|
[原创]逆向NP之注入npggNT.des
//根据上面的分析结果,再给各位看官贴一小小段的代码,NP版本800,910,950测试通过 void Guess() { DWORD dwOldProtect; BYTE bBuffer[2]={0,0}; DWORD dwAddress; HANDLE hKernel=GetModuleHandle("kernel32.dll"); dwAddress=(DWORD)hKernel+0x2F58;//系统版本XPSP2,中文 VirtualProtect((LPVOID)dwAddress,2,PAGE_READWRITE,&dwOldProtect); if(WriteProcessMemory(GetCurrentProcess(),(LPVOID)dwAddress,bBuffer,2,NULL)){ MessageBox(NULL,"Modify ok","Modify",MB_OK); }else{ MessageBox(NULL,"Modify error",NULL,MB_OK); } VirtualProtect((LPVOID)dwAddress,2,dwOldProtect,NULL); } //聪明的你应该猜出这是干什么的吧? //声明:这段代码可能会产生严重的后果,特别是有全局系统钩子到处钩的时候,哈哈,幸好NP的注入代码里面有个SEH,要不会死得很难看 |
|
[原创]逆向NP之注入npggNT.des
苦干了两天,现在最想干的事就是好好睡一觉。 |
|
|
|
请教问题,如何改变exe文件的标题。
这里是修改窗体标题的程序跟源代码 希望对你有帮助 |
|
查找窗口问题
把软件中判断DLL的地方去掉,或者HOOK 软件关闭进程的系统函数,让它关不了 |
|
|
|
[求助]后台程序编写
这种问题应该到WIN32/WIN64中问 给一个HELLOWORLD代码你看看 #include<windows.h> LRESULT CALLBACK WndProc(HWND,UINT,WPARAM,LPARAM); //////////////////////////////////////////////// int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance, LPSTR lpCmdLine,int iCmdShow) { static TCHAR szAppName[]=TEXT("HelloWorld"); HWND hwnd; MSG msg; WNDCLASS wndclass; wndclass.style=CS_HREDRAW|CS_VREDRAW; wndclass.lpfnWndProc=WndProc; wndclass.cbClsExtra=0; wndclass.cbWndExtra=0; wndclass.hInstance=hInstance; wndclass.hIcon=LoadIcon(NULL,IDI_APPLICATION); wndclass.hCursor=LoadCursor(NULL,IDC_ARROW); wndclass.hbrBackground=(HBRUSH)GetStockObject(WHITE_BRUSH); wndclass.lpszMenuName=NULL; wndclass.lpszClassName=szAppName; if(!RegisterClass(&wndclass)) { MessageBox(NULL,TEXT("This program require Windows NT!"),szAppName, MB_ICONERROR); return 0; } hwnd=CreateWindow(szAppName,//窗口类名称,与上面要相同,否则窗口无法显示,但程序仍然运行(进程显示名) TEXT("CrackR2"),//窗口显示的名称,别的程序可以修改(应用程序显示名)。 WS_OVERLAPPEDWINDOW,//窗口类型-参考WINUSER.H CW_USEDEFAULT,//X坐标 CW_USEDEFAULT,//Y坐标 CW_USEDEFAULT,//水平宽度 CW_USEDEFAULT,//垂直高度 NULL,//父窗口句柄 NULL,//菜单句柄 hInstance,//程序实例句柄 NULL);//创建参数 ShowWindow(hwnd,SW_HIDE);//SW_SHOW的话就正常显示 UpdateWindow(hwnd); while (GetMessage(&msg,0,0,0)) { TranslateMessage(&msg); DispatchMessage(&msg); } return msg.wParam; } //////////////////////////////////////////////////////// LRESULT CALLBACK WndProc(HWND hwnd, UINT message,WPARAM wParam,LPARAM lParam) { switch(message) { case WM_DESTROY: PostQuitMessage(0); } return DefWindowProc(hwnd,message,wParam,lParam); } |
|
[讨论]远程线程注入导致程序速度慢的原因
应该是你的编码问题.把你的代码拿来看看.这样凭空很难解释 |
|
[讨论]如何为DLL进行HOOK?以拦截DLL的返回值,将返回值修改这自己所需要的值。
Hook这个DLL函数的方法跟HOOK系统函数的方法一样.但问题是你知道你要HOOK的函数的情况么?包括参数个数,参数类型,返回值类型这些.不清楚的话,你怎么写自己的替换函数?? |
|
关于nprotect问题
不知道NP是如何监视有新进程启动,是通过定时检测还是通过 NP是在驱动层拦截了CreateProcess,在用户层无论你是怎么启动一个程序,它都能知道,并往里面注入监视模块(npggNT.des).注入之后NP进程不再做任何检查,只让监视模块发挥作用.如果在游戏进行过程中意外关闭了GameMon.des进程(虽然很难,我试过)的话,游戏在几分钟内退出,而你再也无法启动任何程序.因为NP拦截的CreateProcess还没有恢复,你只能重启电脑 |
