E 68 34 C0 43 00 8D 95 鯞.€}??h4繡.崟 ----------------------------------------------------- L19F4C 00 50 FF D6 83 C4 14 80 7D E8 01 72 1E 68 30 C0 .P.謨?€}?r.h0? R19F4C 00 50 FF D6 83 C4 14 80 7D E8 01 EB 1E 68 30 C0 .P.謨?€}??h0? ----------------------------------------------------- L19FBC 00 50 FF 15 84 F7 42 00 80 7D 0C 01 72 26 68 2C .P..匃B.€}..r&h, R19FBC 00 50 FF 15 84 F7 42 00 80 7D 0C 01 EB 26 68 2C .P..匃B.€}..?h, |
|
[求助]求助一个软件对比工具``
[QUOTE=kanxue;379878]http://www.pediy.com/tools/Editors/Beyond_Compare/Beyond_Compare.rar Beyond Compare[/QUOTE] 的确超好。。直接把不一样的保存出来对比 谢谢看学老大 请把我的限制去下 发帖子有限制 实在不行就算咯 |
|
[求助]请教“检测”的API函数?
或者指导一下。。强制关闭 或者关闭。。退出一些常用的函数 谢谢``` |
|
[求助]求助 如何实现爆破或本地认证
壳是 TMD。。。。自己解决 |
|
[求助]请教“检测”的API函数?
0040FA76 /74 4B je short 0040FAC3 0040FA78 |FF15 F4F04200 call dword ptr [<&kernel32.GetTickCou>; kernel32.GetTickCount 0040FA7E |8B56 78 mov edx, dword ptr [esi+78] 0040FA81 |2BC2 sub eax, edx 0040FA83 |8B96 A4000000 mov edx, dword ptr [esi+A4] 0040FA89 |8B4A 74 mov ecx, dword ptr [edx+74] 0040FA8C |8B91 C0030000 mov edx, dword ptr [ecx+3C0] 0040FA92 |F7DA neg edx 0040FA94 |1BD2 sbb edx, edx 0040FA96 |81E2 30750000 and edx, 7530 0040FA9C |81C2 C0D40100 add edx, 1D4C0 0040FAA2 |3BC2 cmp eax, edx 0040FAA4 |0F8C FD0A0000 jl 004105A7 0040FAAA |8B46 20 mov eax, dword ptr [esi+20] 0040FAAD |57 push edi 0040FAAE |57 push edi 0040FAAF |68 FC070000 push 7FC 0040FAB4 |50 push eax 0040FAB5 |897E 78 mov dword ptr [esi+78], edi 0040FAB8 |FF15 60F74200 call dword ptr [<&user32.PostMessageA>; USER32.PostMessageA 0040FABE |E9 E40A0000 jmp 004105A7 0040FAC3 \FF15 F4F04200 call dword ptr [<&kernel32.GetTickCou>; kernel32.GetTickCount 0040FAC9 8946 78 mov dword ptr [esi+78], eax 0040FACC E9 D60A0000 jmp 004105A7 0040FAD1 E8 2AC2FFFF call 0040BD00 0040FAD6 85C0 test eax, eax 0040FAD8 0F85 C90A0000 jnz 004105A7 0040FADE 8BCE mov ecx, esi 0040FAE0 E8 CB1F0000 call 00411AB0 0040FAE5 6A 01 push 1 0040FAE7 8BCE mov ecx, esi 0040FAE9 E8 42F3FFFF call 0040EE30 0040FAEE E9 B40A0000 jmp 004105A7 0040FAF3 33FF xor edi, edi 0040FAF5 68 D4974300 push 004397D4 ; lineage windows client 0040FAFA 57 push edi 0040FAFB FF15 7CF74200 call dword ptr [<&user32.FindWindowA>>; USER32.FindWindowA 0040FB01 85C0 test eax, eax 0040FB03 0F85 950A0000 jnz 0041059E 0040FB09 57 push edi 0040FB0A E9 910A0000 jmp 004105A0 0040FB0F 33FF xor edi, edi 0040FB11 68 C8B74300 push 0043B7C8 ; tjqjdhvms 0040FB16 57 push edi 0040FB17 FF15 7CF74200 call dword ptr [<&user32.FindWindowA>>; USER32.FindWindowA 0040FB1D 3BC7 cmp eax, edi 0040FB1F 0F84 820A0000 je 004105A7 0040FB25 57 push edi 0040FB26 57 push edi 0040FB27 68 0D080000 push 80D 0040FB2C 50 push eax 0040FB2D FF15 60F74200 call dword ptr [<&user32.PostMessageA>; USER32.PostMessageA 0040FB33 8B8E 48360000 mov ecx, dword ptr [esi+3648] 0040FB39 8B96 40360000 mov edx, dword ptr [esi+3640] 0040FB3F 51 push