|
Themida 1.8.0.0 Demo虚拟机分析(完成,共8章)
大牛又爆料了 ding |
|
[转帖][推荐]Python的decompile问题(1),(2),(3) by Team509
这个页憷荇憷牦问题,洳槟ie7,扉浏览,靓憷韩冼懋体,晕啊 这个页是不是有问题,我用ie7,一浏览,就是韩文字体,晕啊 |
|
请问如何调试Qbasic编译的exe文件,是否有办法将exe转换为bas
既然这样,你学一下tr吧 |
|
|
|
|
|
我们老总要我编一手机杀毒软件,
最初由 nbw 发布 nbw兄说法多少有点问题,呵呵 在手机上做x86虚拟机好像比做个简单杀软难吧 |
|
[转帖][推荐]Python的decompile问题(1),(2),(3) by Team509
ljtt 我的偶像级人物啊 |
|
|
|
|
|
|
|
|
|
|
|
[注意]ROR-Packer0.3(UnpackMe)
太牛了,向牛人学习 |
|
[注意]ROR-Packer0.3(UnpackMe)
好像是个输入法的木马 |
|
[注意]ROR-Packer0.3(UnpackMe)
看了一下,不是很容易搞定的,像我这样的菜鸟玩不起,呵呵 看来ldr都被你们这些高手玩烂了,呵呵 不过后来发现了一个问题,不知道是这个程序还是我的机器被木马感染了 发现如下很多字符串: Address Disassembly Text String 0093E7CB push 7C80F31C win.ini 0093FFF4 push 7C81106C conin$ 00940009 push 7C81105C conout$ 00940718 push 7C811FB0 scountry 009409AC push 7C80BCE4 sshortdate 00940A35 push 7C80BCE4 sshortdate 00940AC9 push 7C81C6E8 slongdate 00940AEC push 7C811FA4 dmy' 00940B65 push 7C811FA4 dmy' 00940C39 push 7C84E97C ipapersize 00940CBC push 7C84E964 syearmonth 009412E9 push 7C812310 sdecimal 00941331 push 7C812358 sthousand 0094137F push 7C8123A0 sgrouping 0094158F push 7C8125CC idate 009415F1 push 7C812630 itime 00943C8D mov dword ptr [ebp-224], 7C814E00 .dll 00944D05 push 7C816120 .%lu 00944D5E push 7C815210 .manifest 009456F9 push 7C816740 __compat_layer 009463AE push 7C817414 \nls\nlssectionctype 009464AE push 7C8175A0 \registry\machine\system\currentcontrolset\control\terminal server 0094651F push 7C817588 tsappcompat 009468B4 push 7C8178E8 \registry\machine\software 00946A08 push 7C817BF8 \nls\nlssectionunicode 00946C26 push 7C817C84 \nls\nlssectionlocale 00946CD3 push 7C817F0C \nls\nlssectionsorttbls 0094707B mov dword ptr [7C8830A8], 7C883980 chs 00947438 push 7C818AC4 \nls\nlssectionsortkey 0094757A push 7C818720 tmp 0094757F push 7C818708 basedll! 009475A5 push 7C883028 b 009475BD push 7C8186F4 \windows 009476D5 mov edi, 7C885BA0 c:\windows\system32;c:\windows\system;c:\windows; 009477A2 mov edx, 7C8187B0 \system 00947A40 push 7C818AC4 \nls\nlssectionsortkey 009480D8 push 7C81A1B8 debugger 00949A3F mov esi, 7C81AB48 \temp 00949AA0 push 7C81AB30 systemdrive 00949B7B push 7C88393C shimsharedmemory 00949CF7 mov dword ptr [ebp-218], 7C81ADC4 \system32\apphelp.dll 0094A6A0 push 7C80BCFC stimeformat 0094A72B push 7C81C094 inegcurr 0094A791 push 7C81C094 inegcurr 0094A7E9 push 7C81C034 icurrency 0094A845 push 7C81C094 inegcurr 0094A894 push 7C81C034 icurrency 0094A904 push 7C81C094 inegcurr 0094A955 push 7C81B978 spositivesign 0094A9B1 push 7C80BCE4 sshortdate 0094B057 push 7C81C080 scurrency 0094B0BF push 7C81C0E8 icurrdigits 0094B113 push 7C81C134 smondecimalsep 0094B165 push 7C81C188 smonthousandsep 0094B1BB push 7C81C1DC smongrouping 0094B209 push 7C81C22C snegativesign 0094B257 push 7C80BCE4 sshortdate 0094B28D push 7C8121B4 s1159 0094B2C3 push 7C8121A8 s2359 0094B2F9 push 7C81C320 sdate 0094B430 push 7C81218C icalendartype 0094B45F push 7C81C6E8 slongdate 0094B514 push 7C81C01C \nls\locale 0094B519 push 7C81BF50 \registry\machine\system\currentcontrolset\control 0094B54D push 7C81BFE4 \nls\locale\alternate sorts 0094B552 push 7C81BF50 \registry\machine\system\currentcontrolset\control 0094B586 push 7C81BFB8 \nls\language groups 0094B58B push 7C81BF50 \registry\machine\system\currentcontrolset\control 0094B6B5 push 7C81C6DC stime 0094B9CD push 7C81C898 \ 0094F265 push 7C820298 hostname 0094F26A push 7C8205B0 \registry\machine\system\currentcontrolset\services\tcpip\parameters 0094F4D0 mov ebx, 7C8316A8 computername 0094F4D6 push 7C820508 \registry\machine\system\currentcontrolset\control\computername\activecomputername 0094F4F2 push 7C82B738 \registry\machine\system\currentcontrolset\control\computername\computername 0094F63C push 7C820700 primarydnssuffix 0094F641 push 7C820680 \registry\machine\software\policies\microsoft\system\dnsclient 0094F660 push 7C82066C domain 0094FA86 push 7C81FC54 \\.