|
关于nprotect问题
那个通用的逃NP监视程序我已经做出来了,可以保护任何进程在RING3层不受NP干扰.其实一点也不难,更说不上什么高深技术.要用到的麻烦一点的无非是API HOOK,系统钩子,远程注入,网上这方面知识介绍也很多.不过现在权限不够,连贴一张图都不行.等什么时候可以上传附件我就把我的研究经历跟大家分享吧. 现在我能作到的就是在RING3层进入GameMon.des进程(已经隐藏了的哦),HOOK 它的API,分析它的内存.不过还没分析到什么结果.哎...汇编正在学,驱动还不会,学好这两样的话,要完全破解它也不是什么不可能的事 |
|
禁止使用WPE,禁止使用GameExport,软件如何实现的?
估计又是NProtect GameGuard的问题,这年头怎么搞这方面的人这么多呢 |
|
|
|
关于nprotect问题
feiproxy //////////////// 我看你还是挺辛苦的,方法我不是已经说了么?用我说的方法,做一个DLL注入到OD里面去,在RING3层NP就干扰不了OD了,可以随便你调试什么挂了.怎么可以总是等现成的作品?估计你的编程水平一般,哎..那有什么办法呢? 不过不要埋怨看雪没高手,看雪的高人多哪,看肯不肯出手而已。 |
|
关于NProtect Gameguard?
0x001523C0: \x01\xf8\x4d\x34\xb9\x34\x65\x5a\x3e\x44\xdc\x1e\xa9\xb5\xd6\x78\x23\xcc\x0d\xf9\x4c\x90\x05\x98 0x001523D8: \x01\xf8\x4d\x3a\xb9\x36\x75\x31\x66\x1d\x88\x42\xa9\x86\xda\x30\x20\x92\x0d\xa1\x1a\x84\x47\x98\x11\xad\xad\x28\x49\x44 0x001523E1: F 0x0015CB08: \x01\xf8\x4d\x3a\xb9\x36\x75\x31\x66\x1d\x88\x42\xa9\x86\xda\x30\x20\x92\x0d\xa1\x1a\x84\x47\x98\x11\xad\xad\x28\x49\x44 //好象是传说中的Shellcode??望高人指点 //另外游戏进程用CreateProcess启动GameMon.des,在其中的Command参数也是传了一串这东西,我看不懂 |
|
关于NProtect Gameguard?
//这是我在GameMon.des内存里找到的字符串,留着没用,大家研究一下吧 0x00120970: WINTRUST.dll 0x0012097F: Z?Secur32.dll 0x001209A3: ( 0x001209B8: WinVerifyTrust 0x001209BA: R 0x001209D5: LsaDeregisterLogonProcess 0x001209E4: LsaLogonUser 0x001209E6: c 0x001209F6: GetUserNameExW 0x001209F8: r 0x00120A08: GetUserNameExA 0x00120A0A: r 0x00120A1F: LsaFreeReturnBuffer 0x00120A40: LsaLookupAuthenticationPackage 0x00120A57: LsaConnectUntrusted 0x00120AB1: ntdll.dll 0x00120ABE: KERNEL32.dll 0x00120ACA: RPCRT4.dll 0x0012118F: " RtlExpandEnvironmentStrings_U 0x001211AB: RtlDuplicateUnicodeString 0x001211C4: ?RtlCreateUnicodeString 0x001211C7: ? 0x001211E1: NtQueryInformationProcess 0x001211E3: ? 0x001211EE: NtQueryKey 0x00121203: , RtlStringFromGUID 0x00121222: ?RtlDeleteElementGenericTable 0x00121242: ?RtlInsertElementGenericTable 0x0012125E: RtlInitializeHandleTable 0x00121277: ?RtlDestroyHandleTable 0x00121279: ? 0x00121288: NtEnumerateKey 0x001212A5: ?RtlIntegerToUnicodeString 0x001212C0: ?RtlAppendUnicodeToString 0x001212DF: < RtlFormatCurrentUserKeyPath 0x001212FB: } RtlInitializeGenericTable 0x0012131B: ?RtlNumberGenericTableElements 0x0012133A: ?RtlLookupElementGenericTable 0x00121354: ?RtlQueryRegistryValues 0x00121369: G RtlGUIDFromString 0x00121380: S RtlUpcaseUnicodeChar 0x001213A0: NtQueryVolumeInformationFile 0x001213BA: ?RtlPrefixUnicodeString 0x001213BD: ? 0x001213D7: NtQuerySymbolicLinkObject 0x001213D9: ? 0x001213F2: NtOpenSymbolicLinkObject 0x00121413: ?RtlDetermineDosPathNameType_U 0x00121415: ? 0x0012142C: NtQueryInformationFile 0x00121444: U RtlGetFullPathName_U 0x00121450: ! wcstombs 0x0012145C: ?mbstowcs 0x00121465: ?