ecx 0040FB40 52 push edx 0040FB41 E8 6AE9FFFF call 0040E4B0 0040FB46 A1 A4AE4300 mov eax, dword ptr [43AEA4] 0040FB4B 50 push eax 0040FB4C E8 9FE9FFFF call 0040E4F0 0040FB51 83C4 0C add esp, 0C 0040FB54 E9 4E0A0000 jmp 004105A7 0040FB59 89BE 4C360000 mov dword ptr [esi+364C], edi 0040FB5F E9 3A0A0000 jmp 0041059E 0040FB64 2D EE070000 sub eax, 7EE 0040FB69 74 6A je short 0040FBD5 0040FB6B 48 dec eax 0040FB6C 74 39 je short 0040FBA7 0040FB6E 48 dec eax 0040FB6F 0F85 320A0000 jnz 004105A7 0040FB75 83FB 04 cmp ebx, 4 0040FB78 75 13 jnz short 0040FB8D 0040FB7A 6A 01 push 1 0040FB7C 8BCE mov ecx, esi 0040FB7E C786 54360000 0>mov dword ptr [esi+3654], 0 0040FB88 E8 431C0000 call 004117D0 0040FB8D 57 push edi 0040FB8E 53 push ebx 0040FB8F E8 ECC5FFFF call 0040C180 0040FB94 83C4 08 add esp, 8 0040FB97 8BD7 mov edx, edi 0040FB99 8BCB mov ecx, ebx 0040FB9B 6A 02 push 2 0040FB9D E8 CEC6FFFF call 0040C270 0040FBA2 E9 000A0000 jmp 004105A7 0040FBA7 83FB 04 cmp ebx, 4 0040FBAA 75 0F jnz short 0040FBBB 0040FBAC 6A 01 push 1 0040FBAE 8BCE mov ecx, esi 0040FBB0 89BE 54360000 mov dword ptr [esi+3654], edi 0040FBB6 E8 151C0000 call 004117D0 0040FBBB 57 push edi 0040FBBC 53 push ebx 0040FBBD E8 2EC5FFFF call 0040C0F0 0040FBC2 83C4 08 add esp, 8 0040FBC5 8BD7 mov edx, edi 0040FBC7 8BCB mov ecx, ebx 0040FBC9 6A 01 push 1 0040FBCB E8 A0C6FFFF call 0040C270 0040FBD0 E9 D2090000 jmp 004105A7 0040FBD5 53 push ebx 0040FBD6 E8 E5710000 call 00416DC0 0040FBDB 57 push edi 0040FBDC E8 EF710000 call 00416DD0 0040FBE1 83C4 08 add esp, 8 0040FBE4 891D 4C585E00 mov dword ptr [5E584C], ebx 0040FBEA 893D 50585E00 mov dword ptr [5E5850], edi 0040FBF0 E9 B2090000 jmp 004105A7 0040FBF5 57 push edi 0040FBF6 E8 65CBFFFF call 0040C760 0040FBFB 83C4 04 add esp, 4 0040FBFE E9 A4090000 jmp 004105A7 0040FC03 05 0DF8FFFF add eax, -7F3 0040FC08 83F8 07 cmp eax, 7 0040FC0B 0F87 96090000 ja 004105A7 0040FC11 FF2485 2C064100 jmp dword ptr [eax*4+41062C] 0040FC18 89BE 50360000 mov dword ptr [esi+3650], edi 0040FC1E E9 7B090000 jmp 0041059E 0040FC23 C705 F49C4E00 0>mov dword ptr [4E9CF4], 0 0040FC2D E9 75090000 jmp 004105A7 0040FC32 83FB 04 cmp ebx, 4 0040FC35 75 0F jnz short 0040FC46 0040FC37 6A 01 push 1 0040FC39 8BCE mov ecx, esi 0040FC3B 89BE 54360000 mov dword ptr [esi+3654], edi 0040FC41 E8 8A1B0000 call 004117D0 0040FC46 57 push edi 0040FC47 53 push ebx 0040FC48 E8 C3C5FFFF call 0040C210 0040FC4D 83C4 08 add esp, 8 0040FC50 8BD7 mov edx, edi 0040FC52 8BCB mov ecx, ebx 0040FC54 6A 03 push 3 0040FC56 E8 15C6FFFF call 0040C270 0040FC5B E9 47090000 jmp 004105A7 0040FC60 33FF xor edi, edi 0040FC62 68 C8B74300 push 0043B7C8 ; tjqjdhvms 0040FC67 57 push edi 0040FC68 FF15 7CF74200 call dword ptr [<&user32.FindWindowA>>; USER32.FindWindowA 0040FC6E 3BC7 cmp eax, edi 0040FC70 74 0E je short 0040FC80 0040FC72 57 push edi 0040FC73 57 push edi 0040FC74 68 FE070000 