|
PECompact 2.x -> Jeremy Collake 脱壳遇到难题
73391000 >7C822294 kernel32.MoveFileA 73391004 >7C81FE92 kernel32.LockFile 73391008 >7C81FDDD kernel32.UnlockFile 7339100C >7C85B001 kernel32.RemoveDirectoryA 73391010 >7C801E16 kernel32.TerminateProcess 73391014 >7C9309ED ntdll.RtlSizeHeap 73391018 >7C80C6CF kernel32.SetHandleCount 7339101C >7C80CCA9 kernel32.ExitThread 73391020 >7C812BE6 kernel32.GetCPInfo 73391024 >7C80C6E0 kernel32.lstrlenA 73391028 >7C81E82A kernel32.GetOEMCP 7339102C >7C81DC3F kernel32.FreeEnvironmentStringsA 73391030 >7C81485F kernel32.FreeEnvironmentStringsW 73391034 >7C81CC23 kernel32.GetEnvironmentStringsA 73391038 >7C812C78 kernel32.GetEnvironmentStringsW 7339103C >7C81D8CB kernel32.SetStdHandle 73391040 >7C80A480 kernel32.GetStringTypeW 73391044 >7C8606DF kernel32.GetTempFileNameA 73391048 >7C810311 kernel32.lstrcpynA 7339104C >7C839308 kernel32._lclose 73391050 >7C839450 kernel32._llseek 73391054 >7C80CD58 kernel32.FlushFileBuffers 73391058 >7C826219 kernel32.CreateDirectoryA 7339105C >7C80B929 kernel32.lstrcmpiA 73391060 >7C930331 ntdll.RtlGetLastWin32Error 73391064 >7C80B529 kernel32.GetModuleHandleA 73391068 >7C81E835 kernel32.GetSystemDefaultLangID 7339106C >7C825F62 kernel32.FormatMessageA 73391070 >7C812929 kernel32.HeapCreate 73391074 >7C82293B kernel32.GetWindowsDirectoryA 73391078 >7C822A54 kernel32.GetPrivateProfileStringA 7339107C >7C838FB9 kernel32.lstrcatA 73391080 >7C801A24 kernel32.CreateFileA 73391084 >7C80180E kernel32.ReadFile 73391088 >7C809B77 kernel32.CloseHandle 7339108C >7C9210ED ntdll.RtlLeaveCriticalSection 73391090 >7C921005 ntdll.RtlEnterCriticalSection 73391094 >7C809FA1 kernel32.InitializeCriticalSection 73391098 >7C93188A ntdll.RtlDeleteCriticalSection 7339109C >7C80977B kernel32.InterlockedIncrement 733910A0 >7C809794 kernel32.InterlockedDecrement 733910A4 >7C80B664 kernel32.IsDBCSLeadByte 733910A8 >7C809EB3 kernel32.IsBadReadPtr 733910AC >7C809750 kernel32.TlsGetValue 733910B0 >7C80C729 kernel32.lstrcpyA 733910B4 >7C81E85C kernel32.DeleteFileA 733910B8 >7C81EE79 kernel32.lstrcmpA 733910BC >7C809737 kernel32.GetCurrentThreadId 733910C0 >7C9305D4 ntdll.RtlAllocateHeap 733910C4 >7C93043D ntdll.RtlFreeHeap 733910C8 >7C81082F kernel32.CreateThread 733910CC >7C8394AE kernel32.GetTimeZoneInformation 733910D0 >7C8226A9 kernel32.SetEnvironmentVariableA 733910D4 >7C81EAE1 kernel32.RaiseException 733910D8 >7C80CEC4 kernel32.LCMapStringW 733910DC >7C838CB9 kernel32.GetStringTypeA 733910E0 >7C80B25D kernel32.GetModuleFileNameW 733910E4 >7C81E685 kernel32.GetUserDefaultLangID 733910E8 >7C8260A9 kernel32.GetComputerNameA 733910EC >7C81FB44 kernel32.SetFileAttributesA 733910F0 >7C80EA66 kernel32.FileTimeToLocalFileTime 733910F4 >7C80E9EC kernel32.FileTimeToSystemTime 733910F8 >7C81F8E2 kernel32.GetFileTime 733910FC >7C81F955 kernel32.SetFileTime 73391100 >7C80C9C1 kernel32.GetLocalTime 73391104 >7C8556F9 kernel32.SetLocalTime 73391108 >7C957A40 ntdll.RtlUnwind 7339110C >7C802332 kernel32.CreateProcessW 73391110 >7C8112E3 kernel32.IsValidCodePage 73391114 >7C829047 kernel32.FormatMessageW 73391118 >7C801EEE kernel32.GetStartupInfoA 7339111C >7C862B8A kernel32.UnhandledExceptionFilter 73391120 >7C81CAA2 kernel32.ExitProcess 73391124 >7C821F87 kernel32.GetShortPathNameA 73391128 >7C823053 kernel32.SetCurrentDirectoryA 7339112C >7C875D7F kernel32.GetStringTypeExA 73391130 >7C827052 kernel32.GetVolumeInformationA 73391134 >7C813559 kernel32.FindFirstFileA 73391138 >7C839019 kernel32.FindNextFileA 7339113C >7C80EFD7 kernel32.FindClose 73391140 >7C809B14 kernel32.VirtualFree 73391144 >7C812AC6 kernel32.GetSystemInfo 73391148 >7C809A81 kernel32.VirtualAlloc 7339114C >7C801AD0 kernel32.VirtualProtect 73391150 >7C839277 kernel32.FlushInstructionCache 73391154 >7C86114D kernel32.WinExec 73391158 >7C809A39 kernel32.lstrlenW 7339115C >7C80B8EC kernel32.lstrcpyW 73391160 >7C810F9F kernel32.WriteFile 73391164 >7C81F850 kernel32.SetEndOfFile 73391168 >7C810DA6 kernel32.SetFilePointer 7339116C >7C80176B kernel32.GetSystemTime 73391170 >7C810D34 kernel32.SystemTimeToFileTime 73391174 >7C80E00D kernel32.GetCurrentProcess 73391178 >7C80E016 kernel32.DuplicateHandle 7339117C >7C81E92A kernel32.ResumeThread 73391180 >7C812C8D kernel32.GetCommandLineA 73391184 >7C809BF5 kernel32.TlsSetValue 73391188 >7C813453 kernel32.TlsFree 7339118C >7C812B0F kernel32.TlsAlloc 73391190 >7C8114AB kernel32.GetVersion 73391194 >7C80A34E kernel32.CompareStringW 73391198 >7C80A823 kernel32.lstrcmpiW 7339119C >7C8097F4 kernel32.MulDiv 733911A0 >7C802367 kernel32.CreateProcessA 733911A4 >7C81AAE7 kernel32.GetExitCodeProcess 733911A8 >7C801D4F kernel32.LoadLibraryExA 733911AC >7C809CAD kernel32.MultiByteToWideChar 733911B0 >7C802530 kernel32.WaitForSingleObject 733911B4 >7C809C4C kernel32.ResetEvent 733911B8 >7C809C28 kernel32.SetEvent 733911BC >7C81E4BD kernel32.CreateEventA 733911C0 >7C80994E kernel32.GetCurrentProcessId 733911C4 >7C8092AC kernel32.GetTickCount 733911C8 >7C81486A kernel32.GetEnvironmentVariableA 733911CC >7C82D582 kernel32.FreeResource 733911D0 >7C80C865 kernel32.GetSystemDefaultLCID 733911D4 >7C80BB57 kernel32.IsBadCodePtr 733911D8 >7C809FC0 kernel32.GetUserDefaultLCID 733911DC >7C814C63 kernel32.GetSystemDirectoryA 733911E0 >7C801D77 kernel32.LoadLibraryA 733911E4 >7C80AC28 kernel32.GetProcAddress 733911E8 >7C812851 kernel32.GetVersionExA 733911EC >7C802442 kernel32.Sleep 733911F0 >7C81E19A kernel32.GlobalDeleteAtom 733911F4 >7C811110 kernel32.HeapDestroy 733911F8 >7C80AA97 kernel32.SetErrorMode 733911FC >7C823039 kernel32.GlobalAddAtomA 73391200 >7C80C8C4 kernel32.ReleaseSemaphore 73391204 >7C832E2B kernel32.LCMapStringA 73391208 >7C812B8D kernel32.CreateSemaphoreA 7339120C >7C80B859 kernel32.VirtualQuery 73391210 >7C822D47 kernel32.GetProfileStringA 73391214 >7C80A0C7 kernel32.WideCharToMultiByte 73391218 >7C9379FD ntdll.RtlReAllocateHeap 7339121C >7C822CFB kernel32.GetDriveTypeA 73391220 >7C80D293 kernel32.CompareStringA 73391224 >7C81174C kernel32.GetFileAttributesA 73391228 >7C8397A1 kernel32.GetCurrentDirectoryA 7339122C >7C80B357 kernel32.GetModuleFileNameA 73391230 >7C930340 ntdll.RtlSetLastWin32Error 73391234 >7C81367C kernel32.GetFullPathNameA 73391238 >7C826A01 kernel32.SearchPathA 7339123C >7C811069 kernel32.GetFileType 73391240 >7C810082 kernel32.GlobalUnlock 73391244 >7C80FE2F kernel32.GlobalFree 73391248 >7C80C7B1 kernel32.FindResourceA 7339124C >7C80A065 kernel32.LoadResource 73391250 >7C80BAF1 kernel32.SizeofResource 73391254 >7C80FF2D kernel32.GlobalAlloc 73391258 >7C839166 kernel32.GlobalSize 7339125C >7C838F36 kernel32.GlobalHandle 73391260 >7C8125C9 kernel32.GlobalReAlloc 73391264 >7C810119 kernel32.GlobalLock 73391268 >7C838D93 kernel32._lwrite 7339126C >7C839418 kernel32._lread 73391270 >7C80C6CF kernel32.SetHandleCount 73391274 >7C8221CF kernel32.GetTempPathA 73391278 >7C80AA66 kernel32.FreeLibrary 7339127C >7C80D47E kernel32.GetLocaleInfoA 73391280 >7C812CA9 kernel32.GetStdHandle 73391284 >7C809943 kernel32.GetACP 73391288 00000000 7339128C >77D6A92C USER32.DdeAbandonTransaction 73391290 >77D5A44B USER32.DdeGetLastError 73391294 >77D61369 USER32.DdeCreateDataHandle 73391298 >77D6198D USER32.DdeCmpStringHandles 7339129C >77D55E8C USER32.SetCursorPos 733912A0 >77D3DA71 USER32.EnumClipboardFormats 733912A4 >77D1E8CE USER32.DestroyIcon 733912A8 >77D1D051 USER32.GetAsyncKeyState 733912AC >77D4F815 USER32.WaitForInputIdle 733912B0 >77D1C4AE USER32.GetForegroundWindow 733912B4 >77D3FBFE USER32.VkKeyScanW 733912B8 >77D3E621 USER32.SetWindowsHookExW 733912BC >77D66365 USER32.keybd_event 733912C0 >77D191F3 USER32.CharUpperBuffW 733912C4 >77D1ACE9 USER32.CharUpperBuffA 733912C8 >77D19C57 USER32.CharLowerBuffW 733912CC >77D3F245 USER32.FindWindowW 733912D0 >77D3F3C6 USER32.FindWindowA 733912D4 >77D3AEF1 USER32.MessageBoxIndirectA 733912D8 >77D288E1 USER32.DialogBoxParamA 733912DC >77D1FACD USER32.EnumThreadWindows 733912E0 >77D34E3E USER32.GetLastActivePopup 733912E4 >77D25380 USER32.SetActiveWindow 733912E8 >77D3F4DC USER32.LoadImageA 733912EC >77D24315 USER32.RegisterClassExA 733912F0 >77D1F5FE USER32.FrameRect 733912F4 >77D35EA0 USER32.CreateDialogParamA 733912F8 >77D35C98 USER32.IsDialogMessageA 733912FC >77D1FC3C USER32.EnableMenuItem 73391300 >77D1D787 USER32.ShowCursor 73391304 >77D3ECF2 USER32.OemToCharA 73391308 >77D3F8DD USER32.CharToOemBuffA 7339130C >77D3F82E USER32.GetWindowTextA 73391310 >77D26CC9 USER32.EndDialog 73391314 >77D35D61 USER32.DrawTextA 73391318 >77D3152F USER32.SendDlgItemMessageA 7339131C >77D360D5 USER32.SetDlgItemTextA 73391320 >77D1EB14 USER32.GetWindowPlacement 73391324 >77D18F75 USER32.GetSystemMetrics 73391328 >77D267A8 USER32.LoadBitmapA 7339132C >77D18BCE USER32.TranslateMessage 73391330 >77D1BCBD USER32.DispatchMessageA 73391334 >77D1BC8E USER32.MsgWaitForMultipleObjects 73391338 >77D193E9 USER32.WaitMessage 7339133C >77D3EDEB USER32.PostQuitMessage 73391340 >77D1C43C USER32.GetKeyboardLayout 73391344 >77D3F29F USER32.UnhookWindowsHookEx 73391348 >77D18E00 USER32.RegisterWindowMessageA 7339134C >77D56BEC USER32.CreateCursor 73391350 >77D56C4F USER32.CreateIcon 73391354 >77D18CA3 USER32.PostMessageW 73391358 >77D19278 USER32.PeekMessageW 7339135C >77D1EE3C USER32.GetPropA 73391360 >77D1EEA2 USER32.RemovePropA 73391364 >77D1EDFA USER32.SetPropA 73391368 >77D266A7 USER32.SetForegroundWindow 7339136C >77D34EE0 USER32.ClipCursor 73391370 >77D1E34B USER32.CallWindowProcA 73391374 >77D4F685 USER32.DefFrameProcA 73391378 >77D1C379 USER32.GetKeyState 7339137C >77D252A4 USER32.GetDlgItem 73391380 >77D1B7DB USER32.IsWindow 73391384 >77D3E438 USER32.UnregisterClassA 73391388 >77D22316 USER32.RegisterClassA 7339138C >77D4016E USER32.AdjustWindowRect 73391390 >77D5A299 USER32.GetTabbedTextExtentA 73391394 >77D5A1DD USER32.TabbedTextOutA 73391398 >77D1D3C5 USER32.FillRect 7339139C >77D1AD9B USER32.CharToOemA 733913A0 >77D5050B USER32.MessageBoxA 733913A4 >77D1A2DE USER32.wsprintfA 733913A8 >77D350CF USER32.WinHelpA 733913AC >77D1D7BB USER32.GetDesktopWindow 733913B0 >77D1B46E USER32.SetRect 733913B4 >77D18FF9 USER32.GetWindowDC 733913B8 >77D1E8CE USER32.DestroyIcon 733913BC >77D34D4A USER32.GetClassInfoA 733913C0 >77D220A2 USER32.AdjustWindowRectEx 733913C4 >77D2375B USER32.GetMenuItemCount 733913C8 >77D3724D USER32.RemoveMenu 733913CC >77D4EF6E USER32.GetMenuStringA 733913D0 >77D6A24B USER32.DdeClientTransaction 733913D4 >77D60DF1 USER32.DdeGetData 733913D8 >77D3F0F1 USER32.GetCaretPos 733913DC >77D3EC6A USER32.CharPrevA 733913E0 >77D3EC40 USER32.CharNextA 733913E4 >77D1CE3B USER32.GetUpdateRgn 733913E8 >77D1BCEC USER32.GetUpdateRect 733913EC >77D1C531 USER32.PtInRect 733913F0 >77D38551 USER32.ChildWindowFromPointEx 733913F4 >77D1C9A4 USER32.ReleaseCapture 733913F8 >77D1C988 USER32.SetCapture 733913FC >77D1C64D USER32.InflateRect 73391400 >77D1B57C USER32.GetWindowRect 73391404 >77D1BF2C USER32.ClientToScreen 73391408 >77D1D515 USER32.MoveWindow 7339140C >77D1C592 USER32.IsWindowEnabled 73391410 >77D1BEF3 USER32.IsChild 73391414 >77D1FDAE USER32.SetParent 73391418 >77D1C48A USER32.IsIconic 7339141C >77D1D420 USER32.IsZoomed 73391420 >77D4F6D4 USER32.DefMDIChildProcA 73391424 >77D402D3 USER32.MessageBeep 73391428 >77D1CEFD USER32.PeekMessageA 7339142C >77D1DB62 USER32.PostMessageA 73391430 >77D3EC98 USER32.LoadStringA 73391434 >77D2716C USER32.AppendMenuA 73391438 >77D1E3A1 USER32.DestroyMenu 7339143C >77D37138 USER32.CreatePopupMenu 73391440 >77D1C210 USER32.GetMessageTime 73391444 >77D1C6E4 USER32.GetMessagePos 73391448 >77D1F623 USER32.DrawFocusRect 7339144C >77D56969 USER32.CopyAcceleratorTableA 73391450 >77D32DD1 USER32.GetWindowRgn 73391454 >77D18D03 USER32.CharUpperA 73391458 >77D1FE8E USER32.TranslateMDISysAccel 7339145C >77D37C72 USER32.SubtractRect 73391460 >77D1C676 USER32.IsRectEmpty 73391464 >77D2019F USER32.InvalidateRgn 73391468 >77D1B49D USER32.InvalidateRect 7339146C >77D1C03D USER32.CopyRect 73391470 >77D1F21D USER32.GetDCEx 73391474 >77D1B3E7 USER32.IntersectRect 73391478 >77D3F50D USER32.LoadAcceleratorsA 7339147C >77D3F117 USER32.BringWindowToTop 73391480 >77D18A58 USER32.GetWindowThreadProcessId 73391484 >77D2674F USER32.AttachThreadInput 73391488 >77D1BDD1 USER32.EqualRect 7339148C >77D1C4D4 USER32.EnableWindow 73391490 >77D1E5DC USER32.SetFocus 73391494 >77D1E2AE USER32.SendMessageA 73391498 >77D402B2 USER32.SetWindowsHookExA 7339149C >77D1E032 USER32.GetClassNameA 733914A0 >77D1E8FA USER32.LoadCursorA 733914A4 >77D1C6A8 USER32.SetCursor 733914A8 >77D1DED3 USER32.SetWindowLongA 733914AC >77D1C298 USER32.GetWindow 733914B0 >77D1C640 USER32.GetFocus 733914B4 >77D1E7B8 USER32.GetSystemMenu 733914B8 >77D1ED6E USER32.CallNextHookEx 733914BC >77D1B5D7 USER32.GetParent 733914C0 >77D1E666 USER32.DestroyWindow 733914C4 >77D1DC5A USER32.SetWindowTextA 733914C8 >77D1C78E USER32.SetWindowPos 733914CC >77D1C064 USER32.UpdateWindow 733914D0 >77D2190B USER32.CreateWindowExA 733914D4 >77D20554 USER32.SystemParametersInfoA 733914D8 >77D194FF USER32.GetCapture 733914DC >77D1C57E USER32.WindowFromPoint 733914E0 >77D1C5B8 USER32.ScreenToClient 733914E4 >77D18C06 USER32.SetTimer 733914E8 >77D1BD8E USER32.IsWindowVisible 733914EC >77D1D4DE USER32.ShowWindow 733914F0 >77D18C1A USER32.KillTimer 733914F4 >77D18697 USER32.GetDC 733914F8 >77D1866D USER32.ReleaseDC 733914FC >77D1B9D7 USER32.MapWindowPoints 73391500 >77D1C566 USER32.GetCursorPos 73391504 >77D1CECD USER32.GetCursor 73391508 >77D1B4D9 USER32.OffsetRect 7339150C >77D1E9A1 USER32.GetIconInfo 73391510 >77D1DF6B USER32.DefWindowProcA 73391514 >77D1B4B1 USER32.BeginPaint 73391518 >77D1B556 USER32.GetClientRect 7339151C >77D1B4C5 USER32.EndPaint 73391520 >77D18E50 USER32.GetSysColor 73391524 >77D1DF1E USER32.GetActiveWindow 73391528 >77D1947C USER32.GetWindowLongA 7339152C >77D57DBC USER32.DdeConnect 73391530 >77D69F4D USER32.DdePostAdvise 73391534 >77D57FBD USER32.DdeDisconnect 73391538 >77D61A43 USER32.DdeCreateStringHandleA 7339153C >77D6A8D1 USER32.DdeSetUserHandle 73391540 >77D38381 USER32.DdeNameService 73391544 >77D61B70 USER32.DdeFreeStringHandle 73391548 >77D5A32A USER32.DdeUninitialize 7339154C >77D5A4EE USER32.DdeInitializeA 73391550 >77D614E2 USER32.DdeFreeDataHandle 73391554 >77D6A74F USER32.DdeQueryConvInfo 73391558 >77D61C96 USER32.DdeQueryStringA 7339155C >77D32420 USER32.DrawFrameControl 73391560 >77D1F6BB USER32.SetScrollRange 73391564 >77D1F780 USER32.SetScrollPos 73391568 >77D1CDED USER32.IsClipboardFormatAvailable 7339156C >77D2F84F USER32.LockWindowUpdate 73391570 >77D3F002 USER32.CharLowerBuffA 73391574 >77D1EEF7 USER32.OpenClipboard 73391578 >77D3FF10 USER32.SetClipboardData 7339157C >77D3FCB2 USER32.GetClipboardData 73391580 >77D3F105 USER32.GetCaretBlinkTime 73391584 >77D3FE82 USER32.EmptyClipboard 73391588 >77D1EEE5 USER32.CloseClipboard 7339158C >77D1CBF7 USER32.CreateCaret 73391590 >77D1CC0B USER32.SetCaretPos 73391594 >77D4EEAB USER32.GetWindowTextLengthA 73391598 >77D1BFB0 USER32.DestroyCaret 7339159C >77D1CB5F USER32.ShowCaret 733915A0 >77D1CB4B USER32.HideCaret 733915A4 >77D35D98 USER32.DrawTextExA 733915A8 >77D1F66F USER32.GetScrollPos 733915AC >77D40345 USER32.GetClipboardFormatNameA 733915B0 >77D21DE0 USER32.SetWindowRgn 733915B4 >77D553F9 USER32.ToAscii 733915B8 >77D23A2F USER32.GetScrollInfo 733915BC >77D35F7A USER32.DestroyAcceleratorTable 733915C0 >77D20142 USER32.ShowScrollBar 733915C4 >77D6AA06 USER32.SetMenuItemInfoA 733915C8 >77D1902C USER32.SetScrollInfo 733915CC >77D238EC USER32.GetMenuItemInfoA 733915D0 >77D3F0B4 USER32.GetQueueStatus 733915D4 >77D1EF49 USER32.SetKeyboardState 733915D8 >77D1EF35 USER32.GetKeyboardState 733915DC >77D64F16 USER32.TrackPopupMenu 733915E0 >77D1FFDD USER32.GetDoubleClickTime 733915E4 >77D3563B USER32.SetWindowContextHelpId 733915E8 >77D1E87B USER32.DeleteMenu 733915EC >77D370EB USER32.SetMenuDefaultItem 733915F0 >77D4F3BC USER32.DrawMenuBar 733915F4 >77D4EEE8 USER32.GetMenuItemID 733915F8 >77D34F9A USER32.InsertMenuA 733915FC >77D2355A USER32.GetSubMenu 73391600 >77D2363F USER32.CreateMenu 73391604 >77D3EABE USER32.GetMenu 73391608 >77D4F116 USER32.SetMenu 7339160C >77D1CDCB USER32.BeginDeferWindowPos 73391610 >77D4EF2B USER32.ModifyMenuA 73391614 >77D2711B USER32.CheckMenuItem 73391618 >77D3EBB0 