_ftol 0x00121472: . NtSetEvent 0x00121475: ? 0x0012148F: NtQueryPerformanceCounter 0x00121498: wcscmp 0x001214B4: b NtWaitForMultipleObjects 0x001214CE: ?RtlIsGenericTableEmpty 0x001214D1: q 0x001214DF: NtCreateEvent 0x001214EF: ?RtlCreateHeap 0x00121500: ?RtlDestroyHeap 0x00121503: _ 0x0012151B: NtAllocateVirtualMemory 0x00121537: ; RtlFlushSecureMemoryCache 0x00121539: ? 0x0012154D: NtFreeVirtualMemory 0x0012154F: s 0x0012155C: NtCreateFile 0x0012155F: ? 0x00121578: NtQueryInformationThread 0x00121587: f NtWriteFile 0x001215A4: ?RtlDestroyQueryDebugBuffer 0x001215C7: ?RtlQueryProcessDebugInformation 0x001215E3: ?RtlCreateQueryDebugBuffer 0x001215E5: ? 0x001215F3: NtOpenProcess 0x00121600: NtReadFile 0x00121603: ? 0x00121616: NtFlushBuffersFile 0x0012162E: 3 NtSetInformationFile 0x00121631: 0x0012163E: CsrNewThread 0x00121641: f 0x0012164E: NtClearEvent 0x00121664: NtReleaseSemaphore 0x00121667: ? 0x00121679: NtCreateSemaphore 0x0012167B: ? 0x0012168E: NtPowerInformation 0x001216A8: w RtlInitUnicodeStringEx 0x001216C2: K RtlUnicodeToMultiByteN 0x001216C5: ? 0x001216D7: NtNotifyChangeKey 0x001216F0: 6 NtSetInformationObject 0x001216F3: ? 0x00121705: NtDuplicateObject 0x0012170D: ?_itow 0x0012170F: ? 0x00121720: NtDeleteValueKey 0x00121723: ? 0x00121737: NtEnumerateValueKey 0x00121753: 4 RtlTimeToSecondsSince1970 0x0012175F: R RtlUnwind 0x00121776: NtQueryVirtualMemory 0x001217A1: RtlEnumerateGenericTableWithoutSplaying 0x001217A3: j 0x001217B3: NtCompareTokens 0x001217C3: ? RtlFreeHandle 0x001217DB: ?RtlIsValidIndexHandle 0x001217EF: ?RtlAllocateHandle 0x001217FD: ?_vsnwprintf 0x00121819: G RtlUnicodeStringToInteger 0x00121823: wcsncmp 0x0012183B: ?RtlMakeSelfRelativeSD 0x00121851: _ RtlGetNtProductType 0x00121865: NtQuerySystemTime 0x00121871: ?RtlRandom 0x0012188B: ?RtlCompareUnicodeString 0x001218A9: | RtlxUnicodeStringToAnsiSize 0x001218CA: ?RtlAppendUnicodeStringToString 0x001218E3: c NtWaitForSingleObject 0x001218F6: ?RtlCompareMemory 0x001218F9: ? 0x0012190F: NtDeviceIoControlFile 0x00121919: wcsrchr 0x00121927: ?RtlCopyLuid 0x0012193A: l RtlImageNtHeader 0x00121944: ?_ultow 0x00121947: L 0x00121958: NlsMbCodePageTag 0x00121977: z RtlxAnsiStringToUnicodeSize 0x00121990: ?RtlMultiByteToUnicodeN 0x0012199A: strstr 0x001219A4: ?strchr 0x001219AF: tolower 0x001219BB: ?_wcsnicmp 0x001219C5: wcsncpy 0x001219CE: wcstol 0x001219D9: " wcstoul 0x001219E4: ?iswctype 0x00121A04: ?RtlConvertSidToUnicodeString 0x00121A07: 0x00121A10: DbgPrint 0x00121A1D: ?_strnicmp 0x00121A31: > RtlFreeAnsiString 0x00121A54: ?RtlCreateUnicodeStringFromAsciiz 0x00121A5C: ?atol 0x00121A5F: ? 0x00121A78: NtQuerySystemInformation 0x00121A83: ?