\mountpointmanager 0094FE87 push 7C81FC54 \\.\mountpointmanager 00950DB1 push 7C821EE8 \?? 009579F1 push 7C828B44 .bat 00957A08 push 7C828B38 .cmd 0095816D mov eax, 7C829D00 wowexec.pif 00958238 mov ecx, 7C829CF4 .pif 009582A3 mov eax, 7C829CF4 .pif 0095850A push 7C829CD8 hotkey.%u %s 00958E80 push 7C829ED4 dde. 00958E9A push 7C829EC4 hotkey. 0095955C mov esi, 7C82A5B0 locale 009595E3 push 7C82A398 control panel\international 009597AD push 7C82A398 control panel\international 00959982 push 7C82AA1C \nls\muilanguages 00959987 push 7C81BF50 \registry\machine\system\currentcontrolset\control 00959E55 mov edx, 7C81C898 \ 0095A205 push 7C82A5B0 locale 0095A2C3 mov edi, 7C82B31C setup.exe 0095A467 push 7C88391C shimcachemutex 0095A49F push 7C88393C shimsharedmemory 0095A630 push 7C8316A8 computername 0095A64D push 7C82B6E4 network computername 0095A6A9 push 7C8316A8 computername 0095A8C4 push 7C82B94C \nls 0095B260 push 7C82C288 %ws 0095B6DC push 7C82C854 \\.\pipe\ 0095B708 push 7C82C830 \dosdevices\pipe\ 0095C2C7 push 7C81FC54 \\.\mountpointmanager 0095CAB2 push 7C82DAD4 " 0095CAC1 push 7C82DAD4 " 0095E2A2 push 7C82F338 .exe 0095F10C push 7C830130 slanguage 0095FB47 push 7C830B70 *.* 009606E2 push 7C831860 _cluster_network_name_ 00960709 push 7C8317E0 \registry\machine\system\currentcontrolset\control\computername 0096075F mov edi, 7C8317B8 activecomputername 0096091A push 7C8316A8 computername 009621B8 push 7C80F31C win.ini 00962239 push 7C83329C \/ 00962270 push 7C81C898 \ 00962527 mov edx, 7C80BCE4 sshortdate 0096258A push 7C80BCFC stimeformat 00962896 push 7C81218C icalendartype 009631DB push 7C8121A8 s2359 009633D9 push 7C8121B4 s1159 0096420F push 7C835238 icountry 00965A6A push 7C836A94 slist 00966225 push 7C81C034 icurrency 0096627B push 7C8372A4 idigits 009662D1 push 7C8372F4 ilzero 0096631B push 7C81C094 inegcurr 00966375 push 7C837398 ifirstdayofweek 009663D5 push 7C8373F8 ifirstweekofyear 00966433 push 7C837470 itlzero 00966493 push 7C8374B4 snativedigits 00966749 push 7C83776C inegnumber 009669C2 push 7C837910 nation 009669DF push 7C8378D0 control panel\international\geo 00966A5D push 7C84E998 region 00966ACF push 7C837BD0 \device\beep 00966D7A push 7C81C01C \nls\locale 00966D7F push 7C81BF50 \registry\machine\system\currentcontrolset\control 00966DB3 push 7C81BFE4 \nls\locale\alternate sorts 00966DB8 push 7C81BF50 \registry\machine\system\currentcontrolset\control 00966DEC push 7C81BFB8 \nls\language groups 00966DF1 push 7C81BF50 \registry\machine\system\currentcontrolset\control 0096744D push 7C838470 numshape 0096749B push 7C8384C4 imeasure 00967595 push 7C8385C0 \nls\codepage 0096759A push 7C81BF50 \registry\machine\system\currentcontrolset\control 00967869 push 7C81C6E8 slongdate 009678A3 push 7C80BCE4 sshortdate 0096792B push 7C80BCFC stimeformat 00967BD2 push 7C838C38 winsta 00967BE4 push 7C838C24 _winstationbeepopenwinsta 00968136 push 