push 7FE 0040FC79 50 push eax 0040FC7A FF15 60F74200 call dword ptr [<&user32.PostMessageA>; USER32.PostMessageA 0040FC80 57 push edi 0040FC81 8BCE mov ecx, esi 0040FC83 E8 481B0000 call 004117D0 0040FC88 57 push edi 0040FC89 33D2 xor edx, edx 0040FC8B 33C9 xor ecx, ecx 0040FC8D E8 DEC5FFFF call 0040C270 0040FC92 893D B0964E00 mov dword ptr [4E96B0], edi 0040FC98 893D 38A34E00 mov dword ptr [4EA338], edi 0040FC9E E8 4D31FFFF call 00402DF0 0040FCA3 6A 05 push 5 0040FCA5 E8 B6CAFFFF call 0040C760 0040FCAA E8 31C9FFFF call 0040C5E0 0040FCAF 57 push edi 0040FCB0 E8 0B710000 call 00416DC0 0040FCB5 57 push edi 0040FCB6 E8 15710000 call 00416DD0 0040FCBB 57 push edi 0040FCBC E8 DF700000 call 00416DA0 0040FCC1 57 push edi 0040FCC2 E8 C9700000 call 00416D90 0040FCC7 57 push edi 0040FCC8 E8 E3700000 call 00416DB0 0040FCCD 6A FF push -1 0040FCCF E8 0C710000 call 00416DE0 0040FCD4 83C4 1C add esp, 1C 0040FCD7 893D 68585E00 mov dword ptr [5E5868], edi 0040FCDD E9 C5080000 jmp 004105A7 0040FCE2 33FF xor edi, edi 0040FCE4 68 C8B74300 push 0043B7C8 ; tjqjdhvms 0040FCE9 57 push edi 0040FCEA FF15 7CF74200 call dword ptr [<&user32.FindWindowA>>; USER32.FindWindowA 0040FCF0 3BC7 cmp eax, edi 0040FCF2 74 0E je short 0040FD02 0040FCF4 57 push edi 0040FCF5 57 push edi 0040FCF6 68 FE070000 push 7FE 0040FCFB 50 push eax 0040FCFC FF15 60F74200 call dword ptr [<&user32.PostMessageA>; USER32.PostMessageA 0040FD02 E8 1FAD0100 call <jmp.&mfc42.#1168_AfxGetModuleSt> 0040FD07 8B40 04 mov eax, dword ptr [eax+4] 0040FD0A 8B2D 84F74200 mov ebp, dword ptr [<&user32.LoadStr>; USER32.LoadStringA 0040FD10 8D4C24 24 lea ecx, dword ptr [esp+24] 0040FD14 6A 64 push 64 0040FD16 8B50 6C mov edx, dword ptr [eax+6C] 0040FD19 51 push ecx 0040FD1A 68 87000000 push 87 0040FD1F 52 push edx 0040FD20 FFD5 call ebp 0040FD22 8D9E BC250000 lea ebx, dword ptr [esi+25BC] 0040FD28 8D4424 24 lea eax, dword ptr [esp+24] 0040FD2C 50 push eax 0040FD2D 8BCB mov ecx, ebx 0040FD2F E8 ECAC0100 call <jmp.&mfc42.#6199_CWnd::SetWindo> 0040FD34 8B8E A4000000 mov ecx, dword ptr [esi+A4] 0040FD3A 6A 01 push 1 0040FD3C 8B49 74 mov ecx, dword ptr [ecx+74] 0040FD3F E8 CC1D0100 call 00421B10 0040FD44 8BCE mov ecx, esi 0040FD46 89BE 94000000 mov dword ptr [esi+94], edi 0040FD4C E8 5F1D0000 call 00411AB0 0040FD51 57 push edi 0040FD52 8BCE mov ecx, esi 0040FD54 893D 34585E00 mov dword ptr [5E5834], edi 0040FD5A E8 711A0000 call 004117D0 0040FD5F 57 push edi 0040FD60 33D2 xor edx, edx 0040FD62 33C9 xor ecx, ecx 0040FD64 E8 07C5FFFF call 0040C270 0040FD69 897E 78 mov dword ptr [esi+78], edi 0040FD6C 893D B0964E00 mov dword ptr [4E96B0], edi 0040FD72 893D F49C4E00 mov dword ptr [4E9CF4], edi 0040FD78 E8 7330FFFF call 00402DF0 0040FD7D 6A FF push -1 0040FD7F E8 5C700000 call 00416DE0 0040FD84 83C4 04 add esp, 4 0040FD87 E8 74BFFFFF call 0040BD00 0040FD8C 85C0 test eax, eax 0040FD8E 0F84 