_chkstk 0x00121A98: T NtTerminateProcess 0x00121AAE: ?RtlAdjustPrivilege 0x00121AC9: 7 NtSetInformationProcess 0x00121AD3: strncpy 0x00121AF7: W RtlUpcaseUnicodeStringToOemString 0x00121B11: RtlEnterCriticalSection 0x00121B2B: ?RtlLeaveCriticalSection 0x00121B3B: u RtlInitString 0x00121B4E: ?RtlIsTextUnicode 0x00121B5A: ?_stricmp 0x00121B5D: ? 0x00121B69: NtDeleteKey 0x00121B7B: NtQueryValueKey 0x00121B8B: J NtSetValueKey 0x00121B96: ?_wcsicmp 0x00121BA1: ?_wcslwr 0x00121BAA: ? wcsstr 0x00121BB4: wcschr 0x00121BC0: swprintf 0x00121BD6: ?RtlOpenCurrentUser 0x00121BD9: ? 0x00121BE3: NtOpenKey 0x00121BE5: w 0x00121BF1: NtCreateKey 0x00121C15: RtlSetSecurityDescriptorRMControl 0x00121C39: d RtlGetSecurityDescriptorRMControl 0x00121C58: RtlSelfRelativeToAbsoluteSD2 0x00121C5B: ? 0x00121C69: NtFilterToken 0x00121C73: ?sprintf 0x00121C75: ? 0x00121C91: NtImpersonateAnonymousToken 0x00121C9B: ?memmove 0x00121CBA: E RtlUnicodeStringToAnsiString 0x00121CD7: L RtlUnicodeToMultiByteSize 0x00121CEE: ?RtlCopyUnicodeString 0x00121D08: 8 NtSetInformationThread 0x00121D1E: o RtlImpersonateSelf 0x00121D21: ? 0x00121D31: NtFsControlFile 0x00121D33: ? 0x00121D49: NtQuerySecurityObject 0x00121D67: ?RtlOemStringToUnicodeString 0x00121D69: ? 0x00121D74: NtOpenFile 0x00121D8B: @ NtSetSecurityObject 0x00121D8D: g 0x00121D95: NtClose 0x00121DB3: RtlSelfRelativeToAbsoluteSD 0x00121DD1: q RtlAbsoluteToSelfRelativeSD 0x00121DEB: ?RtlDeleteSecurityObject 0x00121E04: ?RtlQuerySecurityObject 0x00121E1E: RtlSetSecurityObjectEx 0x00121E36: ? RtlSetSecurityObject 0x00121E65: ?RtlNewSecurityObjectWithMultipleInheritance 0x00121E7E: ?RtlNewSecurityObjectEx 0x00121EA7: ?RtlConvertToAutoInheritSecurityObject 0x00121EBE: ?RtlNewSecurityObject 0x00121EDF: V RtlGetGroupSecurityDescriptor 0x00121EFF: RtlSetGroupSecurityDescriptor 0x00121F1F: a RtlGetOwnerSecurityDescriptor 0x00121F3F: RtlSetOwnerSecurityDescriptor 0x00121F5E: c RtlGetSaclSecurityDescriptor 0x00121F7E: RtlSetSaclSecurityDescriptor 0x00121F9E: P RtlGetDaclSecurityDescriptor 0x00121FBE: RtlSetDaclSecurityDescriptor 0x00121FE1: RtlSetControlSecurityDescriptor 0x00122003: M RtlGetControlSecurityDescrip|? 读取数据:0x00122000************************************* 0x00122003: tor 0x00122021: ?RtlLengthSecurityDescriptor 0x0012203E: b RtlValidSecurityDescriptor 0x0012205D: ?RtlCreateSecurityDescriptor 0x0012206F: : RtlFirstFreeAce 0x0012208C: ?RtlAddAuditAccessObjectAce 0x001220AB: } RtlAddAccessDeniedObjectAce 0x001220CA: z RtlAddAccessAllowedObjectAce 0x001220E4: ?RtlAddAuditAccessAceEx 0x001220FC: ?RtlAddAuditAccessAce 0x00122117: | RtlAddAccessDeniedAceEx 0x0012212F: { RtlAddAccessDeniedAce 0x0012214A: y RtlAddAccessAllowedAceEx 0x00122164: x RtlAddAccessAllowedAce 0x00122171: I