USER32.PostThreadMessageA 7339161C >77D1CD9F USER32.EndDeferWindowPos 73391620 >77D1CE13 USER32.DeferWindowPos 73391624 >77D401A2 USER32.VkKeyScanA 73391628 >77D3EED5 USER32.CharLowerA 7339162C >77D3749F USER32.GetMenuState 73391630 >77D301EF USER32.DrawIcon 73391634 >77D2760B USER32.IsCharAlphaA 73391638 >77D221AE USER32.LoadIconA 7339163C >77D3557F USER32.GetClassInfoExA 73391640 >77D531BA USER32.CreateAcceleratorTableA 73391644 00000000 73391648 >77EF89AF GDI32.UnrealizeObject 7339164C >77EF9B6C GDI32.CreatePen 73391650 >77EF5C59 GDI32.SetBkColor 73391654 >77EF5FD5 GDI32.CreateSolidBrush 73391658 >77EF6A3B GDI32.DeleteObject 7339165C >77EF5BA7 GDI32.SetTextColor 73391660 >77EFB4D2 GDI32.CreatePatternBrush 73391664 >77EF601F GDI32.CreateBitmap 73391668 >77EF9012 GDI32.ExtTextOutA 7339166C >77EF59A0 GDI32.SelectObject 73391670 >77EF5D0B GDI32.SetBkMode 73391674 >77EF8DB8 GDI32.GetBitmapBits 73391678 >77EF9A82 GDI32.GetObjectA 7339167C >77EFC333 GDI32.GetTextExtentPointA 73391680 >77EFD10C GDI32.CreateFontIndirectA 73391684 >77EFA208 GDI32.CombineRgn 73391688 >77EFA48E GDI32.SetRectRgn 7339168C >77EF75C3 GDI32.CreateRectRgn 73391690 >77EF80CF GDI32.CreateRectRgnIndirect 73391694 >77EF76B1 GDI32.ExtSelectClipRgn 73391698 >77EFA37F GDI32.OffsetRgn 7339169C >77F24EC4 GDI32.PtInRegion 733916A0 >77EF8DD7 GDI32.CreatePalette 733916A4 >77EF82DE GDI32.SelectPalette 733916A8 >77EF78DC GDI32.SelectClipRgn 733916AC >77EF78F7 GDI32.OffsetWindowOrgEx 733916B0 >77EF6899 GDI32.IntersectClipRect 733916B4 >77EF6CA6 GDI32.DeleteDC 733916B8 >77EF6DC0 GDI32.BitBlt 733916BC >77EF7988 GDI32.SetViewportOrgEx 733916C0 >77EF5E10 GDI32.CreateCompatibleDC 733916C4 >77EF6E51 GDI32.CreateCompatibleBitmap 733916C8 >77EF97BE GDI32.RestoreDC 733916CC >77EFBD89 GDI32.RealizePalette 733916D0 >77EFA990 GDI32.SetROP2 733916D4 >77EF9884 GDI32.SaveDC 733916D8 >77EF68E4 GDI32.GetClipBox 733916DC >77EF94AD GDI32.SetWindowOrgEx 733916E0 >77EF8665 GDI32.ExcludeClipRect 733916E4 >77EFD547 GDI32.CreateHalftonePalette 733916E8 >77EFA821 GDI32.GetTextMetricsA 733916EC >77EF86B0 GDI32.PatBlt 733916F0 >77F1B463 GDI32.EnumFontsA 733916F4 >77EF9F44 GDI32.TranslateCharsetInfo 733916F8 >77EFC6A8 GDI32.GetROP2 733916FC >77EF8834 GDI32.SetBrushOrgEx 73391700 >77EF58A2 GDI32.GetDeviceCaps 73391704 >77EF7FA3 GDI32.GetObjectType 73391708 >77F0E923 GDI32.CreatePenIndirect 7339170C >77EFAA29 GDI32.CreateBrushIndirect 73391710 >77EFBACF GDI32.Rectangle 73391714 >77EF5FF1 GDI32.GetStockObject 73391718 >77F2385B GDI32.Arc 7339171C >77EF9D07 GDI32.LineTo 73391720 >77EF9C60 GDI32.MoveToEx 73391724 >77F1BEA4 GDI32.Pie 73391728 >77EFC83B GDI32.Ellipse 7339172C >77EF9D5F GDI32.SetStretchBltMode 73391730 >77EFD35B GDI32.GetPixel 73391734 >77EFD73B GDI32.GetTextExtentPoint32A 73391738 >77EFD4AA GDI32.SetPixelV 7339173C >77EFB8B7 GDI32.StretchDIBits 73391740 >77EF82A1 GDI32.GetCurrentObject 73391744 >77EFC449 GDI32.TextOutA 73391748 >77EF84D4 GDI32.GetBkColor 7339174C >77EFC6FC GDI32.StretchBlt 73391750 >77EFB52C GDI32.CreateDIBitmap 73391754 >77F03F6C GDI32.CloseMetaFile 73391758 >77F0E3B6 GDI32.SetWindowExtEx 7339175C >77F1A025 GDI32.CreateMetaFileA 73391760 >77F05BB1 GDI32.EndDoc 73391764 >77F23412 GDI32.AbortDoc 73391768 >77F06AA6 GDI32.StartPage 7339176C >77F05923 GDI32.EndPage 73391770 >77F245B9 GDI32.StartDocA 73391774 >77EFCE55 GDI32.CreateDCA 73391778 >77F23369 GDI32.ResetDCA 7339177C >77F07FBB GDI32.Escape 73391780 >77F1C352 GDI32.ScaleViewportExtEx 73391784 >77F0E45F GDI32.SetViewportExtEx 73391788 >77EFA8F7 GDI32.SetMapMode 7339178C >77F0E745 GDI32.DeleteMetaFile 73391790 >77F0DFF1 GDI32.PlayMetaFile 73391794 >77F23532 GDI32.SetAbortProc 73391798 >77EFDCC0 GDI32.DeleteEnhMetaFile 7339179C >77F0453F GDI32.PlayEnhMetaFile 733917A0 >77EFCF18 GDI32.CreateICA 733917A4 >77EFDFA3 GDI32.GetEnhMetaFileHeader 733917A8 >77F1C433 GDI32.ScaleWindowExtEx 733917AC >77EFABC8 GDI32.GetWindowOrgEx 733917B0 >77EFCDEF GDI32.GetPaletteEntries 733917B4 >77EF9610 GDI32.CreateDIBSection 733917B8 >77F0B662 GDI32.CloseEnhMetaFile 733917BC >77F0C556 GDI32.CreateEnhMetaFileA 733917C0 >77EF8195 GDI32.LPtoDP 733917C4 >77F231F3 GDI32.EqualRgn 733917C8 >77EFAC3B GDI32.ExtCreateRegion 733917CC >77EF9FC5 GDI32.GetDIBits 733917D0 >77EF9921 GDI32.SetTextAlign 733917D4 >77EF7AB5 GDI32.GetWindowExtEx 733917D8 >77EF7B2D GDI32.GetViewportExtEx 733917DC >77F0433D GDI32.CopyMetaFileA 733917E0 >77F07E70 GDI32.CopyEnhMetaFileA 733917E4 >77F24968 GDI32.PathToRegion 733917E8 >77F04CCB GDI32.EndPath 733917EC >77F04C4B GDI32.BeginPath 733917F0 >77F24911 GDI32.WidenPath 733917F4 >77EF8528 GDI32.GetTextColor 733917F8 >77EFAB59 GDI32.GetMapMode 733917FC >77EFD6AC GDI32.SetDIBColorTable 73391800 >77F1B486 GDI32.RoundRect 73391804 >77F2315A GDI32.CreateEllipticRgnIndirect 73391808 >77F0FF4C GDI32.CreateRoundRectRgn 7339180C >77EFD55B GDI32.GetSystemPaletteEntries 73391810 >77EF8E07 GDI32.GetNearestColor 73391814 >77F233BF GDI32.CreateHatchBrush 73391818 00000000 7339181C >77DB6C22 ADVAPI32.ReportEventA 73391820 >77DA7883 ADVAPI32.RegQueryValueExA 73391824 >77DA6BF0 ADVAPI32.RegCloseKey 73391828 >77DA761B ADVAPI32.RegOpenKeyExA 7339182C >77DCC41B ADVAPI32.RegOpenKeyA 73391830 >77DA77B3 ADVAPI32.SetSecurityDescriptorDacl 73391834 >77DA778E ADVAPI32.InitializeSecurityDescriptor 73391838 >77DCCC10 ADVAPI32.RegQueryValueA 7339183C >77DCC123 ADVAPI32.RegDeleteKeyA 73391840 >77DCCAC3 ADVAPI32.RegEnumKeyA 73391844 >77DAEBE7 ADVAPI32.RegSetValueExA 73391848 >77DCD5BB ADVAPI32.RegCreateKeyA 7339184C >77DB6F49 ADVAPI32.RegSetValueA 73391850 >77DAEDE5 ADVAPI32.RegDeleteValueA 73391854 >77DB6AD0 ADVAPI32.RegisterEventSourceA 73391858 >77DB6943 ADVAPI32.DeregisterEventSource 7339185C >77DCC1B5 ADVAPI32.RegQueryInfoKeyA 73391860 >77DCC8C1 ADVAPI32.RegEnumKeyExA 73391864 >77DCC534 ADVAPI32.AdjustTokenPrivileges 73391868 >77DCD11B ADVAPI32.LookupPrivilegeValueA 7339186C >77DA7753 ADVAPI32.OpenProcessToken 73391870 >77DAD7CC ADVAPI32.RegSetValueExW 73391874 >77DA770F ADVAPI32.RegOpenKeyW 73391878 >77DC9884 ADVAPI32.RegDeleteKeyW 7339187C >77DAEEF1 ADVAPI32.RegDeleteValueW 73391880 >77DAD649 ADVAPI32.RegEnumKeyW 73391884 >77DA8081 ADVAPI32.RegEnumValueW 73391888 >77DBCF4A ADVAPI32.RegEnumValueA 7339188C >77DA6FC8 ADVAPI32.RegQueryValueExW 73391890 >77DC8F7D ADVAPI32.RegCreateKeyW 73391894 00000000 73391898 >76A79919 ole32.OleCreateLinkToFile 7339189C >769A204C ole32.CoTaskMemFree 733918A0 >76A2C3E3 ole32.BindMoniker 733918A4 >769BB899 ole32.CoLockObjectExternal 733918A8 >769A4F91 ole32.RegisterDragDrop 733918AC >769A5051 ole32.RevokeDragDrop 733918B0 >76A7FB0A ole32.DoDragDrop 733918B4 >769CEA61 ole32.CreateILockBytesOnHGlobal 733918B8 >76A2A529 ole32.OleFlushClipboard 733918BC >76A2A379 ole32.OleIsCurrentClipboard 733918C0 >76A28712 ole32.OleCreateMenuDescriptor 733918C4 >76A289AC ole32.OleDestroyMenuDescriptor 733918C8 >76A28404 ole32.OleTranslateAccelerator 733918CC >769C5EC4 ole32.CreateDataAdviseHolder 733918D0 >769C89BA ole32.CreateOleAdviseHolder 733918D4 >769F1BFC ole32.CoRegisterClassObject 733918D8 >769D431A ole32.CoRevokeClassObject 733918DC >76A048A4 ole32.CLSIDFromString 733918E0 >76A27152 ole32.OleDoAutoConvert 733918E4 >76A25979 ole32.OleRegGetUserType 733918E8 >769EE30E ole32.OleSaveToStream 733918EC >769B3D0C ole32.ReadClassStg 733918F0 >769C8D37 ole32.ReadClassStm 733918F4 >76A88C63 ole32.OleConvertIStorageToOLESTREAM 733918F8 >76A88FA7 ole32.OleConvertOLESTREAMToIStorage 733918FC >76A8B6CA ole32.StgIsStorageILockBytes 73391900 >76A8B375 ole32.StgOpenStorageOnILockBytes 73391904 >769CEB91 ole32.StgCreateDocfileOnILockBytes 73391908 >76A2BB84 ole32.OleCreateFromData 7339190C >769C63D2 ole32.OleCreateLinkFromData 73391910 >76A82633 ole32.OleGetIconOfClass 73391914 >769DCADE ole32.OleGetClipboard 73391918 >769D4703 ole32.OleSetClipboard 7339191C >76A798CE ole32.OleCreateLink 73391920 >769A2068 ole32.CoTaskMemAlloc 73391924 >769C5B74 ole32.OleGetAutoConvert 73391928 >76A79964 ole32.OleCreateFromFile 7339192C >769A7485 ole32.CoMarshalInterface 73391930 >769E8BAF ole32.CoUnmarshalInterface 73391934 >769A974A ole32.CreateStreamOnHGlobal 73391938 >769E0F0D