7C838F70 software\policies\microsoft\control panel\international\calendars\twodigityearmax 00968164 push 7C838F00 control panel\international\calendars\twodigityearmax 00968277 push 7C839298 itimeprefix 00968670 mov eax, 7C8396C0 \kernelobjects\lowmemorycondition 00968781 push 7C81BFE4 \nls\locale\alternate sorts 00968786 push 7C81BF50 \registry\machine\system\currentcontrolset\control 009687D2 push 7C81BFB8 \nls\language groups 009687D7 push 7C81BF50 \registry\machine\system\currentcontrolset\control 009688EE push 7C81C01C \nls\locale 009688F3 push 7C81BF50 \registry\machine\system\currentcontrolset\control 009689B4 push 7C839A6C \nls\nlssectioncp 00968C01 mov dword ptr [ebp-38], 7C84E93C command prompt 0096A798 push 7C83B7B4 \registry\user\.default 0096A877 push 7C81C898 \ 0096A894 push 7C81C898 \ 0096A97C push 7C81EDA4 = 0096B288 push 7C83C318 user32.dll 0096B2AB push 7C83C300 broadcastsystemmessagewuser32.dll 0096B471 push 7C84E55C \global?? 0096B52A push 7C83C79C symboliclink 0096B6D0 push 7C83C79C symboliclink 0096C5D9 push 7C84E570 advapi32.dll 0096E278 push 7C84E570 advapi32.dll 0096E42F push 7C84E570 advapi32.dll 0096E518 push 7C83F7C0 ~rf%4x.tmp 0096F5C3 push 7C84060C restricted 0096F62E push 7C8406B4 %ws\%ld%ws 0096F685 push 7C885310 psapi.dll 0096F9CD push 7C840A68 netmsg.dll 009700AD push 7C8411F0 pipe\ 00970129 mov esi, 7C8411CC \dosdevices\unc\ 00970368 mov esi, 7C81C898 \ 0097040B push 7C84148C c:\temp\ 00970AC6 mov dword ptr [ebp-218], 7C81ADC6 system32\apphelp.dll 00970E9B push 7C84207C embdtrst.dll 00970F4C push 7C842040 session manager 0097122C push 7C842548 \software\policies\microsoft\windows\safer\codeidentifiers 00971B1A push 7C8431F8 posix /p 00971BCE push 7C8431F4 00971DE5 push 7C82DAD4 " 00971E22 push 7C82DAD4 " 009724F8 mov eax, 7C843510 \kernelobjects\highmemorycondition 00972569 push 7C843684 globalroot 00972578 push 7C843658 globalroot\sessions\ 00972598 push 7C843684 globalroot 0097259D push 7C843630 %ws\dosdevices\%ws 009725B4 push 7C843658 globalroot\sessions\ 009725B9 push 7C843604 %ws%u\dosdevices\%ws 00972838 push 7C84E550 \??\ 00972EE5 push 7C84E71C tsappcmp.dll 00973134 push 7C84424C homedrive 00973142 push 7C844238 homepath 00973208 push 7C81C898 \ 00973212 push 7C844228 windows 009733AA push 7C81C898 \ 00973405 push 7C844694 .ctx 009741CD push 7C8452F8 \\?\globalroot 00974D68 mov dword ptr [ebp-298], 7C8460AC application.manifest 00975762 push 7C8836CC 挟 0097748C mov esi, 7C84E994 0 00977A9F push 7C838F70 software\policies\microsoft\control panel\international\calendars\twodigityearmax 00977AB9 push 7C838F00 control panel\international\calendars\twodigityearmax 00977EB6 push 7C81218C icalendartype 009781F3 push 7C84E964 syearmonth 0097BB5A push 7C81C22C snegativesign 0097BCC7 push 7C8372A4 idigits 0097BCEB push 7C8372F4 ilzero 0097BD11 push 7C83776C inegnumber 0097BD3A push 7C8123A0 sgrouping 0097BD62 push 7C812310 sdecimal 0097BDB8 push 7C812358 sthousand 0097C982 mov edx, 7C84E964 syearmonth 0097C9A3 mov edx, 7C81C6E8 slongdate 00984ECE push 7C883618 :$data 0098666B push 7C8852F4 dnsapi.dll 00986CAB push 7C8316A8 computername 00986CB0 push 7C82B738 \registry\machine\system\currentcontrolset\control\computername\computername 00986CDD push 7C8852F4 dnsapi.dll 00986D38 push 7C857D88 nv hostname 00986D3D push 7C8205B0 \registry\machine\system\currentcontrolset\services\tcpip\parameters 