RtlGetAce 0x00122180: ?RtlDeleteAce 0x0012218D: ~ RtlAddAce 0x001221A4: RtlSetInformationAcl 0x001221BE: ?RtlQueryInformationAcl 0x001221CE: ?RtlCreateAcl 0x001221DD: ` RtlValidAcl 0x001221F1: ?RtlMapGenericMask 0x0012220C: ?RtlAreAnyAccessesGranted 0x00122228: ?RtlAreAllAccessesGranted 0x00122236: ?RtlCopySid 0x00122246: ?RtlLengthSid 0x00122261: - RtlSubAuthorityCountSid 0x00122276: . RtlSubAuthoritySid 0x00122293: j RtlIdentifierAuthoritySid 0x001222B1: ?RtlAllocateAndInitializeSid 0x001222BE: C RtlFreeSid 0x001222D2: ?RtlInitializeSid 0x001222EA: ?RtlLengthRequiredSid 0x001222FF: RtlEqualPrefixSid 0x0012230D: RtlEqualSid 0x0012231B: c RtlValidSid 0x0012231D: ? 0x0012233B: NtPrivilegedServiceAuditAlarm 0x0012233D: ? 0x00122356: NtDeleteObjectAuditAlarm 0x00122359: h 0x00122371: NtCloseObjectAuditAlarm 0x00122373: ? 0x0012238F: NtPrivilegeObjectAuditAlarm 0x00122391: ? 0x001223A8: NtOpenObjectAuditAlarm 0x001223AB: U 0x001223DE: NtAccessCheckByTypeResultListAndAuditAlarmByHandle 0x001223E1: T 0x0012240C: NtAccessCheckByTypeResultListAndAuditAlarm 0x0012240F: R 0x00122430: NtAccessCheckByTypeAndAuditAlarm 0x00122433: P 0x0012244E: NtAccessCheckAndAuditAlarm 0x00122451: ? 0x00122462: NtPrivilegeCheck 0x00122465: X 0x00122479: NtAdjustGroupsToken 0x0012247B: Y 0x00122493: NtAdjustPrivilegesToken 0x001224AB: 9 NtSetInformationToken 0x001224AD: ? 0x001224C5: NtQueryInformationToken 0x001224C7: ? 0x001224D9: NtOpenThreadToken 0x001224DB: ? 0x001224EE: NtOpenProcessToken 0x001224F1: S 0x0012250F: NtAccessCheckByTypeResultList 0x00122511: Q 0x00122525: NtAccessCheckByType 0x00122527: O 0x00122535: NtAccessCheck 0x00122537: \ 0x00122551: NtAllocateLocallyUniqueId 0x00122553: ? 0x00122564: NtDuplicateToken 0x00122572: ?_snwprintf 0x00122587: p RtlInitAnsiString 0x001225A6: ?RtlAnsiStringToUnicodeString 0x001225BE: E RtlFreeUnicodeString 0x001225D6: v RtlInitUnicodeString 0x001225F6: RtlDosPathNameToNtPathName_U 0x00122605: @ RtlFreeHeap 0x0012260E: wcslen 0x00122621: ?RtlAllocateHeap 0x0012262A: wcscpy 0x00122634: wcscat 0x0012264D: ?RtlNtStatusToDosError 0x0012266C: { RtlInitializeCriticalSection 0x0012267C: W NtTraceEvent 0x00122698: ?RtlDeleteCriticalSection 0x001226B1: ? RtlEqualUnicodeString 0x001226B3: ? 0x001226BE: NtFlushKey 0x001226E4: a RtlValidRelativeSecurityDescriptor 0x001226E7: ? 0x001226F1: NtLoadKey 0x001226FF: Z NtUnloadKey 0x0012270E: NtReplaceKey 0x00122711: ? 0x0012272C: NtNotifyChangeMultipleKeys 0x0012272F: ? 0x00122747: NtQueryMultipleValueKey 0x00122756: ? NtRestoreKey 0x00122763: " NtSaveKey 0x00122776: $ NtSaveMergedKeys 0x00122785: # NtSaveKeyEx 0x00122795: h RtlGetVersion 0x001227A9: ?RtlReAllocateHeap 0x001227B9: ?_alloca_probe 0x001227BB: ? 