B9000000 je 0040FE4D 0040FD94 8B96 A4000000 mov edx, dword ptr [esi+A4] 0040FD9A 8B42 74 mov eax, dword ptr [edx+74] 0040FD9D 39B8 A4030000 cmp dword ptr [eax+3A4], edi 0040FDA3 0F84 A4000000 je 0040FE4D 0040FDA9 39BE 9C000000 cmp dword ptr [esi+9C], edi 0040FDAF 0F85 98000000 jnz 0040FE4D 0040FDB5 39BE 88000000 cmp dword ptr [esi+88], edi 0040FDBB 0F85 8C000000 jnz 0040FE4D 0040FDC1 393D 68585E00 cmp dword ptr [5E5868], edi 0040FDC7 0F85 80000000 jnz 0040FE4D 0040FDCD 393D 38814300 cmp dword ptr [438138], edi 0040FDD3 74 78 je short 0040FE4D 0040FDD5 33C9 xor ecx, ecx 0040FDD7 893D 68585E00 mov dword ptr [5E5868], edi 0040FDDD E8 0EBFFFFF call 0040BCF0 0040FDE2 6A FF push -1 0040FDE4 E8 F76F0000 call 00416DE0 0040FDE9 BD 01000000 mov ebp, 1 0040FDEE 68 F8000000 push 0F8 0040FDF3 89AE 88000000 mov dword ptr [esi+88], ebp 0040FDF9 E8 B2AC0100 call <jmp.&mfc42.#823_operator new> 0040FDFE 83C4 08 add esp, 8 0040FE01 894424 10 mov dword ptr [esp+10], eax 0040FE05 3BC7 cmp eax, edi 0040FE07 89AC24 58040000 mov dword ptr [esp+458], ebp 0040FE0E 74 0A je short 0040FE1A 0040FE10 56 push esi 0040FE11 8BC8 mov ecx, eax 0040FE13 E8 98840100 call 004282B0 0040FE18 EB 02 jmp short 0040FE1C 0040FE1A 33C0 xor eax, eax 0040FE1C 57 push edi 0040FE1D 8D8E 5C160000 lea ecx, dword ptr [esi+165C] 0040FE23 C78424 5C040000>mov dword ptr [esp+45C], -1 0040FE2E 8986 9C000000 mov dword ptr [esi+9C], eax 0040FE34 E8 27AE0100 call <jmp.&mfc42.#2642_CWnd::EnableWi> 0040FE39 57 push edi 0040FE3A 8D8E 7C1B0000 lea ecx, dword ptr [esi+1B7C] 0040FE40 E8 1BAE0100 call <jmp.&mfc42.#2642_CWnd::EnableWi> 0040FE45 57 push edi 0040FE46 8BCB mov ecx, ebx 0040FE48 E9 25060000 jmp 00410472 0040FE4D E8 AEBEFFFF call 0040BD00 0040FE52 85C0 test eax, eax 0040FE54 0F84 C3000000 je 0040FF1D 0040FE5A 39BE 88000000 cmp dword ptr [esi+88], edi 0040FE60 0F85 B7000000 jnz 0040FF1D 0040FE66 393D 38814300 cmp dword ptr [438138], edi 0040FE6C 0F84 AB000000 je 0040FF1D 0040FE72 33C9 xor ecx, ecx 0040FE74 E8 77BEFFFF call 0040BCF0 0040FE79 C786 80000000 0>mov dword ptr [esi+80], 1 0040FE83 6A 14 push 14 0040FE85 893D 68585E00 mov dword ptr [5E5868], edi 0040FE8B FF15 FCF04200 call dword ptr [<&kernel32.Sleep>] ; kernel32.Sleep 0040FE91 E8 90AB0100 call <jmp.&mfc42.#1168_AfxGetModuleSt> 0040FE96 8B40 04 mov eax, dword ptr [eax+4] 0040FE99 8D4C24 24 lea ecx, dword ptr [esp+24] 0040FE9D 6A 64 push 64 0040FE9F 51 push ecx 0040FEA0 8B50 6C mov edx, dword ptr [eax+6C] 0040FEA3 68 E6000000 push 0E6 0040FEA8 52 push edx 0040FEA9 FFD5 call ebp 0040FEAB 8B8E A4000000 mov ecx, dword ptr [esi+A4] 0040FEB1 8D4424 24 lea eax, dword ptr [esp+24] 0040FEB5 50 push eax 0040FEB6 68 10B84300 push 0043B810 ; ASCII "%s" 0040FEBB 8B51 74 mov edx, dword ptr [ecx+74] 0040FEBE 52 push edx 0040FEBF E8 3C210100 call 00422000 0040FEC4 8D4424 30 lea eax, dword ptr [esp+30] 0040FEC8 50 push