00986DB7 push 7C8852F4 dnsapi.dll 00986DFE push 7C857E28 nv domain 00986E03 push 7C8205B0 \registry\machine\system\currentcontrolset\services\tcpip\parameters 00986E5C push 7C84E470 optionalnames 00986E61 push 7C84E3D8 \registry\machine\system\currentcontrolset\services\lanmanserver\parameters 00986E8D push 7C84E520 alternatecomputernames 00986E92 push 7C84E490 \registry\machine\system\currentcontrolset\services\dnscache\parameters 00986EC7 mov edi, 7C84E520 alternatecomputernames 00986ECD mov esi, 7C84E490 \registry\machine\system\currentcontrolset\services\dnscache\parameters 00986F61 push 7C84E470 optionalnames 00986F66 push 7C84E3D8 \registry\machine\system\currentcontrolset\services\lanmanserver\parameters 00986F99 push 7C84E520 alternatecomputernames 00986F9E push 7C84E490 \registry\machine\system\currentcontrolset\services\dnscache\parameters 00986FF4 push 7C858084 . 0098710A push 7C82B738 \registry\machine\system\currentcontrolset\control\computername\computername 00987152 push 7C8316A8 computername 00987699 mov esi, 7C858BB8 a: 009876D5 mov dword ptr [ebp-654], 7C858BA4 \??\unc\ 009876F1 mov dword ptr [ebp-660], 7C84E550 \??\ 009877A6 push 7C858AE0 \device\lanmanredirector\; 0098780F push 7C858B18 \device\harddisk 00987829 push 7C858B3C \device\cdrom 00987843 push 7C858B58 \device\floppy 0098785D push 7C858B78 \device\windfs\ 009878CF push 7C858B98 \dfs 00987C7B mov ebx, 7C84E520 alternatecomputernames 00987C81 mov edi, 7C84E490 \registry\machine\system\currentcontrolset\services\dnscache\parameters 00987E48 push 7C84E520 alternatecomputernames 00987E4D push 7C84E490 \registry\machine\system\currentcontrolset\services\dnscache\parameters 00987F92 push 7C84E520 alternatecomputernames 00987F97 push 7C84E490 \registry\machine\system\currentcontrolset\services\dnscache\parameters 0098B1EE push 7C84E55C \global?? 0098BBE9 push 7C85CEE0 \registry\machine\system\currentcontrolset\control\session manager 0098BC07 push 7C85CEA4 pendingfilerenameoperations 0098BC17 push 7C85CE68 pendingfilerenameoperations%d 0098C4E8 push 7C84E570 advapi32.dll 0098D139 push 7C84E570 advapi32.dll 0098E78D push 7C84E570 advapi32.dll 0098FDD8 push 7C860E04 /c 00990BED push 7C861D20 advapi32.dll 00990C84 push 7C84E71C tsappcmp.dll 00990DD3 push 7C84E738 \inifile.upd 00991088 push 7C84E738 \inifile.upd 00992189 push 7C863888 auto 009921D8 push 7C81A1B8 debugger 009922AD push 7C863874 drwtsn32 00992317 push 7C863844 \system32\faultrep.dll 0099260C push 7C863828 %s\system32\ 00992698 mov dword ptr [ebp-67C], 7C863808 winsta0\default 00993A12 push 7C864B20 [system process] 00995403 push 7C885334 cfgmgr32.dll 00995447 push 7C8221BC cm_open_devnode_key< 0099547D push 7C86671C modem 009954CE push 7C866710 modem 00995521 mov dword ptr [ebp-8C], 7C8666F4 friendlyname 0099555E mov dword ptr [ebp-8C], 7C8666D8 configdialog 009955FE push 7C84E7F0 serialcomm 00996E83 push 7C867FB8 \registry\machine\system\currentcontrolset\control\wow 009977EA push 7C868AB0 size 009977F7 push 7C868AA0 cmdline 009977FE push 7C868A90 wowsize 0099780B push 7C868A78 wowcmdline 0099786F push 7C868A68 \system32\ntvdmwowcmdline 00997DE6 push 7C868EC0 $extend\$reparse:$r:$index_allocation 00997FCB push 7C81FC54 \\.\mountpointmanager 009980BD mov esi, 7C84E830 \dosdevices\ 009981B2 push 7C81FC54 \\.\mountpointmanager 00998304 push 7C81FC54 \\.\mountpointmanager 0099859C push 7C81FC54 \\.