ole32.StringFromCLSID 7339193C >769A2CFA ole32.StringFromGUID2 73391940 >769F29DD ole32.CLSIDFromProgID 73391944 >769E09EE ole32.ProgIDFromCLSID 73391948 >769EF356 ole32.CoGetClassObject 7339194C >769D6009 ole32.CoCreateInstance 73391950 >769CABC1 ole32.MkParseDisplayName 73391954 >769F54D2 ole32.CoIsOle1Class 73391958 >769DD032 ole32.OleQueryLinkFromData 7339195C >769DD064 ole32.OleQueryCreateFromData 73391960 >76A2E51F ole32.GetClassFile 73391964 >769A471B ole32.CreateBindCtx 73391968 >76A78720 ole32.OleDuplicateData 7339196C >769D57F7 ole32.ReleaseStgMedium 73391970 >769F3FB3 ole32.OleSetMenuDescriptor 73391974 >76A02DA0 ole32.CoRegisterMessageFilter 73391978 >769D9539 ole32.OleUninitialize 7339197C >769D949B ole32.OleInitialize 73391980 >769A3053 ole32.CoGetMalloc 73391984 >769C4E33 ole32.OleRegGetMiscStatus 73391988 >769A42A9 ole32.CoCreateGuid 7339198C >76A0114D ole32.IIDFromString 73391990 >769DD1E0 ole32.CoFreeUnusedLibraries 73391994 >769BDD69 ole32.CoDisconnectObject 73391998 >76A2825B ole32.IsAccelerator 7339199C >769C40E7 ole32.OleIsRunning 733919A0 >769F404F ole32.OleRun 733919A4 >76A77FFC ole32.OleLockRunning 733919A8 >769B3A42 ole32.StgCreateDocfile 733919AC >769B3CE2 ole32.WriteClassStg 733919B0 >769CA19E ole32.OleSave 733919B4 >769AAE59 ole32.StgOpenStorage 733919B8 >76A27C9D ole32.OleLoad 733919BC 00000000 733919C0 >77157777 OLEAUT32.OleCreatePropertyFrame 733919C4 >7711BBB4 OLEAUT32.OleTranslateColor 733919C8 >770F4C3B OLEAUT32.SysStringLen 733919CC >770F48C0 OLEAUT32.VariantClear 733919D0 >770F4BC2 OLEAUT32.SysAllocString 733919D4 >770F4920 OLEAUT32.VariantInit 733919D8 >7711A594 OLEAUT32.OleCreateFontIndirect 733919DC >7711A08A OLEAUT32.OleCreatePictureIndirect 733919E0 >770F4850 OLEAUT32.SysFreeString 733919E4 >7711CCC7 OLEAUT32.OaBuildVersion 733919E8 >770F4B59 OLEAUT32.SysAllocStringLen 733919EC >770F4C55 OLEAUT32.SysAllocStringByteLen 733919F0 >770F71A2 OLEAUT32.SetErrorInfo 733919F4 >770FB577 OLEAUT32.CreateErrorInfo 733919F8 >770F66D9 OLEAUT32.VariantChangeType 733919FC >77134C1A OLEAUT32.DispGetParam 73391A00 >770FA62D OLEAUT32.LoadTypeLib 73391A04 >7711CAC3 OLEAUT32.GetErrorInfo 73391A08 >770FE526 OLEAUT32.LoadRegTypeLib 73391A0C >7710A5C5 OLEAUT32.RegisterTypeLib 73391A10 >770F4CA8 OLEAUT32.SysStringByteLen 73391A14 >7715D3ED OLEAUT32.UnRegisterTypeLib 73391A18 >770FB8DC OLEAUT32.LHashValOfNameSys 73391A1C >770F9BE2 OLEAUT32.LoadTypeLibEx 73391A20 >770F5010 OLEAUT32.SafeArrayAccessData 73391A24 >7711D498 OLEAUT32.SafeArrayGetElemsize 73391A28 >770F503F OLEAUT32.SafeArrayUnaccessData 73391A2C >7711C2E9 OLEAUT32.SafeArrayCreate 73391A30 >77155D80 OLEAUT32.OleLoadPicture 73391A34 >770F4E82 OLEAUT32.SafeArrayGetDim 73391A38 >7711D295 OLEAUT32.VariantCopy 73391A3C >7711D348 OLEAUT32.VariantCopyInd 73391A40 >770F4E9A OLEAUT32.SafeArrayDestroy 73391A44 >770F65C4 OLEAUT32.VariantChangeTypeEx 73391A48 >771345F7 OLEAUT32.CreateDispTypeInfo 73391A4C >77110E56 OLEAUT32.SafeArrayDestroyData 73391A50 >77134C85 OLEAUT32.DispInvoke 73391A54 >770F504F OLEAUT32.SafeArrayGetUBound 73391A58 >77134C65 OLEAUT32.DispGetIDsOfNames 73391A5C >7711C427 OLEAUT32.SafeArrayGetElement 73391A60 >7711C4CD OLEAUT32.SafeArrayPutElement 73391A64 >770F509B OLEAUT32.SafeArrayGetLBound 73391A68 >77104215 OLEAUT32.SafeArrayCopy 73391A6C >77155167 OLEAUT32.OleIconToCursor 73391A70 >7711C5DB OLEAUT32.SafeArrayRedim 73391A74 >7713990E OLEAUT32.SafeArrayAllocDescriptor 73391A78 >770FB5A5 OLEAUT32.SafeArrayDestroyDescriptor 73391A7C >7711C039 OLEAUT32.RevokeActiveObject 73391A80 >770F4DA0 OLEAUT32.SafeArrayLock 73391A84 >770F4DCD OLEAUT32.SafeArrayUnlock 73391A88 >7711C274 OLEAUT32.SafeArrayAllocData 73391A8C >7711C99D OLEAUT32.SysReAllocStringLen 73391A90 >77135515 OLEAUT32.GetActiveObject 73391A94 >7713DA1F OLEAUT32.VarDateFromStr 73391A98 >7711D9A1 OLEAUT32.VarCyFromI4 73391A9C >77102122 OLEAUT32.VarR8FromStr 73391AA0 >7711C780 OLEAUT32.VarBstrFromI4 73391AA4 >7711CBE8 OLEAUT32.VarBstrFromR4 73391AA8 >7711CB58 OLEAUT32.VarBstrFromI2 73391AAC >77118D74 OLEAUT32.VarBstrFromDate 73391AB0 >771337A3 OLEAUT32.VarBstrFromCy 73391AB4 >77100811 OLEAUT32.VarBstrFromR8 73391AB8 >7711B856 OLEAUT32.VarI4FromStr 73391ABC >7710FE2D OLEAUT32.VarI4FromR8 73391AC0 >7711BE82 OLEAUT32.VarI2FromStr 73391AC4 >771325C8 OLEAUT32.VarCyFromStr 73391AC8 >7711B9FC OLEAUT32.VarR4FromStr 73391ACC >770F92ED OLEAUT32.LHashValOfNameSysA 73391AD0 >770FBFFC OLEAUT32.SysReAllocString 73391AD4 00000000 73391AD8 >8B565553 73391ADC 85142474 73391AE0 01B857F6 73391AE4 75000000 上面是我用OD 查找的IAT IAT 的起始地址为73391000 -73391ADO 那大小填00000AD0 RVA值多少呢 |
|
PECompact 2.x -> Jeremy Collake 脱壳遇到难题
73391000 >7C822294 kernel32.MoveFileA 73391004 >7C81FE92 kernel32.LockFile 73391008 >7C81FDDD kernel32.UnlockFile 7339100C >7C85B001 kernel32.RemoveDirectoryA 73391010 >7C801E16 kernel32.TerminateProcess 73391014 >7C9309ED ntdll.RtlSizeHeap 73391018 >7C80C6CF kernel32.SetHandleCount 7339101C >7C80CCA9 kernel32.ExitThread 73391020 >7C812BE6 kernel32.GetCPInfo 73391024 >7C80C6E0 kernel32.lstrlenA 73391028 >7C81E82A kernel32.GetOEMCP 7339102C >7C81DC3F kernel32.FreeEnvironmentStringsA 73391030 >7C81485F kernel32.FreeEnvironmentStringsW 73391034 >7C81CC23 kernel32.GetEnvironmentStringsA 73391038 >7C812C78 kernel32.GetEnvironmentStringsW 7339103C >7C81D8CB kernel32.SetStdHandle 73391040 >7C80A480 kernel32.GetStringTypeW 73391044 >7C8606DF kernel32.GetTempFileNameA 73391048 >7C810311 kernel32.lstrcpynA 7339104C >7C839308 kernel32._lclose 73391050 >7C839450 kernel32._llseek 73391054 >7C80CD58 kernel32.FlushFileBuffers 73391058 >7C826219 kernel32.CreateDirectoryA 7339105C >7C80B929 kernel32.lstrcmpiA 73391060 >7C930331 ntdll.RtlGetLastWin32Error 73391064 >7C80B529 kernel32.GetModuleHandleA 73391068 >7C81E835 kernel32.GetSystemDefaultLangID 7339106C >7C825F62 kernel32.FormatMessageA 73391070 >7C812929 kernel32.HeapCreate 73391074 >7C82293B kernel32.GetWindowsDirectoryA 73391078 >7C822A54 kernel32.GetPrivateProfileStringA 7339107C >7C838FB9 kernel32.lstrcatA 73391080 >7C801A24 kernel32.CreateFileA 73391084 >7C80180E kernel32.ReadFile 73391088 >7C809B77 kernel32.CloseHandle 7339108C >7C9210ED ntdll.RtlLeaveCriticalSection 73391090 >7C921005 ntdll.RtlEnterCriticalSection 73391094 >7C809FA1 kernel32.InitializeCriticalSection 73391098 >7C93188A ntdll.RtlDeleteCriticalSection 7339109C >7C80977B kernel32.InterlockedIncrement 733910A0 >7C809794 kernel32.InterlockedDecrement 733910A4 >7C80B664 kernel32.IsDBCSLeadByte 733910A8 >7C809EB3 kernel32.IsBadReadPtr 733910AC >7C809750 kernel32.TlsGetValue 733910B0 >7C80C729 kernel32.lstrcpyA 733910B4 >7C81E85C kernel32.DeleteFileA 733910B8 >7C81EE79 kernel32.lstrcmpA 733910BC >7C809737 kernel32.GetCurrentThreadId 733910C0 >7C9305D4 ntdll.RtlAllocateHeap 733910C4 >7C93043D ntdll.RtlFreeHeap 733910C8 >7C81082F kernel32.CreateThread 733910CC >7C8394AE kernel32.GetTimeZoneInformation 733910D0 >7C8226A9 kernel32.SetEnvironmentVariableA 733910D4 >7C81EAE1 kernel32.RaiseException 733910D8 >7C80CEC4 kernel32.LCMapStringW 733910DC >7C838CB9 kernel32.GetStringTypeA 733910E0 >7C80B25D kernel32.GetModuleFileNameW 733910E4 >7C81E685 kernel32.GetUserDefaultLangID 733910E8 >7C8260A9 kernel32.GetComputerNameA 733910EC >7C81FB44 kernel32.SetFileAttributesA 733910F0 >7C80EA66 kernel32.FileTimeToLocalFileTime 733910F4 >7C80E9EC kernel32.FileTimeToSystemTime 733910F8 >7C81F8E2 kernel32.GetFileTime 733910FC >7C81F955 kernel32.SetFileTime 73391100 >7C80C9C1 kernel32.GetLocalTime 73391104 >7C8556F9 kernel32.SetLocalTime 73391108 >7C957A40 ntdll.RtlUnwind 7339110C >7C802332 kernel32.CreateProcessW 73391110 >7C8112E3 kernel32.IsValidCodePage 73391114 >7C829047 kernel32.FormatMessageW 73391118 >7C801EEE kernel32.GetStartupInfoA 7339111C >7C862B8A kernel32.UnhandledExceptionFilter 73391120 >7C81CAA2 kernel32.ExitProcess 73391124 >7C821F87 kernel32.GetShortPathNameA 73391128 >7C823053 kernel32.SetCurrentDirectoryA 7339112C >7C875D7F kernel32.GetStringTypeExA 73391130 >7C827052 kernel32.GetVolumeInformationA 73391134 >7C813559 kernel32.FindFirstFileA 73391138 >7C839019 kernel32.FindNextFileA 7339113C >7C80EFD7 kernel32.FindClose 