eax 0040FEC9 68 10B84300 push 0043B810 ; ASCII "%s" 0040FECE 56 push esi 0040FECF E8 7C260000 call 00412550 0040FED4 8B1D F4F74200 mov ebx, dword ptr [<&winmm.sndPlayS>; WINMM.sndPlaySoundA 0040FEDA 83C4 18 add esp, 18 0040FEDD 8D8C24 50010000 lea ecx, dword ptr [esp+150] 0040FEE4 6A 09 push 9 0040FEE6 51 push ecx 0040FEE7 FFD3 call ebx 0040FEE9 8B56 20 mov edx, dword ptr [esi+20] 0040FEEC 57 push edi 0040FEED 68 D0070000 push 7D0 0040FEF2 6A 0B push 0B 0040FEF4 52 push edx 0040FEF5 FF15 ECF74200 call dword ptr [<&user32.SetTimer>] ; USER32.SetTimer 0040FEFB 6A 30 push 30 0040FEFD 8D4424 28 lea eax, dword ptr [esp+28] 0040FF01 68 B8B74300 push 0043B7B8 ; ASCII "Warning" 0040FF06 50 push eax 0040FF07 8BCE mov ecx, esi 0040FF09 E8 76AD0100 call <jmp.&mfc42.#4224_CWnd::MessageB> 0040FF0E 57 push edi 0040FF0F 57 push edi 0040FF10 89BE 80000000 mov dword ptr [esi+80], edi 0040FF16 FFD3 call ebx 0040FF18 E9 8A060000 jmp 004105A7 0040FF1D 6A 01 push 1 0040FF1F 8BCE mov ecx, esi 0040FF21 E8 0AEFFFFF call 0040EE30 0040FF26 33C9 xor ecx, ecx 0040FF28 C705 54585E00 0>mov dword ptr [5E5854], 1 0040FF32 E8 B9BDFFFF call 0040BCF0 0040FF37 893D 68585E00 mov dword ptr [5E5868], edi 0040FF3D E9 65060000 jmp 004105A7 0040FF42 B9 01000000 mov ecx, 1 0040FF47 E8 A4BDFFFF call 0040BCF0 0040FF4C 8B3D FCF04200 mov edi, dword ptr [<&kernel32.Sleep>; kernel32.Sleep 0040FF52 6A 14 push 14 0040FF54 FFD7 call edi 0040FF56 8BCE mov ecx, esi 0040FF58 E8 130E0000 call 00410D70 0040FF5D 6A 14 push 14 0040FF5F C786 80000000 0>mov dword ptr [esi+80], 1 0040FF69 FFD7 call edi 0040FF6B 8BCE mov ecx, esi 0040FF6D E8 EE0C0000 call 00410C60 0040FF72 E8 AFAA0100 call <jmp.&mfc42.#1168_AfxGetModuleSt> 0040FF77 8B40 04 mov eax, dword ptr [eax+4] 0040FF7A 8D4C24 24 lea ecx, dword ptr [esp+24] 0040FF7E 6A 64 push 64 0040FF80 51 push ecx 0040FF81 8B50 6C mov edx, dword ptr [eax+6C] 0040FF84 68 84000000 push 84 0040FF89 52 push edx 0040FF8A FF15 84F74200 call dword ptr [<&user32.LoadStringA>>; USER32.LoadStringA 0040FF90 8B8E A4000000 mov ecx, dword ptr [esi+A4] 0040FF96 8D4424 24 lea eax, dword ptr [esp+24] 0040FF9A 50 push eax 0040FF9B 68 10B84300 push 0043B810 ; ASCII "%s" 0040FFA0 8B51 74 mov edx, dword ptr [ecx+74] 0040FFA3 52 push edx 0040FFA4 E8 57200100 call 00422000 0040FFA9 8D4424 30 lea eax, dword ptr [esp+30] 0040FFAD 50 push eax 0040FFAE 68 10B84300 push 0043B810 ; ASCII "%s" 0040FFB3 56 push esi 0040FFB4 E8 97250000 call 00412550 0040FFB9 8B1D F4F74200 mov ebx, dword ptr [<&winmm.sndPlayS>; WINMM.sndPlaySoundA 0040FFBF 83C4 18 add esp, 18 0040FFC2 8D8C24 50010000 lea ecx, dword ptr [esp+150] 0040FFC9 6A 09 push 9 0040FFCB 51 push ecx 0040FFCC FFD3 call ebx 0040FFCE 6A 30 push 30 0040FFD0 8D5424 28 lea edx, dword ptr [esp+28] 0040FFD4 68 B8B74300 push 0043B7B8 ; ASCII "Warning" 0040FFD9 52 push edx 0040FFDA 8BCE mov ecx, esi 0040FFDC E8 A3AC0100 call <jmp.