\mountpointmanager 009987BA mov esi, 7C84E830 \dosdevices\ 009988A2 push 7C81FC54 \\.\mountpointmanager 00998999 push 7C81FC54 \\.\mountpointmanager 00999838 push 7C84E7F0 serialcomm 0099E837 mov esi, 7C86F93C rcx 009A0107 push 7C871174 console.dll 009A03D3 mov dword ptr [ebp-474], 7C84E93C command prompt 009A11DA push 7C872258 gdi32 009A3CCE push 7C874D80 \registry\machine\software\microsoft\windows nt\currentversion\console 009A3CEA push 7C874D64 consoleime 009A3D31 push 7C874D4C conime.exe 009A3E42 push 7C874F50 consoleime_startup_event 009A543B push 7C81BFB8 \nls\language groups 009A5440 push 7C81BF50 \registry\machine\system\currentcontrolset\control 009A5516 push 7C876600 \registry\machine\system\currentcontrolset\control\nls\muilanguages 009A56C3 push 7C82A398 control panel\international 009A5743 push 7C82A398 control panel\international 009A57B2 push 7C80BCFC stimeformat 009A57E3 push 7C81C6DC stime 009A5811 push 7C812630 itime 009A583F push 7C837470 itlzero 009A586D push 7C839298 itimeprefix 009A5897 push 7C812630 itime 009A58BE push 7C80BCE4 sshortdate 009A58EC push 7C81C320 sdate 009A591A push 7C8125CC idate 009A5941 push 7C81C6DC stime 009A596B push 7C80BCFC stimeformat 009A598E push 7C81C320 sdate 009A59B8 push 7C80BCE4 sshortdate 009A5A76 mov edi, 7C838F00 control panel\international\calendars\twodigityearmax 009A5A92 push 7C876C08 control panel\international\calendars 009A5AED push 7C84E960 1 009A5B09 push 7C84E95C 2 009A5B25 push 7C876C00 9 009A5B41 push 7C876BF8 10 009A5B59 push 7C876BF0 11 009A5B71 push 7C876BE8 12 009A5CDB push 7C876D10 ( 009A5CED push 7C876D0C ) 009A61E3 push 7C877CE4 hhmst' 009A6203 push 7C80BCFC stimeformat 009A623F push 7C81C6DC stime 009A63AF push 7C80BCFC stimeformat 009A646D mov edi, 7C877CDC dmy 009A6541 push 7C877CD0 dmyg' 009A6560 mov eax, 7C84E994 0 009A656E mov eax, 7C84E960 1 009A6575 mov eax, 7C84E95C 2 009A65A1 push 7C877CD0 dmyg' 009A65C1 push 7C80BCE4 sshortdate 009A65FA push 7C81C320 sdate 009A672C push 7C877CDC dmy 009A67DE push 7C877CC8 my 009A680C mov esi, 7C877CC0 hh' 009A68A7 mov ebx, 7C877CB8 t' 009A68F5 mov ebx, 7C877CE4 hhmst' 009A694B push 7C877CAC hhms' 009A6979 push 7C877CAC hhms' 009A69B2 push 7C877CA0 hhms 009A69D2 push 7C877C94 hhmst 009A6A41 push 7C877CE4 hhmst' 009A6A5E mov ecx, 7C84E994 0 009A6A63 mov eax, 7C84E960 1 009A6E85 push 7C8385C0 \nls\codepage 009A6E8A push 7C81BF50 \registry\machine\system\currentcontrolset\control 009A6F2D mov edx, 7C81C898 \ 009A705E push 7C81BFB8 \nls\language groups 009A7063 push 7C81BF50 \registry\machine\system\currentcontrolset\control 009A7310 mov edx, 7C87847C locale_list_ 009A7349 mov edx, 7C878460 \inf\intl.inf 009A7513 push 7C8385C0 \nls\codepage 009A7518 push 7C81BF50 \registry\machine\system\currentcontrolset\control 009A7639 push 7C8786D4 65000 009A764B push 7C8786C8 65001 009A766A push 7C8786D4 65000 009A768D push 7C8786C8 65001 009A7A63 push 7C878BD0 - 009A7D08 push 7C837910 nation 009A7D0F push 7C84E998 region 009A7D2B push 7C8378D0 control panel\international\geo 009A90AC push 7C8385C0 \nls\codepage 009A90B1 push 7C81BF50 \registry\machine\system\currentcontrolset\control 009A90FF push 7C87A1BC maccp 009A9AC2 mov dword ptr [eax], 7C81C094 inegcurr 009A9AD8 mov dword ptr [eax], 7C81C034 icurrency 009A9AEE mov dword ptr [eax], 7C81C0E8 icurrdigits 009A9B04 mov dword ptr [eax], 7C81C1DC smongrouping 009A9B1A mov