73391140 >7C809B14 kernel32.VirtualFree 73391144 >7C812AC6 kernel32.GetSystemInfo 73391148 >7C809A81 kernel32.VirtualAlloc 7339114C >7C801AD0 kernel32.VirtualProtect 73391150 >7C839277 kernel32.FlushInstructionCache 73391154 >7C86114D kernel32.WinExec 73391158 >7C809A39 kernel32.lstrlenW 7339115C >7C80B8EC kernel32.lstrcpyW 73391160 >7C810F9F kernel32.WriteFile 73391164 >7C81F850 kernel32.SetEndOfFile 73391168 >7C810DA6 kernel32.SetFilePointer 7339116C >7C80176B kernel32.GetSystemTime 73391170 >7C810D34 kernel32.SystemTimeToFileTime 73391174 >7C80E00D kernel32.GetCurrentProcess 73391178 >7C80E016 kernel32.DuplicateHandle 7339117C >7C81E92A kernel32.ResumeThread 73391180 >7C812C8D kernel32.GetCommandLineA 73391184 >7C809BF5 kernel32.TlsSetValue 73391188 >7C813453 kernel32.TlsFree 7339118C >7C812B0F kernel32.TlsAlloc 73391190 >7C8114AB kernel32.GetVersion 73391194 >7C80A34E kernel32.CompareStringW 73391198 >7C80A823 kernel32.lstrcmpiW 7339119C >7C8097F4 kernel32.MulDiv 733911A0 >7C802367 kernel32.CreateProcessA 733911A4 >7C81AAE7 kernel32.GetExitCodeProcess 733911A8 >7C801D4F kernel32.LoadLibraryExA 733911AC >7C809CAD kernel32.MultiByteToWideChar 733911B0 >7C802530 kernel32.WaitForSingleObject 733911B4 >7C809C4C kernel32.ResetEvent 733911B8 >7C809C28 kernel32.SetEvent 733911BC >7C81E4BD kernel32.CreateEventA 733911C0 >7C80994E kernel32.GetCurrentProcessId 733911C4 >7C8092AC kernel32.GetTickCount 733911C8 >7C81486A kernel32.GetEnvironmentVariableA 733911CC >7C82D582 kernel32.FreeResource 733911D0 >7C80C865 kernel32.GetSystemDefaultLCID 733911D4 >7C80BB57 kernel32.IsBadCodePtr 733911D8 >7C809FC0 kernel32.GetUserDefaultLCID 733911DC >7C814C63 kernel32.GetSystemDirectoryA 733911E0 >7C801D77 kernel32.LoadLibraryA 733911E4 >7C80AC28 kernel32.GetProcAddress 733911E8 >7C812851 kernel32.GetVersionExA 733911EC >7C802442 kernel32.Sleep 733911F0 >7C81E19A kernel32.GlobalDeleteAtom 733911F4 >7C811110 kernel32.HeapDestroy 733911F8 >7C80AA97 kernel32.SetErrorMode 733911FC >7C823039 kernel32.GlobalAddAtomA 73391200 >7C80C8C4 kernel32.ReleaseSemaphore 73391204 >7C832E2B kernel32.LCMapStringA 73391208 >7C812B8D kernel32.CreateSemaphoreA 7339120C >7C80B859 kernel32.VirtualQuery 73391210 >7C822D47 kernel32.GetProfileStringA 73391214 >7C80A0C7 kernel32.WideCharToMultiByte 73391218 >7C9379FD ntdll.RtlReAllocateHeap 7339121C >7C822CFB kernel32.GetDriveTypeA 73391220 >7C80D293 kernel32.CompareStringA 73391224 >7C81174C kernel32.GetFileAttributesA 73391228 >7C8397A1 kernel32.GetCurrentDirectoryA 7339122C >7C80B357 kernel32.GetModuleFileNameA 73391230 >7C930340 ntdll.RtlSetLastWin32Error 73391234 >7C81367C kernel32.GetFullPathNameA 73391238 >7C826A01 kernel32.SearchPathA 7339123C >7C811069 kernel32.GetFileType 73391240 >7C810082 kernel32.GlobalUnlock 73391244 >7C80FE2F kernel32.GlobalFree 73391248 >7C80C7B1 kernel32.FindResourceA 7339124C >7C80A065 kernel32.LoadResource 73391250 >7C80BAF1 kernel32.SizeofResource 73391254 >7C80FF2D kernel32.GlobalAlloc 73391258 >7C839166 kernel32.GlobalSize 7339125C >7C838F36 kernel32.GlobalHandle 73391260 >7C8125C9 kernel32.GlobalReAlloc 73391264 >7C810119 kernel32.GlobalLock 73391268 >7C838D93 kernel32._lwrite 7339126C >7C839418 kernel32._lread 73391270 >7C80C6CF kernel32.SetHandleCount 73391274 >7C8221CF kernel32.GetTempPathA 73391278 >7C80AA66 kernel32.FreeLibrary 7339127C >7C80D47E kernel32.GetLocaleInfoA 73391280 >7C812CA9 kernel32.GetStdHandle 73391284 >7C809943 kernel32.GetACP 73391288 00000000 7339128C >77D6A92C USER32.DdeAbandonTransaction 73391290 >77D5A44B USER32.DdeGetLastError 73391294 >77D61369 USER32.DdeCreateDataHandle 73391298 >77D6198D USER32.DdeCmpStringHandles 7339129C >77D55E8C USER32.SetCursorPos 733912A0 >77D3DA71 USER32.EnumClipboardFormats 733912A4 >77D1E8CE USER32.DestroyIcon 733912A8 >77D1D051 USER32.GetAsyncKeyState 733912AC >77D4F815 USER32.WaitForInputIdle 733912B0 >77D1C4AE USER32.GetForegroundWindow 733912B4 >77D3FBFE USER32.VkKeyScanW 733912B8 >77D3E621 USER32.SetWindowsHookExW 733912BC >77D66365 USER32.keybd_event 733912C0 >77D191F3 USER32.CharUpperBuffW 733912C4 >77D1ACE9 USER32.CharUpperBuffA 733912C8 >77D19C57 USER32.CharLowerBuffW 733912CC >77D3F245 USER32.FindWindowW 733912D0 >77D3F3C6 USER32.FindWindowA 733912D4 >77D3AEF1 USER32.MessageBoxIndirectA 733912D8 >77D288E1 USER32.DialogBoxParamA 733912DC >77D1FACD USER32.EnumThreadWindows 733912E0 >77D34E3E USER32.GetLastActivePopup 733912E4 >77D25380 USER32.SetActiveWindow 733912E8 >77D3F4DC USER32.LoadImageA 733912EC >77D24315 USER32.RegisterClassExA 733912F0 >77D1F5FE USER32.FrameRect 733912F4 >77D35EA0 USER32.CreateDialogParamA 733912F8 >77D35C98 USER32.IsDialogMessageA 733912FC >77D1FC3C USER32.EnableMenuItem 73391300 >77D1D787 USER32.ShowCursor 73391304 >77D3ECF2 USER32.OemToCharA 73391308 >77D3F8DD USER32.CharToOemBuffA 7339130C >77D3F82E USER32.GetWindowTextA 73391310 >77D26CC9 USER32.EndDialog 73391314 >77D35D61 USER32.DrawTextA 73391318 >77D3152F USER32.SendDlgItemMessageA 7339131C >77D360D5 USER32.SetDlgItemTextA 73391320 >77D1EB14 USER32.GetWindowPlacement 73391324 >77D18F75 USER32.GetSystemMetrics 73391328 >77D267A8 USER32.LoadBitmapA 7339132C >77D18BCE USER32.TranslateMessage 73391330 >77D1BCBD USER32.DispatchMessageA 73391334 >77D1BC8E USER32.MsgWaitForMultipleObjects 73391338 >77D193E9 USER32.WaitMessage 7339133C >77D3EDEB USER32.PostQuitMessage 73391340 >77D1C43C USER32.GetKeyboardLayout 73391344 >77D3F29F USER32.UnhookWindowsHookEx 73391348 >77D18E00 USER32.RegisterWindowMessageA 7339134C >77D56BEC USER32.CreateCursor 73391350 >77D56C4F USER32.CreateIcon 73391354 >77D18CA3 USER32.PostMessageW 73391358 >77D19278 USER32.PeekMessageW 7339135C >77D1EE3C USER32.GetPropA 73391360 >77D1EEA2 USER32.RemovePropA 73391364 >77D1EDFA USER32.SetPropA 73391368 >77D266A7 USER32.SetForegroundWindow 7339136C >77D34EE0 USER32.ClipCursor 73391370 >77D1E34B USER32.CallWindowProcA 73391374 >77D4F685 USER32.DefFrameProcA 73391378 >77D1C379 USER32.GetKeyState 7339137C >77D252A4 USER32.GetDlgItem 73391380 >77D1B7DB USER32.IsWindow 73391384 >77D3E438 USER32.UnregisterClassA 73391388 >77D22316 USER32.RegisterClassA 7339138C >77D4016E USER32.AdjustWindowRect 73391390 >77D5A299 USER32.GetTabbedTextExtentA 73391394 >77D5A1DD USER32.TabbedTextOutA 73391398 >77D1D3C5 USER32.FillRect 7339139C >77D1AD9B USER32.CharToOemA 733913A0 >77D5050B USER32.MessageBoxA 733913A4 >77D1A2DE USER32.wsprintfA 733913A8 >77D350CF USER32.WinHelpA 733913AC >77D1D7BB USER32.GetDesktopWindow 733913B0 >77D1B46E USER32.SetRect 733913B4 >77D18FF9 USER32.GetWindowDC 733913B8 >77D1E8CE USER32.DestroyIcon 733913BC >77D34D4A USER32.GetClassInfoA 733913C0 >77D220A2 USER32.AdjustWindowRectEx 733913C4 >77D2375B USER32.GetMenuItemCount 733913C8 >77D3724D USER32.RemoveMenu 733913CC >77D4EF6E USER32.GetMenuStringA 733913D0 >77D6A24B USER32.DdeClientTransaction 733913D4 >77D60DF1 USER32.DdeGetData 733913D8 >77D3F0F1 USER32.GetCaretPos 733913DC >77D3EC6A USER32.CharPrevA 733913E0 >77D3EC40 USER32.CharNextA 733913E4 >77D1CE3B USER32.GetUpdateRgn 733913E8 >77D1BCEC USER32.GetUpdateRect 733913EC >77D1C531 USER32.PtInRect 733913F0 >77D38551 USER32.ChildWindowFromPointEx 733913F4 >77D1C9A4 USER32.ReleaseCapture 733913F8 >77D1C988 USER32.SetCapture 733913FC >77D1C64D USER32.InflateRect 73391400 >77D1B57C USER32.GetWindowRect 73391404 >77D1BF2C USER32.ClientToScreen 73391408 >77D1D515 USER32.MoveWindow 7339140C >77D1C592 USER32.IsWindowEnabled 73391410 >77D1BEF3 USER32.IsChild 73391414 >77D1FDAE USER32.SetParent 73391418 >77D1C48A USER32.IsIconic 7339141C >77D1D420 USER32.IsZoomed 73391420 >77D4F6D4 USER32.DefMDIChildProcA 73391424 >77D402D3 USER32.MessageBeep 73391428 >77D1CEFD USER32.PeekMessageA 7339142C >77D1DB62 USER32.PostMessageA 73391430 >77D3EC98 USER32.LoadStringA 73391434 >77D2716C USER32.AppendMenuA 73391438 >77D1E3A1 USER32.DestroyMenu 7339143C >77D37138 USER32.CreatePopupMenu 73391440 >77D1C210 USER32.GetMessageTime 73391444 >77D1C6E4 USER32.GetMessagePos 73391448 >77D1F623 USER32.DrawFocusRect 7339144C >77D56969 USER32.CopyAcceleratorTableA 73391450 >77D32DD1 USER32.GetWindowRgn 73391454 >77D18D03 