&mfc42.#4224_CWnd::MessageB> 0040FFE1 33FF xor edi, edi 0040FFE3 57 push edi 0040FFE4 57 push edi 0040FFE5 89BE 80000000 mov dword ptr [esi+80], edi 0040FFEB FFD3 call ebx 0040FFED E9 B5050000 jmp 004105A7 0040FFF2 FF15 F4F04200 call dword ptr [<&kernel32.GetTickCou>; kernel32.GetTickCount 0040FFF8 33FF xor edi, edi 0040FFFA 8D8E DC2A0000 lea ecx, dword ptr [esi+2ADC] 00410000 57 push edi 00410001 68 F2000000 push 0F2 00410006 8986 90000000 mov dword ptr [esi+90], eax 0041000C FF15 40F74200 call dword ptr [<&softechsoftware.CBu>; softechs.CButtonST::SetIcon 00410012 393D 30555E00 cmp dword ptr [5E5530], edi 00410018 0F84 89050000 je 004105A7 0041001E A1 34555E00 mov eax, dword ptr [5E5534] 00410023 BB 01000000 mov ebx, 1 00410028 3BC3 cmp eax, ebx 0041002A 75 2A jnz short 00410056 0041002C 68 2C010000 push 12C 00410031 68 BC020000 push 2BC 00410036 891D 68585E00 mov dword ptr [5E5868], ebx 0041003C FF15 04F14200 call dword ptr [<&kernel32.Beep>] ; kernel32.Beep 00410042 8D8424 50010000 lea eax, dword ptr [esp+150] 00410049 53 push ebx 0041004A 50 push eax 0041004B FF15 F4F74200 call dword ptr [<&winmm.sndPlaySoundA>; WINMM.sndPlaySoundA 00410051 E9 51050000 jmp 004105A7 00410056 83F8 02 cmp eax, 2 00410059 75 14 jnz short 0041006F 0041005B 8D8C24 50030000 lea ecx, dword ptr [esp+350] 00410062 53 push ebx 00410063 51 push ecx 00410064 FF15 F4F74200 call dword ptr [<&winmm.sndPlaySoundA>; WINMM.sndPlaySoundA 0041006A E9 38050000 jmp 004105A7 0041006F 83F8 03 cmp eax, 3 00410072 0F85 2F050000 jnz 004105A7 00410078 57 push edi 00410079 68 C0B74300 push 0043B7C0 ; ASCII "Lineage" 0041007E 891D 68585E00 mov dword ptr [5E5868], ebx 00410084 FF15 7CF74200 call dword ptr [<&user32.FindWindowA>>; USER32.FindWindowA 0041008A 3BC7 cmp eax, edi 0041008C 0F84 15050000 je 004105A7 00410092 57 push edi 00410093 57 push edi 00410094 6A 10 push 10 00410096 50 push eax 00410097 FF15 60F74200 call dword ptr [<&user32.PostMessageA>; USER32.PostMessageA 0041009D 6A 0A push 0A 0041009F FF15 FCF04200 call dword ptr [<&kernel32.Sleep>] ; kernel32.Sleep 004100A5 E9 FD040000 jmp 004105A7 004100AA 57 push edi 004100AB 53 push ebx 004100AC E8 EFC2FFFF call 0040C3A0 004100B1 83C4 08 add esp, 8 004100B4 E9 EE040000 jmp 004105A7 004100B9 05 04F8FFFF add eax, -7FC 004100BE 83F8 17 cmp eax, 17 004100C1 0F87 E0040000 ja 004105A7 004100C7 FF2485 4C064100 jmp dword ptr [eax*4+41064C] 004100CE 57 push edi 004100CF 893D A4AE4300 mov dword ptr [43AEA4], edi 004100D5 E8 066D0000 call 00416DE0 004100DA 57 push edi 004100DB E8 10E4FFFF call 0040E4F0 004100E0 83C4 08 add esp, 8 004100E3 E9 BF040000 jmp 004105A7 004100E8 57 push edi 004100E9 E8 22E4FFFF call 0040E510 004100EE 83C4 04 add esp, 4 004100F1 E9 B1040000 jmp 004105A7 004100F6 57 push edi 004100F7 E8 34700000 call 00417130 004100FC 83C4 04 add esp, 4 004100FF E9 A3040000 jmp 