dword ptr [eax], 7C81C188 smonthousandsep 009A9B30 mov dword ptr [eax], 7C81C134 smondecimalsep 009A9B46 mov dword ptr [eax], 7C81C080 scurrency 009A9B5C mov dword ptr [eax], 7C8374B4 snativedigits 009A9B72 mov dword ptr [eax], 7C8372F4 ilzero 009A9B88 mov dword ptr [eax], 7C8372A4 idigits 009A9B9E mov dword ptr [eax], 7C8123A0 sgrouping 009A9BB4 mov dword ptr [eax], 7C812358 sthousand 009A9BCA mov dword ptr [eax], 7C812310 sdecimal 009A9BE0 mov dword ptr [eax], 7C8384C4 imeasure 009A9BF6 mov dword ptr [eax], 7C836A94 slist 009A9C0C mov dword ptr [eax], 7C81C6E8 slongdate 009A9C50 mov dword ptr [eax], 7C84E964 syearmonth 009A9C66 mov dword ptr [eax], 7C81C22C snegativesign 009A9C7C mov dword ptr [eax], 7C81B978 spositivesign 009A9C92 mov dword ptr [eax], 7C8121A8 s2359 009A9CA8 mov dword ptr [eax], 7C8121B4 s1159 009A9CBE mov dword ptr [eax], 7C81218C icalendartype 009A9CED mov dword ptr [eax], 7C838470 numshape 009A9D00 mov dword ptr [eax], 7C83776C inegnumber 009A9D13 mov dword ptr [eax], 7C8373F8 ifirstweekofyear 009A9D26 mov dword ptr [eax], 7C837398 ifirstdayofweek 009A9D39 mov dword ptr [eax], 7C84E97C ipapersize 009AA13F push 7C81C22C snegativesign 009AA818 push 7C81C0E8 icurrdigits 009AA83C push 7C8372F4 ilzero 009AA862 push 7C81C034 icurrency 009AA888 push 7C81C094 inegcurr 009AA8AE push 7C81C1DC smongrouping 009AA8D6 push 7C81C134 smondecimalsep 009AA92C push 7C81C188 smonthousandsep 009AA983 push 7C81C080 scurrency 009AAC6F mov esi, 7C87BDFC addhijridate 009AAC7E mov esi, 7C87BDD8 addhijridatetemp 009AAC8F push 7C82A398 control panel\international 009ABC7B push 7C81BFE4 \nls\locale\alternate sorts 009ABC80 push 7C81BF50 \registry\machine\system\currentcontrolset\control 009ABFB3 push 7C84E9A8 \nls\nlssectionlang_intl 009ABFDB push 7C87D18C \nls\nlssectionlang 009AC1D3 push 7C84E9A8 \nls\nlssectionlang_intl 009AEF59 push 7C87FF80 _ 009AEF61 push 7C87FF78 ._ 009C8C84 mov dword ptr [ebp-218], 77D70270 user32 009CE655 push 77D12E6C \windows 009CE74F push 77D12950 \windows\windowstations 009CE902 mov dword ptr [ebp-8], 77D12E58 ddemlmom 009CE94A mov dword ptr [ebp-38], 77D12E48 ddemlansiclientddemlmom 009CE981 mov dword ptr [ebp-8], 77D12E20 ddemlunicodeclient 009CE9B8 mov dword ptr [ebp-38], 77D12E10 ddemlansiserverddemlunicodeclient 009CE9EF mov dword ptr [ebp-8], 77D12DE8 ddemlunicodeserver 009CEB79 push 77D12BB8 \registry\machine\software\microsoft\windows nt\currentversion\windows 009CEBB7 push 77D12C48 appinit_dlls 009CEC4D push 77D12B08 \registry\machine\system\currentcontrolset\control\error message instrument\ 009CF841 mov edi, 77D70270 user32 009CFCEA push 77D119C8 ... 009D1775 mov eax, 77D703D8 ( 009D2A44 push 77D11A88 .com 009D2A57 push 77D11A7C .bat 009D2A6A push 77D11A70 .cmd 009D2A7D push 77D11A64 .pif 009D2A90 push 77D11A58 .lnk 009D2AA3 push 77D11A4C .ico 009D2AB6 push 77D11A40 .exe 009D445E push 77D11B78 ms shell dlg 009D47BB push 77D11B58 ms shell dlg 2 009D6A9C mov dword ptr [ebp-26C], 77D70270 user32 009D730A push 77D12074 setupapi.dll 009D73C2 push 77D12074 setupapi.dll 009D7C45 push 77D124A8 lastsweeptime 009D7D19 push 77D12870 \registry\machine\software\microsoft\windows nt\currentversion\type 1 installer\lasttype1sweep 009D7D1E push 77D12678 \registry\machine\software\microsoft\windows nt\currentversion\type 1 installer\type 1 fonts 009D7D4F push 77D12380 \registry\machine\software\microsoft\windows