0x001227CB: DeviceIoControl 0x001227DA: N LocalReAlloc 0x001227E7: K LocalFree 0x001227FD: ~ WideCharToMultiByte 0x0012280A: G LocalAlloc 0x00122816: ?lstrlenW 0x0012282D: d MultiByteToWideChar 0x00122838: ?lstrlenA 0x00122844: ?lstrcatW 0x00122850: ?lstrcpyW 0x0012285C: ?lstrcpyA 0x0012285F: 0x0012286F: AreFileApisANSI 0x0012287F: ' IsBadWritePtr 0x00122881: 1 0x0012288D: CloseHandle 0x001228AA: ?WritePrivateProfileStringW 0x001228C6: ?GetPrivateProfileStringW 0x001228CF: > Sleep 0x001228DE: ?GetTickCount 0x001228F3: ; GetCurrentProcess 0x00122906: = GetCurrentThread 0x0012291E: ?GetWindowsDirectoryW 0x0012292E: h GetLastError 0x0012293E: SetErrorMode 0x00122950: C LoadLibraryExW 0x00122953: ? 0x00122964: FindFirstFileExW 0x00122967: ? 0x00122975: FindNextFileW 0x00122983: ] GetFileTime 0x00122993: ?GetSystemTime 0x001229A8: t GetModuleFileNameW 0x001229C4: ?GetUserDefaultUILanguage 0x001229C7: ] 0x001229D4: CreateMutexW 0x001229ED: ?GetPrivateProfileIntW 0x00122A0A: ?GetSystemWindowsDirectoryW 0x00122A1C: ?RaiseException 0x00122A31: ?ReadProcessMemory 0x00122A42: ?GetProfileIntA 0x00122A57: ?GetProfileStringA 0x00122A6A: GetComputerNameA 0x00122A80: GetComputerNameExW 0x00122A96: w GetModuleHandleExW 0x00122AB1: SetNamedPipeHandleState 0x00122ABE: l OpenEventW 0x00122AD9: n GetLogicalDriveStringsW 0x00122AE9: L GetDriveTypeW 0x00122AFD: H GetDiskFreeSpaceW 0x00122B15: ?GetVolumeInformationW 0x00122B2A: ?GlobalMemoryStatus 0x00122B3B: ?GetSystemInfo 0x00122B4F: - SetThreadPriority 0x00122B68: InterlockedExchangeAdd 0x00122B6B: ? 0x00122B7B: DuplicateHandle 0x00122B7D: l 0x00122B8A: CreateThread 0x00122BA6: y WaitForMultipleObjectsEx 0x00122BA9: ' 0x00122BB2: CancelIo 0x00122BB5: ? 0x00122BC0: ExitThread 0x00122BDA: ?GetTimeZoneInformation 0x00122BDD: ? 0x00122BEE: EnumUILanguagesW 0x00122BF1: K 0x00122BFE: CreateEventA 0x00122C12: a GetFullPathNameA 0x00122C29: G GetDiskFreeSpaceExW 0x00122C36: ?ResetEvent 0x00122C42: SetEvent 0x00122C45: O 0x00122C51: CreateFileA 0x00122C67: ?GetOverlappedResult 0x00122C7A: x GetModuleHandleW 0x00122C7D: ? 0x00122C8D: FindResourceExW 0x00122C9C: ?ReleaseMutex 0x00122C9F: 6 0x00122CAF: CompareFileTime 0x00122CBC: s OpenMutexW 0x00122CD3: z WaitForSingleObject 0x00122CE6: q GetLongPathNameW 0x00122CF7: \ GetFileSizeEx 0x00122CF9: Q 0x00122D0C: CreateFileMappingW 0x00122D0F: ? 0x00122D1E: FormatMessageW 0x00122D2E: j GetLocalTime 0x00122D44: | OutputDebugStringW 0x00122D47: ? 