USER32.CharUpperA 73391458 >77D1FE8E USER32.TranslateMDISysAccel 7339145C >77D37C72 USER32.SubtractRect 73391460 >77D1C676 USER32.IsRectEmpty 73391464 >77D2019F USER32.InvalidateRgn 73391468 >77D1B49D USER32.InvalidateRect 7339146C >77D1C03D USER32.CopyRect 73391470 >77D1F21D USER32.GetDCEx 73391474 >77D1B3E7 USER32.IntersectRect 73391478 >77D3F50D USER32.LoadAcceleratorsA 7339147C >77D3F117 USER32.BringWindowToTop 73391480 >77D18A58 USER32.GetWindowThreadProcessId 73391484 >77D2674F USER32.AttachThreadInput 73391488 >77D1BDD1 USER32.EqualRect 7339148C >77D1C4D4 USER32.EnableWindow 73391490 >77D1E5DC USER32.SetFocus 73391494 >77D1E2AE USER32.SendMessageA 73391498 >77D402B2 USER32.SetWindowsHookExA 7339149C >77D1E032 USER32.GetClassNameA 733914A0 >77D1E8FA USER32.LoadCursorA 733914A4 >77D1C6A8 USER32.SetCursor 733914A8 >77D1DED3 USER32.SetWindowLongA 733914AC >77D1C298 USER32.GetWindow 733914B0 >77D1C640 USER32.GetFocus 733914B4 >77D1E7B8 USER32.GetSystemMenu 733914B8 >77D1ED6E USER32.CallNextHookEx 733914BC >77D1B5D7 USER32.GetParent 733914C0 >77D1E666 USER32.DestroyWindow 733914C4 >77D1DC5A USER32.SetWindowTextA 733914C8 >77D1C78E USER32.SetWindowPos 733914CC >77D1C064 USER32.UpdateWindow 733914D0 >77D2190B USER32.CreateWindowExA 733914D4 >77D20554 USER32.SystemParametersInfoA 733914D8 >77D194FF USER32.GetCapture 733914DC >77D1C57E USER32.WindowFromPoint 733914E0 >77D1C5B8 USER32.ScreenToClient 733914E4 >77D18C06 USER32.SetTimer 733914E8 >77D1BD8E USER32.IsWindowVisible 733914EC >77D1D4DE USER32.ShowWindow 733914F0 >77D18C1A USER32.KillTimer 733914F4 >77D18697 USER32.GetDC 733914F8 >77D1866D USER32.ReleaseDC 733914FC >77D1B9D7 USER32.MapWindowPoints 73391500 >77D1C566 USER32.GetCursorPos 73391504 >77D1CECD USER32.GetCursor 73391508 >77D1B4D9 USER32.OffsetRect 7339150C >77D1E9A1 USER32.GetIconInfo 73391510 >77D1DF6B USER32.DefWindowProcA 73391514 >77D1B4B1 USER32.BeginPaint 73391518 >77D1B556 USER32.GetClientRect 7339151C >77D1B4C5 USER32.EndPaint 73391520 >77D18E50 USER32.GetSysColor 73391524 >77D1DF1E USER32.GetActiveWindow 73391528 >77D1947C USER32.GetWindowLongA 7339152C >77D57DBC USER32.DdeConnect 73391530 >77D69F4D USER32.DdePostAdvise 73391534 >77D57FBD USER32.DdeDisconnect 73391538 >77D61A43 USER32.DdeCreateStringHandleA 7339153C >77D6A8D1 USER32.DdeSetUserHandle 73391540 >77D38381 USER32.DdeNameService 73391544 >77D61B70 USER32.DdeFreeStringHandle 73391548 >77D5A32A USER32.DdeUninitialize 7339154C >77D5A4EE USER32.DdeInitializeA 73391550 >77D614E2 USER32.DdeFreeDataHandle 73391554 >77D6A74F USER32.DdeQueryConvInfo 73391558 >77D61C96 USER32.DdeQueryStringA 7339155C >77D32420 USER32.DrawFrameControl 73391560 >77D1F6BB USER32.SetScrollRange 73391564 >77D1F780 USER32.SetScrollPos 73391568 >77D1CDED USER32.IsClipboardFormatAvailable 7339156C >77D2F84F USER32.LockWindowUpdate 73391570 >77D3F002 USER32.CharLowerBuffA 73391574 >77D1EEF7 USER32.OpenClipboard 73391578 >77D3FF10 USER32.SetClipboardData 7339157C >77D3FCB2 USER32.GetClipboardData 73391580 >77D3F105 USER32.GetCaretBlinkTime 73391584 >77D3FE82 USER32.EmptyClipboard 73391588 >77D1EEE5 USER32.CloseClipboard 7339158C >77D1CBF7 USER32.CreateCaret 73391590 >77D1CC0B USER32.SetCaretPos 73391594 >77D4EEAB USER32.GetWindowTextLengthA 73391598 >77D1BFB0 USER32.DestroyCaret 7339159C >77D1CB5F USER32.ShowCaret 733915A0 >77D1CB4B USER32.HideCaret 733915A4 >77D35D98 USER32.DrawTextExA 733915A8 >77D1F66F USER32.GetScrollPos 733915AC >77D40345 USER32.GetClipboardFormatNameA 733915B0 >77D21DE0 USER32.SetWindowRgn 733915B4 >77D553F9 USER32.ToAscii 733915B8 >77D23A2F USER32.GetScrollInfo 733915BC >77D35F7A USER32.DestroyAcceleratorTable 733915C0 >77D20142 USER32.ShowScrollBar 733915C4 >77D6AA06 USER32.SetMenuItemInfoA 733915C8 >77D1902C USER32.SetScrollInfo 733915CC >77D238EC USER32.GetMenuItemInfoA 733915D0 >77D3F0B4 USER32.GetQueueStatus 733915D4 >77D1EF49 USER32.SetKeyboardState 733915D8 >77D1EF35 USER32.GetKeyboardState 733915DC >77D64F16 USER32.TrackPopupMenu 733915E0 >77D1FFDD USER32.GetDoubleClickTime 733915E4 >77D3563B USER32.SetWindowContextHelpId 733915E8 >77D1E87B USER32.DeleteMenu 733915EC >77D370EB USER32.SetMenuDefaultItem 733915F0 >77D4F3BC USER32.DrawMenuBar 733915F4 >77D4EEE8 USER32.GetMenuItemID 733915F8 >77D34F9A USER32.InsertMenuA 733915FC >77D2355A USER32.GetSubMenu 73391600 >77D2363F USER32.CreateMenu 73391604 >77D3EABE USER32.GetMenu 73391608 >77D4F116 USER32.SetMenu 7339160C >77D1CDCB USER32.BeginDeferWindowPos 73391610 >77D4EF2B USER32.ModifyMenuA 73391614 >77D2711B USER32.CheckMenuItem 73391618 >77D3EBB0 USER32.PostThreadMessageA 7339161C >77D1CD9F USER32.EndDeferWindowPos 73391620 >77D1CE13 USER32.DeferWindowPos 73391624 >77D401A2 USER32.VkKeyScanA 73391628 >77D3EED5 USER32.CharLowerA 7339162C >77D3749F USER32.GetMenuState 73391630 >77D301EF USER32.DrawIcon 73391634 >77D2760B USER32.IsCharAlphaA 73391638 >77D221AE USER32.LoadIconA 7339163C >77D3557F USER32.GetClassInfoExA 73391640 >77D531BA USER32.CreateAcceleratorTableA 73391644 00000000 73391648 >77EF89AF GDI32.UnrealizeObject 7339164C >77EF9B6C GDI32.CreatePen 73391650 >77EF5C59 GDI32.SetBkColor 73391654 >77EF5FD5 GDI32.CreateSolidBrush 73391658 >77EF6A3B GDI32.DeleteObject 7339165C >77EF5BA7 GDI32.SetTextColor 73391660 >77EFB4D2 GDI32.CreatePatternBrush 73391664 >77EF601F GDI32.CreateBitmap 73391668 >77EF9012 GDI32.ExtTextOutA 7339166C >77EF59A0 GDI32.SelectObject 73391670 >77EF5D0B GDI32.SetBkMode 73391674 >77EF8DB8 GDI32.GetBitmapBits 73391678 >77EF9A82 GDI32.GetObjectA 7339167C >77EFC333 GDI32.GetTextExtentPointA 73391680 >77EFD10C GDI32.CreateFontIndirectA 73391684 >77EFA208 GDI32.CombineRgn 73391688 >77EFA48E GDI32.SetRectRgn 7339168C >77EF75C3 GDI32.CreateRectRgn 73391690 >77EF80CF GDI32.CreateRectRgnIndirect 73391694 >77EF76B1 GDI32.ExtSelectClipRgn 73391698 >77EFA37F GDI32.OffsetRgn 7339169C >77F24EC4 GDI32.PtInRegion 733916A0 >77EF8DD7 GDI32.CreatePalette 733916A4 >77EF82DE GDI32.SelectPalette 733916A8 >77EF78DC GDI32.SelectClipRgn 733916AC >77EF78F7 GDI32.OffsetWindowOrgEx 733916B0 >77EF6899 GDI32.IntersectClipRect 733916B4 >77EF6CA6 GDI32.DeleteDC 733916B8 >77EF6DC0 GDI32.BitBlt 733916BC >77EF7988 GDI32.SetViewportOrgEx 733916C0 >77EF5E10 GDI32.CreateCompatibleDC 733916C4 >77EF6E51 GDI32.CreateCompatibleBitmap 733916C8 >77EF97BE GDI32.RestoreDC 733916CC >77EFBD89 GDI32.RealizePalette 733916D0 >77EFA990 GDI32.SetROP2 733916D4 >77EF9884 GDI32.SaveDC 733916D8 >77EF68E4 GDI32.GetClipBox 733916DC >77EF94AD GDI32.SetWindowOrgEx 733916E0 >77EF8665 GDI32.ExcludeClipRect 733916E4 >77EFD547 GDI32.CreateHalftonePalette 733916E8 >77EFA821 GDI32.GetTextMetricsA 733916EC >77EF86B0 GDI32.PatBlt 733916F0 >77F1B463 GDI32.EnumFontsA 733916F4 >77EF9F44 GDI32.TranslateCharsetInfo 733916F8 >77EFC6A8 GDI32.GetROP2 733916FC >77EF8834 GDI32.SetBrushOrgEx 73391700 >77EF58A2 GDI32.GetDeviceCaps 73391704 >77EF7FA3 GDI32.GetObjectType 73391708 >77F0E923 GDI32.CreatePenIndirect 7339170C >77EFAA29 GDI32.CreateBrushIndirect 73391710 >77EFBACF GDI32.Rectangle 73391714 >77EF5FF1 GDI32.GetStockObject 73391718 >77F2385B GDI32.Arc 7339171C >77EF9D07 GDI32.LineTo 73391720 >77EF9C60 GDI32.MoveToEx 73391724 >77F1BEA4 GDI32.Pie 73391728 >77EFC83B GDI32.Ellipse 7339172C >77EF9D5F GDI32.SetStretchBltMode 73391730 >77EFD35B GDI32.GetPixel 73391734 >77EFD73B GDI32.GetTextExtentPoint32A 73391738 >77EFD4AA GDI32.SetPixelV 7339173C >77EFB8B7 GDI32.StretchDIBits 73391740 >77EF82A1 GDI32.GetCurrentObject 73391744 >77EFC449 GDI32.TextOutA 73391748 >77EF84D4 GDI32.GetBkColor 7339174C >77EFC6FC GDI32.StretchBlt 73391750 >77EFB52C GDI32.CreateDIBitmap 73391754 >77F03F6C GDI32.CloseMetaFile 73391758 >77F0E3B6 GDI32.SetWindowExtEx 7339175C >77F1A025 GDI32.CreateMetaFileA 73391760 >77F05BB1 GDI32.EndDoc 73391764 >77F23412 GDI32.AbortDoc 73391768 >77F06AA6 GDI32.StartPage 7339176C >77F05923 GDI32.EndPage 73391770 >77F245B9 GDI32.StartDocA 73391774 >77EFCE55 GDI32.CreateDCA 73391778 >77F23369 GDI32.ResetDCA 7339177C >77F07FBB GDI32.Escape 73391780 >77F1C352 GDI32.ScaleViewportExtEx 73391784 >77F0E45F GDI32.SetViewportExtEx 73391788 >77EFA8F7 GDI32.SetMapMode 7339178C >77F0E745 GDI32.DeleteMetaFile 73391790 >77F0DFF1 GDI32.PlayMetaFile 73391794 >77F23532 GDI32.SetAbortProc 73391798 >77EFDCC0 GDI32.DeleteEnhMetaFile 7339179C >77F0453F GDI32.PlayEnhMetaFile 733917A0 >77EFCF18 GDI32.CreateICA 733917A4 >77EFDFA3 GDI32.GetEnhMetaFileHeader 733917A8 >77F1C433 GDI32.ScaleWindowExtEx 733917AC >77EFABC8 GDI32.GetWindowOrgEx 733917B0 >77EFCDEF GDI32.GetPaletteEntries 733917B4 >77EF9610 GDI32.CreateDIBSection 733917B8 >77F0B662 GDI32.CloseEnhMetaFile 733917BC >77F0C556 GDI32.CreateEnhMetaFileA 733917C0 >77EF8195 GDI32.LPtoDP 733917C4 >77F231F3 GDI32.EqualRgn 733917C8 >77EFAC3B GDI32.ExtCreateRegion 733917CC >77EF9FC5 GDI32.GetDIBits 733917D0 >77EF9921 GDI32.SetTextAlign 733917D4 >77EF7AB5 GDI32.GetWindowExtEx 733917D8 >77EF7B2D GDI32.GetViewportExtEx 733917DC >77F0433D GDI32.CopyMetaFileA 733917E0 >77F07E70 GDI32.CopyEnhMetaFileA 733917E4 >77F24968 GDI32.PathToRegion 733917E8 >77F04CCB GDI32.EndPath 733917EC >77F04C4B GDI32.BeginPath 733917F0 >77F24911 GDI32.WidenPath 733917F4 >77EF8528 GDI32.GetTextColor 733917F8 >77EFAB59 GDI32.GetMapMode 733917FC >77EFD6AC GDI32.SetDIBColorTable 73391800 >77F1B486 GDI32.RoundRect 73391804 >77F2315A GDI32.CreateEllipticRgnIndirect 73391808 >77F0FF4C GDI32.CreateRoundRectRgn 7339180C >77EFD55B GDI32.GetSystemPaletteEntries 73391810 >77EF8E07 GDI32.GetNearestColor 73391814 >77F233BF GDI32.CreateHatchBrush 73391818 00000000 7339181C >77DB6C22 ADVAPI32.ReportEventA 73391820 >77DA7883 ADVAPI32.RegQueryValueExA 73391824 >77DA6BF0 ADVAPI32.RegCloseKey 73391828 >77DA761B ADVAPI32.RegOpenKeyExA 7339182C >77DCC41B ADVAPI32.RegOpenKeyA 73391830 >77DA77B3 ADVAPI32.SetSecurityDescriptorDacl 73391834 >77DA778E ADVAPI32.InitializeSecurityDescriptor 73391838 >77DCCC10 ADVAPI32.RegQueryValueA 7339183C >77DCC123 ADVAPI32.RegDeleteKeyA 73391840 >77DCCAC3 ADVAPI32.RegEnumKeyA 73391844 >77DAEBE7 ADVAPI32.RegSetValueExA 73391848 >77DCD5BB ADVAPI32.RegCreateKeyA 7339184C >77DB6F49 ADVAPI32.RegSetValueA 73391850 >77DAEDE5 ADVAPI32.RegDeleteValueA 73391854 >77DB6AD0 ADVAPI32.RegisterEventSourceA 73391858 >77DB6943 ADVAPI32.DeregisterEventSource 7339185C >77DCC1B5 ADVAPI32.RegQueryInfoKeyA 73391860 >77DCC8C1 ADVAPI32.RegEnumKeyExA 73391864 >77DCC534 ADVAPI32.AdjustTokenPrivileges 73391868 >77DCD11B ADVAPI32.LookupPrivilegeValueA 7339186C >77DA7753 ADVAPI32.OpenProcessToken 73391870 >77DAD7CC ADVAPI32.RegSetValueExW 73391874 >77DA770F ADVAPI32.RegOpenKeyW 73391878 >77DC9884 ADVAPI32.RegDeleteKeyW 7339187C >77DAEEF1 ADVAPI32.RegDeleteValueW 73391880 >77DAD649 ADVAPI32.RegEnumKeyW 73391884 >77DA8081 ADVAPI32.RegEnumValueW 73391888 >77DBCF4A ADVAPI32.RegEnumValueA 7339188C >77DA6FC8 ADVAPI32.RegQueryValueExW 73391890 >77DC8F7D ADVAPI32.RegCreateKeyW 73391894 00000000 73391898 >76A79919 ole32.OleCreateLinkToFile 7339189C >769A204C ole32.CoTaskMemFree 733918A0 >76A2C3E3 ole32.BindMoniker 733918A4 >769BB899 ole32.CoLockObjectExternal 733918A8 >769A4F91 ole32.RegisterDragDrop 733918AC >769A5051 ole32.RevokeDragDrop 733918B0 >76A7FB0A ole32.DoDragDrop 733918B4 >769CEA61 ole32.CreateILockBytesOnHGlobal 733918B8 >76A2A529 ole32.OleFlushClipboard 733918BC >76A2A379 ole32.OleIsCurrentClipboard 733918C0 >76A28712 ole32.OleCreateMenuDescriptor 733918C4 >76A289AC ole32.OleDestroyMenuDescriptor 733918C8 >76A28404 ole32.OleTranslateAccelerator 733918CC >769C5EC4 ole32.CreateDataAdviseHolder 733918D0 >769C89BA ole32.CreateOleAdviseHolder 733918D4 >769F1BFC ole32.CoRegisterClassObject 733918D8 >769D431A ole32.CoRevokeClassObject 733918DC >76A048A4 ole32.CLSIDFromString 733918E0 >76A27152 ole32.OleDoAutoConvert 733918E4 >76A25979 ole32.OleRegGetUserType 733918E8 >769EE30E ole32.OleSaveToStream 733918EC >769B3D0C ole32.ReadClassStg 733918F0 >769C8D37 ole32.ReadClassStm 733918F4 >76A88C63 ole32.OleConvertIStorageToOLESTREAM 733918F8 >76A88FA7 ole32.OleConvertOLESTREAMToIStorage 733918FC >76A8B6CA ole32.StgIsStorageILockBytes 73391900 >76A8B375 ole32.StgOpenStorageOnILockBytes 73391904 >769CEB91 ole32.StgCreateDocfileOnILockBytes 73391908 >76A2BB84 ole32.OleCreateFromData 7339190C >769C63D2 ole32.OleCreateLinkFromData 73391910 >76A82633 ole32.OleGetIconOfClass 73391914 >769DCADE ole32.OleGetClipboard 73391918 >769D4703 ole32.OleSetClipboard 7339191C >76A798CE ole32.OleCreateLink 73391920 >769A2068 ole32.CoTaskMemAlloc 73391924 >769C5B74 ole32.OleGetAutoConvert 73391928 >76A79964 ole32.OleCreateFromFile 7339192C >769A7485 ole32.CoMarshalInterface 73391930 >769E8BAF ole32.CoUnmarshalInterface 73391934 >769A974A ole32.CreateStreamOnHGlobal 73391938 >769E0F0D ole32.StringFromCLSID 7339193C >769A2CFA ole32.StringFromGUID2 73391940 >769F29DD ole32.CLSIDFromProgID 73391944 >769E09EE ole32.ProgIDFromCLSID 73391948 >769EF356 ole32.CoGetClassObject 7339194C >769D6009 ole32.CoCreateInstance 73391950 >769CABC1 ole32.MkParseDisplayName 73391954 >769F54D2 ole32.CoIsOle1Class 73391958 >769DD032 ole32.OleQueryLinkFromData 7339195C >769DD064 ole32.OleQueryCreateFromData 73391960 >76A2E51F ole32.GetClassFile 73391964 >769A471B ole32.CreateBindCtx 73391968 >76A78720 ole32.OleDuplicateData 7339196C >769D57F7 ole32.ReleaseStgMedium 73391970 >769F3FB3 ole32.OleSetMenuDescriptor 73391974 >76A02DA0 ole32.CoRegisterMessageFilter 73391978 >769D9539 ole32.OleUninitialize 7339197C >769D949B ole32.OleInitialize 73391980 >769A3053 ole32.CoGetMalloc 73391984 >769C4E33 ole32.OleRegGetMiscStatus 73391988 >769A42A9 ole32.CoCreateGuid 7339198C >76A0114D ole32.IIDFromString 73391990 >769DD1E0 ole32.CoFreeUnusedLibraries 73391994 >769BDD69 ole32.CoDisconnectObject 73391998 >76A2825B ole32.IsAccelerator 7339199C >769C40E7 ole32.OleIsRunning 733919A0 >769F404F ole32.OleRun 733919A4 >76A77FFC ole32.OleLockRunning 733919A8 >769B3A42 ole32.StgCreateDocfile 733919AC >769B3CE2 ole32.WriteClassStg 733919B0 >769CA19E ole32.OleSave 733919B4 >769AAE59 ole32.StgOpenStorage 733919B8 >76A27C9D ole32.OleLoad 733919BC 00000000 733919C0 >77157777 OLEAUT32.OleCreatePropertyFrame 733919C4 >7711BBB4 OLEAUT32.OleTranslateColor 733919C8 >770F4C3B OLEAUT32.SysStringLen 733919CC >770F48C0 OLEAUT32.VariantClear 733919D0 >770F4BC2 OLEAUT32.SysAllocString 733919D4 >770F4920 OLEAUT32.VariantInit 733919D8 >7711A594 OLEAUT32.OleCreateFontIndirect 733919DC >7711A08A OLEAUT32.OleCreatePictureIndirect 733919E0 >770F4850 OLEAUT32.SysFreeString 733919E4 >7711CCC7 OLEAUT32.OaBuildVersion 733919E8 >770F4B59 OLEAUT32.SysAllocStringLen 733919EC >770F4C55 OLEAUT32.SysAllocStringByteLen 733919F0 >770F71A2 OLEAUT32.SetErrorInfo 733919F4 >770FB577 OLEAUT32.CreateErrorInfo 733919F8 >770F66D9 OLEAUT32.VariantChangeType 733919FC >77134C1A OLEAUT32.DispGetParam 73391A00 >770FA62D OLEAUT32.LoadTypeLib 73391A04 >7711CAC3 OLEAUT32.GetErrorInfo 73391A08 >770FE526 OLEAUT32.LoadRegTypeLib 73391A0C >7710A5C5 OLEAUT32.RegisterTypeLib 73391A10 >770F4CA8 OLEAUT32.SysStringByteLen 73391A14 >7715D3ED OLEAUT32.UnRegisterTypeLib 73391A18 >770FB8DC OLEAUT32.LHashValOfNameSys 73391A1C >770F9BE2 OLEAUT32.LoadTypeLibEx 73391A20 >770F5010 OLEAUT32.SafeArrayAccessData 73391A24 >7711D498 OLEAUT32.SafeArrayGetElemsize 73391A28 >770F503F OLEAUT32.SafeArrayUnaccessData 73391A2C >7711C2E9 OLEAUT32.SafeArrayCreate 73391A30 >77155D80 OLEAUT32.OleLoadPicture 73391A34 >770F4E82 OLEAUT32.SafeArrayGetDim 73391A38 >7711D295 OLEAUT32.VariantCopy 73391A3C >7711D348 OLEAUT32.VariantCopyInd 73391A40 >770F4E9A OLEAUT32.SafeArrayDestroy 73391A44 >770F65C4 OLEAUT32.VariantChangeTypeEx 73391A48 >771345F7 OLEAUT32.CreateDispTypeInfo 73391A4C >77110E56 OLEAUT32.SafeArrayDestroyData 73391A50 >77134C85 OLEAUT32.DispInvoke 73391A54 >770F504F OLEAUT32.SafeArrayGetUBound 73391A58 >77134C65 OLEAUT32.DispGetIDsOfNames 73391A5C >7711C427 OLEAUT32.SafeArrayGetElement 73391A60 >7711C4CD OLEAUT32.SafeArrayPutElement 73391A64 >770F509B OLEAUT32.SafeArrayGetLBound 73391A68 >77104215 OLEAUT32.SafeArrayCopy 73391A6C >77155167 OLEAUT32.OleIconToCursor 73391A70 >7711C5DB OLEAUT32.SafeArrayRedim 73391A74 >7713990E OLEAUT32.SafeArrayAllocDescriptor 73391A78 >770FB5A5 OLEAUT32.SafeArrayDestroyDescriptor 73391A7C >7711C039 OLEAUT32.RevokeActiveObject 73391A80 >770F4DA0 OLEAUT32.SafeArrayLock 73391A84 >770F4DCD OLEAUT32.SafeArrayUnlock 73391A88 >7711C274 OLEAUT32.SafeArrayAllocData 73391A8C >7711C99D OLEAUT32.SysReAllocStringLen 73391A90 >77135515 OLEAUT32.GetActiveObject 73391A94 >7713DA1F OLEAUT32.VarDateFromStr 73391A98 >7711D9A1 OLEAUT32.VarCyFromI4 73391A9C >77102122 OLEAUT32.VarR8FromStr 73391AA0 >7711C780 OLEAUT32.VarBstrFromI4 73391AA4 >7711CBE8 OLEAUT32.VarBstrFromR4 73391AA8 >7711CB58 OLEAUT32.VarBstrFromI2 73391AAC >77118D74 OLEAUT32.VarBstrFromDate 73391AB0 >771337A3 OLEAUT32.VarBstrFromCy 73391AB4 >77100811 OLEAUT32.VarBstrFromR8 73391AB8 >7711B856 OLEAUT32.VarI4FromStr 73391ABC >7710FE2D OLEAUT32.VarI4FromR8 73391AC0 >7711BE82 OLEAUT32.VarI2FromStr 73391AC4 >771325C8 OLEAUT32.VarCyFromStr 73391AC8 >7711B9FC OLEAUT32.VarR4FromStr 73391ACC >770F92ED OLEAUT32.LHashValOfNameSysA 73391AD0 >770FBFFC OLEAUT32.SysReAllocString 73391AD4 00000000 73391AD8 >8B565553 73391ADC 85142474 73391AE0 01B857F6 73391AE4 75000000 上面是我用OD 查找的IAT IAT 的起始地址为73391000 -73391ADO 那大小填00000AD0 RVA植填多少呢 |