nt\currentversion\font drivers 009D89B7 push 77D120D8 (%#p) 009D951E push 77D12288 \registry\machine\system\currentcontrolset\control\keyboard layouts\ 009D95B2 push 77D12258 layout file 009D9606 push 77D12270 attributes 009D995C push 77D121B0 control panel\input method\hot keys 009D9A76 push 77D121F8 virtual key 009D9A83 push 77D12210 key modifiers 009D9A92 push 77D1222C target ime 009D9D82 push 77D125A0 keyboard layout\preload 009D9DD0 push 77D125D0 1 009DA2FF push 77D12864 %d 009DA30D push 77D1283C keyboardlayout.ini 009DA321 push 77D12814 preload 009DA352 push 77D1283C keyboardlayout.ini 009DA35F push 77D12824 substitutes 009DA481 push 77D12864 %d 009DA48F push 77D1283C keyboardlayout.ini 009DA4A3 push 77D12814 preload 009DA73B push 77D12F78 .bmp 009DB28A push 77D12364 \system32\ 009DB298 push 77D1234C $winnt$.inf 009DB2B3 push 77D12344 no 009DB2B8 push 77D12328 win31upgrade 009DB2BD push 77D1231C data 009DB2CC push 77D12314 yes 009DB3B1 push 77D125D8 \registry\machine\software\microsoft\windows nt\currentversion\lastfontsweep 009DB3B6 push 77D12418 \registry\machine\software\microsoft\windows nt\currentversion\fonts 009DB3C7 push 77D12870 \registry\machine\software\microsoft\windows nt\currentversion\type 1 installer\lasttype1sweep 009DB3CC push 77D12678 \registry\machine\software\microsoft\windows nt\currentversion\type 1 installer\type 1 fonts 009DB44F push 77D13248 (truetype) 009DB464 push 77D1338C .fot 009DB5CA push 77D124A8 lastsweeptime 009DB66F push 77D12738 \registry\machine\software\microsoft\windows nt\currentversion\type 1 installer\upgraded type1 009DB6B4 mov edi, 77D127F8 upgradedtype1 009DB752 push 77D12678 \registry\machine\software\microsoft\windows nt\currentversion\type 1 installer\type 1 fonts 009DD6D2 mov edi, 77D701C0 d 009DD819 push 77D12940 display 009DDC0A push 77D701C0 d 009E67AB push 77D11C34 0 009EA2DF push 77D11C34 0 009EA4D3 push 77D11C34 0 009EC06B mov eax, 77D70038 k杏w 009EC334 push 77D11A3C o 009EC34A push 77D11A38 p 009EC994 push 77D12060 imm32.dll 009ECF79 mov dword ptr [ebp-4], 77D11BC8 nmlkji 009ED111 mov dword ptr [ebp-4], 77D11BD8 gfedcb 009ED870 mov esi, 77D11A28 marlett 009EE26D push 77D12934 - [ 009EE2A0 push 77D12930 ] 009F032F push 77D12E84 x 009F0345 push 77D12E80 y 009F1D8C mov eax, 77D70950 ( 009F2269 mov dword ptr [ebp+8], 77D70270 user32 009F4AB5 push 77D12ED4 edit 009F5386 push 77D11C34 0 009F53AA push 77D11C34 0 009F7C8D push 77D70A10 pb040 009F835E push 77D13224 00000409 009F8378 push 77D13224 00000409 009F839A push 77D12F58 keyboard layout 009F83E0 push 77D13224 00000409 009F83F5 push 77D12F48 active 009F8462 push 77D12F34 e0010411 009F846F push 77D12F20 e0010412 009F847D push 77D12814 preload 009F84C8 push 77D125D0 1 009F84F6 push 77D12F48 active 009F8518 push 77D13224 00000409 009F89C7 push 77D13214 %8.8lx 009F8A13 mov esi, 77D13224 00000409 009F8B8D push 77D12F84 0 009F8BA1 push 77D12F98 p 009F8E21 push 77D13214 %8.8lx 009F8E4D mov esi, 77D12FD8 service-0x0000-0000$ 009F8F94 push 77D13004 layout id 009F9005 push 77D13048 \registry\machine\system\currentcontrolset\control\keyboard layout 009F90F9 mov dword ptr [ebp-3A4], 77D13030 kbdjpn.dll 009F9114 mov dword ptr [ebp-3A4], 77D13018 kbdkor.dll 009F9144 mov dword ptr [ebp-3A4], 77D12244 kbdus.dll 009F92E5 mov eax, 77D12244 kbdus.dll 009F9327 mov esi, 77D13224 00000409 009F975B push 77D12EA0 \sessions 009F9760 push 