0x00122D61: ExpandEnvironmentStringsW 0x00122D6D: ` MoveFileW 0x00122D78: ?lstrcmpW 0x00122D8B: GetCommandLineW 0x00122D97: ?lstrcmpiW 0x00122D99: 0x00122DAF: DeleteCriticalSection 0x00122DCB: InitializeCriticalSection 0x00122DDA: SetLastError 0x00122DEB: ?GetVersionExA 0x00122E01: InterlockedExchange 0x00122E03: L 0x00122E10: CreateEventW 0x00122E2F: 2 SetUnhandledExceptionFilter 0x00122E4A: W UnhandledExceptionFilter 0x00122E5E: F TerminateProcess 0x00122E79: ?GetSystemTimeAsFileTime 0x00122E93: ?QueryPerformanceCounter 0x00122EB0: InterlockedCompareExchange 0x00122EB3: } 0x00122EC8: DelayLoadFailureHook 0x00122EDC: ?GetPriorityClass 0x00122EE8: HeapFree 0x00122EFC: b GetFullPathNameW 0x00122F09: ?lstrcpynW 0x00122F1E: > GetCurrentThreadId 0x00122F29: ? SleepEx 0x00122F3A: ?GetProcessHeap 0x00122F47: HeapAlloc 0x00122F49: ? 0x00122F5E: EnterCriticalSection 0x00122F76: @ LeaveCriticalSection 0x00122F79: ? 0x00122F93: ExpandEnvironmentStringsA 0x00122F9E: m OpenFile 0x00122FAD: [ GetFileSize 0x00122FB7: ?_lclose 0x00122FC5: ?SearchPathW 0x00122FDC: X GetFileAttributesExW 0x00122FEE: SetFilePointer 0x00122FF1: ? 0x00122FFF: FindResourceA 读取数据:0x00123000************************************* 0x0012300E: F LoadResource 0x00123020: = SizeofResource 0x00123038: InterlockedDecrement 0x00123050: InterlockedIncrement 0x00123064: u GetModuleHandleA 0x00123067: c 0x0012307E: CreateProcessInternalA 0x00123081: d 0x00123098: CreateProcessInternalW 0x001230AF: ?GetSystemDirectoryW 0x001230BE: D LoadLibraryW 0x001230C1: ? 0x001230CD: FreeLibrary 0x001230DE: } WaitNamedPipeW 0x001230F5: < GetCurrentProcessId 0x00123101: ?WriteFile 0x0012310C: ?ReadFile 0x0012311C: ?ResumeThread 0x0012312B: t OpenProcess 0x0012313E: GetComputerNameW 0x00123151: Z UnmapViewOfFile 0x00123153: R 0x0012315F: CreateFileW 0x00123161: P 0x00123174: CreateFileMappingA 0x00123185: W MapViewOfFile 0x00123194: A LoadLibraryA 0x001231A6: ?GetProcAddress 0x001231B6: j VirtualAlloc 0x001231C5: m VirtualFree 0x001231C7: p 0x001231DB: CreateVirtualBuffer 0x001231FB: l VirtualBufferExceptionHandler 0x001231FD: ? 0x0012320F: FreeVirtualBuffer 0x00123224: Y GetFileAttributesW 0x00123227: ? 0x00123236: FindFirstFileW 0x00123239: ? 0x00123243: FindClose 0x00123268: ?QueryWin31IniFilesMappedToRegistry 0x0012326B: ? 0x00123277: DeleteFileW 0x00123279: B 0x00123283: CopyFileW 0x00123294: ?RpcStringFreeW 0x001232A5: ?UuidToStringW 0x001232B7: ?UuidFromStringW 0x001232CB: ?RpcRaiseException 0x001232E6: U RpcBindingSetAuthInfoExA 0x001232F8: E RpcBindingFree 0x00123318: G RpcBindingFromStringBindingW 0x00123334: ?RpcStringBindingComposeW 0x00123350: V RpcBindingSetAuthInfoExW 0x00123353: 0x00123362: NdrClientCall2 0x0012337C: ?RpcStringBindingParseW 0x0012337F: 6 0x00123393: I_RpcMapWin32Status 0x001233B0: [ RpcBindingToStringBindingW 0x001233B3: j 0x001233C6: NDRCContextBinding 0x001233D9: ?RpcRevertToSelf 0x001233F0: w RpcImpersonateClient 0x001233F3: % 0x0012340D: I_RpcBindingIsClientLocal 