004105A7 00410104 57 push edi 00410105 E8 26E4FFFF call 0040E530 0041010A 83C4 04 add esp, 4 0041010D E9 95040000 jmp 004105A7 00410112 89BE 50360000 mov dword ptr [esi+3650], edi 00410118 8B15 50585E00 mov edx, dword ptr [5E5850] 0041011E A1 4C585E00 mov eax, dword ptr [5E584C] 00410123 52 push edx 00410124 50 push eax 00410125 E8 A6E3FFFF call 0040E4D0 0041012A 83C4 08 add esp, 8 0041012D E9 75040000 jmp 004105A7 00410132 33FF xor edi, edi 00410134 3BDF cmp ebx, edi 00410136 75 18 jnz short 00410150 00410138 6A 30 push 30 0041013A 68 ACB74300 push 0043B7AC ; ASCII "Warning!" 0041013F 68 70B74300 push 0043B770 ; ASCII "Excuse me. Login again. ",LF,"2 minute later program will exit." 00410144 8BCE mov ecx, esi 00410146 E8 39AB0100 call <jmp.&mfc42.#4224_CWnd::MessageB> 0041014B E9 57040000 jmp 004105A7 00410150 8B8E A4000000 mov ecx, dword ptr [esi+A4] 00410156 68 70AF4300 push 0043AF70 0041015B 68 10B84300 push 0043B810 ; ASCII "%s" 00410160 8B51 74 mov edx, dword ptr [ecx+74] 00410163 52 push edx 00410164 E8 971E0100 call 00422000 00410169 68 70AF4300 push 0043AF70 0041016E 68 10B84300 push 0043B810 ; ASCII "%s" 00410173 56 push esi 00410174 E8 D7230000 call 00412550 00410179 A1 58585E00 mov eax, dword ptr [5E5858] 0041017E 83C4 18 add esp, 18 00410181 3BC7 cmp eax, edi 00410183 0F85 1E040000 jnz 004105A7 00410189 C705 38814300 0>mov dword ptr [438138], 4 00410193 C705 58585E00 0>mov dword ptr [5E5858], 1 0041019D 8B8E A0000000 mov ecx, dword ptr [esi+A0] 004101A3 E8 987D0000 call 00417F40 004101A8 E9 FA030000 jmp 004105A7 004101AD B9 01000000 mov ecx, 1 004101B2 E8 39BBFFFF call 0040BCF0 004101B7 8B2D FCF04200 mov ebp, dword ptr [<&kernel32.Sleep>; kernel32.Sleep 004101BD 6A 14 push 14 004101BF FFD5 call ebp 004101C1 8BCE mov ecx, esi 004101C3 E8 A80B0000 call 00410D70 004101C8 83FF 01 cmp edi, 1 004101CB 75 07 jnz short 004101D4 004101CD 8BCE mov ecx, esi 004101CF E8 8C0A0000 call 00410C60 004101D4 33FF xor edi, edi 004101D6 3BDF cmp ebx, edi 004101D8 76 3B jbe short 00410215 004101DA 83FB 15 cmp ebx, 15 004101DD 73 36 jnb short 00410215 004101DF 83FB 03 cmp ebx, 3 004101E2 74 31 je short 00410215 004101E4 8D049B lea eax, dword ptr [ebx+ebx*4] 004101E7 8D0480 lea eax, dword ptr [eax+eax*4] 004101EA 8D1C85 44AE4300 lea ebx, dword ptr [eax*4+43AE44] 004101F1 8B86 A4000000 mov eax, dword ptr [esi+A4] 004101F7 53 push ebx 004101F8 68 10B84300 push 0043B810 ; ASCII "%s" 004101FD 8B48 74 mov ecx, dword ptr [eax+74] 00410200 51 push ecx 00410201 E8 FA1D0100 call 00422000 00410206 53 push ebx 00410207 68 10B84300 push 0043B810 ; ASCII "%s" 0041020C 56 push esi 0041020D E8 3E230000 call 00412550 00410212 83C4 18 add esp, 18 00410215 68 64B74300 push 0043B764 ; ASCII "wParam=%d",LF 0041021A E8 31C3FFFF call 0040C550 0041021F 83C4 04 add esp, 4 00410222 C786 80000000 0>mov dword ptr [esi+80], 1 0041022C 6A 14 push 14 0041022E FFD5 call ebp 00410230 E8 F1A70100 call <jmp.