77D12E88 %ws\%ld%ws 009F9785 push 77D12E6C \windows 009F97BD push 77D12EA0 \sessions 009F97C2 push 77D12E88 %ws\%ld%ws 009F9A55 push 77D701C0 d 009FA911 push 77D130E8 abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz 009FAC99 push 77D131C4 \ 009FACFD push 77D131C4 \ 009FADAF push 77D12418 \registry\machine\software\microsoft\windows nt\currentversion\fonts 009FBB4A push 77D13154 enablelogging 009FBB79 push 77D13170 logseverity 009FBBB0 push 77D13188 enabledefaultreply 009FBC45 mov esi, 77D131B0 imm32.dll 009FEA49 push 77D12180 &%d %ws 009FEA5A push 77D12EEC &%d 00A0275A push 77D121B0 control panel\input method\hot keys 00A0276F push 77D131C4 \ 00A02880 push 77D121F8 virtual key 00A028A0 push 77D12210 key modifiers 00A028F0 push 77D1222C target ime 00A02E07 mov dword ptr [ebp-54], 77D70270 user32 00A04870 push 77D12288 \registry\machine\system\currentcontrolset\control\keyboard layouts\ 00A04943 push 77D12288 \registry\machine\system\currentcontrolset\control\keyboard layouts\ 00A049CA push 77D13300 ime file 00A04FC7 push 77D12288 \registry\machine\system\currentcontrolset\control\keyboard layouts\ 00A062F4 mov dword ptr [edx], 77D709B8 $ 00A0632A mov esi, 77D709B8 $ 00A06BF6 push 77D13328 netdde agent 00A06BFB push 77D13314 nddeagnt 00A08312 push 77D13238 user32 00A083C1 push 77D13360 0x%x 00A0847B push 77D13360 0x%x 00A0854A push 77D13360 0x%x 00A085BE push 77D4EC80 \registry\machine\software\microsoft\windows\currentversion\reliability 00A0861A push 77D598FC shutdowndostatesnapshot 00A086C4 push 77D598E0 \snapshot.dll 00A08734 push 77D59888 state snapshot took an exception\n 00A0877B push 77D59858 shutdownstatesnapshot 00A08951 push 77D4EC80 \registry\machine\software\microsoft\windows\currentversion\reliability 00A08995 push 77D599D0 shutdownreasonui 00A0A74B push 77D1337C system 00A0A75A push 77D1336C @system 00A0F6B2 push 77D131C4 \ 00A0F8B6 mov eax, 77D13248 (truetype) 00A11EBE mov esi, 77D133A0 x:\...\ 00A1212B mov dword ptr [ebp-228], 77D708B0 \* 00A12135 mov dword ptr [ebp-238], 77D708A8 \* 00A12158 mov esi, 77D708B6 * 00A12446 push 77D708B6 * 00A13052 push 77D133B8 mdia 00A1432D push 77D1341C ole32.dll 00A147F3 mov edi, 77D658CC ---------------------------\n\n 00A147FB push 77D13448 %s%s\n\n%s 00A14831 push 77D1343C \n\n%s 00A14882 push 77D13430 \n\n%s 00A149DF push 77D13460 \registry\machine\system\currentcontrolset\services\eventlog\application\error instrument\ 00A14A41 push 77D13518 eventmessagefile 00A14A7D push 77D13540 %systemroot%\system32\user32.dll 00A14AFF mov edi, 77D13594 %-#16p 00A14B2B push 77D13584 %-#16lx 00A14EEB push 77D135CC error instrument 00A1616A mov edi, 77D135F8 user32_readermode 00A16755 push 77D1361C userdefined 00A169C1 push 77D13238 user32 00A16A0D push 77D13678 software\microsoft\windows\currentversion\reliability 00A16A35 push 77D13638 shutdownignorepredefinedreasons 00A19810 mov esi, 77D709B8 $ 00A1A165 push 77D136E4 .hlp 00A1A1C7 push 77D136F0 hh.exe 00A1A615 push 77D13700 indicdll.dll 00A1A6B1 push 77D12060 imm32.dll 00A1C5DB push 77D119C8 ... 00A1C662 mov esi, 77D119C8 ... 00A1CE23 mov eax, 77D70048 #拗w 00A1CE3A mov eax, 77D70058 :拗w 00A1CE62 mov eax, 77D70050 b拗wy拗w:拗w 00A1CE79 mov eax, 77D70054 y拗w:拗w |
|
|
|
|
|
|
|
[转帖] Vista系统服务函数初探.By.无花果
最初由 skylly 发布 这个东西有啥好吃,收藏现用现查,呵呵 这个列表最有用的就是“编号”,如果没有编号定位其中函数稍微麻烦点 有了编号方便不少 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值