|
PECompact 2.x -> Jeremy Collake 脱壳遇到难题
函数全部是无效的.难道全部CUT掉??? |
|
|
|
ASPACK脱壳+暗桩(求助)
不脱壳我用W32DSM 什么都查不到 |
|
郁闷 PECompact 2.x -> Jeremy Collake 脱壳
好的... 多谢FLY 大哥指教... |
|
郁闷 PECompact 2.x -> Jeremy Collake 脱壳
我还一个文件就是用OD直接转存的为什么好的很.. 我是用同样的方法脱的壳,一个可以直接运行.一个却要修复才能..........很郁闷 |
|
郁闷 PECompact 2.x -> Jeremy Collake 脱壳
我把传到我论坛上去了 帐号: 杏仁眼 密码: mingren123 不能运行的程序用OD 转存后OD 就死掉了 [09-21] 暂时存放 http://www.3boys.cn/bbs/viewthread.php?tid=17580 |
|
ASPACK脱壳+暗桩(求助)
看了laomms 的自校检 的文章以后略微明白了一点. 于是我试着按第一种方式跟,发现脱壳和未脱壳的OEP处代码不一样(未脱壳的OEP处代码没有分析完) 我按第二种方法 找退出函数 ExitProcess 有看到 但是设断点没有反应. 我把代码贴出来.望有人指点一下 00401000 >/$ E8 06000000 call 0040100B 00401005 |. 50 push eax ; /ExitCode 00401006 \. E8 BB010000 call <jmp.&kernel32.ExitProcess> ; \ExitProcess /退出函数/ 0040100B /$ 55 push ebp 0040100C |. 8BEC mov ebp, esp 0040100E |. 81C4 F0FEFFFF add esp, -110 00401014 E9 83000000 jmp 0040109C 00401019 |. 6B 72 6E 6C 6>ascii "krnln.fnr",0 00401023 |. 6B 72 6E 6C 6>ascii "krnln.fne",0 0040102D |. 47 65 74 4E 6>ascii "GetNewSock",0 00401038 |. 53 6F 66 74 7>ascii "Software\FlySky\" 00401048 |. 45 5C 49 6E 7>ascii "E\Install",0 00401052 |. 50 61 74 68 0>ascii "Path",0 00401057 |. 4E 6F 74 20 6>ascii "Not found the ke" 00401067 |. 72 6E 65 6C 2>ascii "rnel library or " 00401077 |. 74 68 65 20 6>ascii "the kernel libra" 00401087 |. 72 79 20 69 7>ascii "ry is invalid!",0 00401096 |. 45 72 72 6F 7>ascii "Error",0 0040109C |> 8D85 FCFEFFFF lea eax, [ebp-104] 004010A2 |. 50 push eax 004010A3 |. E8 44010000 call 004011EC 004010A8 |. 68 19104000 push 00401019 ; /String2 = "krnln.fnr" 004010AD |. 8D85 FCFEFFFF lea eax, [ebp-104] ; | 004010B3 |. 50 push eax ; |String1 004010B4 |. E8 25010000 call <jmp.&kernel32.lstrcat> ; \lstrcat 004010B9 |. 50 push eax ; /FileName 004010BA |. E8 19010000 call <jmp.&kernel32.LoadLibraryA> ; \LoadLibraryA 004010BF |. 85C0 test eax, eax 004010C1 0F85 9E000000 jnz 00401165 004010C7 |. 8D85 F4FEFFFF lea eax, [ebp-10C] 004010CD |. 50 push eax ; /pHandle 004010CE |. 68 19000200 push 20019 ; |Access = KEY_READ 004010D3 |. 6A 00 push 0 ; |Reserved = 0 004010D5 |. 68 38104000 push 00401038 ; |Subkey = "Software\FlySky\E\Install" 004010DA |. 68 01000080 push 80000001 ; |hKey = HKEY_CURRENT_USER 004010DF |. E8 36010000 call <jmp.&advapi32.RegOpenKeyExA> ; \RegOpenKeyExA 004010E4 |. 83F8 00 cmp eax, 0 004010E7 0F85 B8000000 jnz 004011A5 004010ED |. C785 F0FEFFFF>mov dword ptr [ebp-110], 103 004010F7 |. 8D85 F0FEFFFF lea eax, [ebp-110] 004010FD |. 50 push eax ; /pBufSize 004010FE |. 8D85 FCFEFFFF lea eax, [ebp-104] ; | 00401104 |. 50 push eax ; |Buffer 00401105 |. 6A 00 push 0 ; |pValueType = NULL 00401107 |. 6A 00 push 0 ; |Reserved = NULL 00401109 |. 68 52104000 push 00401052 ; |ValueName = "Path" 0040110E |. FFB5 F4FEFFFF push dword ptr [ebp-10C] ; |hKey 00401114 |. E8 07010000 call <jmp.&advapi32.RegQueryValueExA> ; \RegQueryValueExA 00401119 |. 50 push eax 0040111A |. FFB5 F4FEFFFF push dword ptr [ebp-10C] ; /hKey 00401120 |. E8 EF000000 call <jmp.&advapi32.RegCloseKey> ; \RegCloseKey 00401125 |. 58 pop eax 00401126 |. 83F8 00 cmp eax, 0 00401129 75 7A jnz short 004011A5 0040112B |. 8D85 FCFEFFFF lea eax, [ebp-104] 00401131 |. 50 push eax ; /String 00401132 |. E8 AD000000 call <jmp.&kernel32.lstrlen> ; \lstrlenA 00401137 |. 8D9D FCFEFFFF lea ebx, [ebp-104] 0040113D |. 03D8 add ebx, eax 0040113F |. 4B dec ebx 00401140 |. 803B 5C cmp byte ptr [ebx], 5C 00401143 |. 74 05 je short 0040114A 00401145 |. 66:C703 5C00 mov word ptr [ebx], 5C 0040114A |> 68 23104000 push 00401023 ; /String2 = "krnln.fne" 0040114F |. 8D85 FCFEFFFF lea eax, [ebp-104] ; | 00401155 |. 50 push eax ; |String1 00401156 |. E8 83000000 call <jmp.&kernel32.lstrcat> ; \lstrcat 0040115B |. 50 push eax ; /FileName 0040115C |. E8 77000000 call <jmp.&kernel32.LoadLibraryA> ; \LoadLibraryA 00401161 |. 85C0 test eax, eax 00401163 |. 74 40 je short 004011A5 00401165 |> 8985 F8FEFFFF mov [ebp-108], eax 0040116B |. 68 2D104000 push 0040102D ; /ProcNameOrOrdinal = "GetNewSock" 00401170 |. 50 push eax ; |hModule 00401171 |. E8 5C000000 call <jmp.&kernel32.GetProcAddress> ; \GetProcAddress 00401176 |. 85C0 test eax, eax 00401178 |. 74 20 je short 0040119A 0040117A |. 68 E8030000 push 3E8 0040117F |. FFD0 call eax 00401181 |. 85C0 test eax, eax 00401183 |. 74 15 je short 0040119A 00401185 |. E8 00000000 call 0040118A 0040118A |$ 810424 761E00>add dword ptr [esp], 1E76 00401191 |. FFD0 call eax 00401193 |. 6A 00 push 0 ; /ExitCode = 0 00401195 |. E8 2C000000 call <jmp.&kernel32.ExitProcess> ; \ExitProcess /退出函数,我设断点的地方/ 0040119A |> FFB5 F8FEFFFF push dword ptr [ebp-108] ; /hLibModule 004011A0 |. E8 27000000 call <jmp.&kernel32.FreeLibrary> ; \FreeLibrary 004011A5 |> 6A 10 push 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL 004011A7 |. 68 96104000 push 00401096 ; |Title = "Error" 004011AC |. 68 57104000 push 00401057 ; |Text = "Not found the kernel library or the kernel library is invalid!" 004011B1 |. 6A 00 push 0 ; |hOwner = NULL 004011B3 |. E8 08000000 call <jmp.&user32.MessageBoxA> ; \MessageBoxA 004011B8 |. B8 FFFFFFFF mov eax, -1 004011BD |. C9 leave 004011BE \. C3 retn 004011BF CC int3 004011C0 $- FF25 30B04F00 jmp [<&user32.MessageBoxA>] ; user32.MessageBoxA 004011C6 .- FF25 1CB04F00 jmp [<&kernel32.ExitProcess>] ; kernel32.ExitProcess 004011CC $- FF25 10B04F00 jmp [<&kernel32.FreeLibrary>] ; kernel32.FreeLibrary 004011D2 $- FF25 24B04F00 jmp [<&kernel32.GetProcAddress>] ; kernel32.GetProcAddress 004011D8 $- FF25 20B04F00 jmp [<&kernel32.LoadLibraryA>] ; kernel32.LoadLibraryA 004011DE $- FF25 14B04F00 jmp [<&kernel32.lstrcat>] ; kernel32.lstrcatA 004011E4 $- FF25 28B04F00 jmp [<&kernel32.lstrlen>] ; kernel32.lstrlenA 004011EA CC int3 004011EB CC int3 004011EC /$ 55 push ebp 004011ED |. 8BEC mov ebp, esp 004011EF |. 68 80000000 push 80 ; /BufSize = 80 (128.) 004011F4 |. FF75 08 push dword ptr [ebp+8] ; |PathBuffer 004011F7 |. 6A 00 push 0 ; |hModule = NULL 004011F9 |. E8 28000000 call <jmp.&kernel32.GetModuleFileName>; \GetModuleFileNameA 004011FE |. 8B4D 08 mov ecx, [ebp+8] 00401201 |. 8D4C08 FA lea ecx, [eax+ecx-6] 00401205 |> 8A01 mov al, [ecx] 00401207 |. 49 dec ecx 00401208 |. 3C 5C cmp al, 5C 0040120A |.^ 75 F9 jnz short 00401205 0040120C |. C641 02 00 mov byte ptr [ecx+2], 0 00401210 |. C9 leave 00401211 \. C2 0400 retn 4 00401214 $- FF25 04B04F00 jmp [<&advapi32.RegCloseKey>] ; advapi32.RegCloseKey 0040121A $- FF25 08B04F00 jmp [<&advapi32.RegOpenKeyExA>] ; advapi32.RegOpenKeyExA 00401220 $- FF25 00B04F00 jmp [<&advapi32.RegQueryValueExA>] ; advapi32.RegQueryValueExA 00401226 $- FF25 18B04F00 jmp [<&kernel32.GetModuleFileNameA>] ; kernel32.GetModuleFileNameA |
|
郁闷 PECompact 2.x -> Jeremy Collake 脱壳
不会的..输入表的函数都是正常的.. 转存文件也正常 还有一个问题就是.我刚刚把这个文件重新脱了一便.OD直接转存就可以运行 不知道怎么回事.碰运气.... |
|
[求助]用OllyDBG载入程序,按运行,程序没有运行,请指点一下
shift+F9 多按几次。程序里面加了结构化异常处理SEH 多按几次。按到运行 |
|
有关vb爆破
最好用OD 载入,或者用WDASM 载入。查找注册信息。找关键跳转 |
|
软件用PRODUMP脱去一层UPX壳之后,用PEID看还有一层UPX壳,怎么办呀?
要不脱壳没成功。要不多层壳。继续脱 |
|
DBPE 2.x -> Ding Boy [Overlay] 脱壳 (求助)
附加数据???? 我查查资料看看 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值