&mfc42.#1168_AfxGetModuleSt> 00410235 8B40 04 mov eax, dword ptr [eax+4] 00410238 8D5424 24 lea edx, dword ptr [esp+24] 0041023C 6A 64 push 64 0041023E 52 push edx 0041023F 8B40 6C mov eax, dword ptr [eax+6C] 00410242 68 E6000000 push 0E6 00410247 50 push eax 00410248 FF15 84F74200 call dword ptr [<&user32.LoadStringA>>; USER32.LoadStringA 0041024E 8B96 A4000000 mov edx, dword ptr [esi+A4] 00410254 8D4C24 24 lea ecx, dword ptr [esp+24] 00410258 51 push ecx 00410259 68 10B84300 push 0043B810 ; ASCII "%s" 0041025E 8B42 74 mov eax, dword ptr [edx+74] 00410261 50 push eax 00410262 E8 991D0100 call 00422000 00410267 8D4C24 30 lea ecx, dword ptr [esp+30] 0041026B 51 push ecx 0041026C 68 10B84300 push 0043B810 ; ASCII "%s" 00410271 56 push esi 00410272 E8 D9220000 call 00412550 00410277 8B1D F4F74200 mov ebx, dword ptr [<&winmm.sndPlayS>; WINMM.sndPlaySoundA 0041027D 83C4 18 add esp, 18 00410280 8D9424 50010000 lea edx, dword ptr [esp+150] 00410287 6A 09 push 9 00410289 52 push edx 0041028A FFD3 call ebx 0041028C ^ E9 6AFCFFFF jmp 0040FEFB 00410291 33FF xor edi, edi 00410293 57 push edi 00410294 68 C0B74300 push 0043B7C0 ; ASCII "Lineage" 00410299 FF15 7CF74200 call dword ptr [<&user32.FindWindowA>>; USER32.FindWindowA 0041029F 3BC7 cmp eax, edi 004102A1 74 13 je short 004102B6 004102A3 57 push edi 004102A4 57 push edi 004102A5 6A 10 push 10 004102A7 50 push eax 004102A8 FF15 60F74200 call dword ptr [<&user32.PostMessageA>; USER32.PostMessageA 004102AE 6A 0A push 0A 004102B0 FF15 FCF04200 call dword ptr [<&kernel32.Sleep>] ; kernel32.Sleep 004102B6 8B4E 20 mov ecx, dword ptr [esi+20] 004102B9 57 push edi 004102BA 68 D0070000 push 7D0 004102BF 6A 0B push 0B 004102C1 51 push ecx 004102C2 FF15 ECF74200 call dword ptr [<&user32.SetTimer>] ; USER32.SetTimer 004102C8 FF15 B0F04200 call dword ptr [<&kernel32.GetSystemD>; kernel32.GetSystemDefaultLangID 004102CE 25 FFFF0000 and eax, 0FFFF 004102D3 2D 09040000 sub eax, 409 004102D8 74 6E je short 00410348 //改JMP 就不提示了 还是退出 004102DA 83E8 09 sub eax, 9 004102DD 74 40 je short 0041031F 004102DF 2D F2030000 sub eax, 3F2 004102E4 74 10 je short 004102F6 004102E6 68 04040000 push 404 004102EB FF15 B4F04200 call dword ptr [<&kernel32.SetThreadL>; kernel32.SetThreadLocale 004102F1 E9 B1020000 jmp 004105A7 004102F6 68 04080000 push 804 004102FB FF15 B4F04200 call dword ptr [<&kernel32.SetThreadL>; kernel32.SetThreadLocale 00410301 6A 10 push 10 00410303 68 5CB74300 push 0043B75C ; ASCII "Error" 00410308 68 E9000000 push 0E9 //提示绑定不一致的地址 0041030D 68 48B74300 push 0043B748 ; ASCII "User Name Invalid" 请高人帮忙分析下那里是关键的检测未绑定的地址? |
|
[原创]LE-Exe Executable Image *
正解 罗哥见识广啊 |
|
[原创]hmimys-Packer V1.2、1.3 脱脱脱
tc eip<``````` |
|
|
|
|
|
都把UnThemida 3.0 当个宝 我把它当个草
感谢我?你不是希望我早死么? |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值