0x0012340F: , 0x00123424: I_RpcExceptionFilter 0x00123441: ?RpcSsDestroyClientContext 0x0012345A: W RpcBindingSetAuthInfoW 0x00123471: g RpcEpResolveBinding 0x0012347E: ?UuidCreate 0x00123498: T RpcBindingSetAuthInfoA 0x0012349C: ? ?SymGetModuleBase 0x0012A8E2: ??ymFunctionTableAccess 0x0012A8F5: ?ymGetSymFromAddr 0x0012A901: ?StackWalk 0x0012A90E: ?SymCleanup 0x0012A91D: ?ymInitialize 0x0012A92C: ?imagehlp.dll 0x0012A95E: ??????$S3? ?狩u hLa狩??邝9 ?狩t 3览? 0x001523C0: \x01\xf8\x4d\x34\xb9\x34\x65\x5a\x3e\x44\xdc\x1e\xa9\xb5\xd6\x78\x23\xcc\x0d\xf9\x4c\x90\x05\x98 0x001523D8: \x01\xf8\x4d\x3a\xb9\x36\x75\x31\x66\x1d\x88\x42\xa9\x86\xda\x30\x20\x92\x0d\xa1\x1a\x84\x47\x98\x11\xad\xad\x28\x49\x44 0x001523E1: F 0x0015CB08: \x01\xf8\x4d\x3a\xb9\x36\x75\x31\x66\x1d\x88\x42\xa9\x86\xda\x30\x20\x92\x0d\xa1\x1a\x84\x47\x98\x11\xad\xad\x28\x49\x44 0x0015CB11: 0x001637E6: file://D:\RohanOnline\GameGuard\Splash.jpg 0x00A80711: UnlockUrlCacheEntryStream 0x00A8072C: ?UnlockUrlCacheEntryFileW 0x00A80748: ??nlockUrlCacheEntryFileA 0x00A80761: ??etUrlCacheEntryInfoW 0x00A8077A: ?SetUrlCacheEntryGroupW 0x00A80792: ?etUrlCacheConfigInfoA 0x00A807B0: ?etrieveUrlCacheEntryStreamW 0x00A807CE: ??etrieveUrlCacheEntryFileW 0x00A807EA: ?etrieveUrlCacheEntryFileA 0x00A80803: ?esumeSuspendedDownload 0x00A80820: RegisterUrlCacheNotification 0x00A8083B: ??eadUrlCacheEntryStream 0x00A80855: PrivacySetZonePreferenceW 0x00A8086B: ?LoadUrlCacheContent 0x00A80883: IsHostInProxyBypassList 0x00A80895: InternetWriteFile 0x00A808B1: ?InternetUnlockRequestFile 0x00A808CD: ?InternetTimeToSystemTimeW 0x00A808E9: ?InternetTimeToSystemTimeA 0x00A80907: ?InternetTimeFromSystemTimeW 0x00A80923: InternetTimeFromSystemTimeA 0x00A80942: InternetShowSecurityInfoByURLW 0x00A8095E: ?nternetSetStatusCallbackW 0x00A8097A: ?nternetSetStatusCallbackA 0x00A8099D: ?nternetSetPerSiteCookieDecisionW 0x00A809B2: ?InternetSetOptionW 0x00A809C6: ?nternetSetOptionA 0x00A809DE: ?nternetSetFilePointer 0x00A809F3: ?nternetReadFileExA 0x00A80A04: InternetReadFile 0x00A80A1C: ??nternetQueryOptionW 0x00A80A34: ??nternetQueryOptionA 0x00A80A53: ??nternetQueryFortezzaStatus 0x00A80A6E: InternetQueryDataAvailable 0x00A80A7D: ?nternetOpenW 0x00A80A90: ?InternetOpenUrlW 0x00A80AA4: ??nternetOpenUrlA 0x00A80AB5: ??nternetOpenA 0x00A80ACF: ?InternetLockRequestFile 0x00A80AEE: InternetInitializeAutoProxyDll 0x00A80B01: ?nternetGoOnlineW 0x00A80B25: ?InternetGetPerSiteCookieDecisionW 0x00A80B44: ?InternetGetLastResponseInfoW 0x00A80B64: ??nternetGetLastResponseInfoA 0x00A80B84: ??nternetGetConnectedStateExW 0x00A80BA4: ??nternetGetConnectedStateExA 0x00A80BC1: ??nternetGetConnectedState 0x00A80BDB: ?InternetFortezzaCommand 0x00A80BF1: InternetFindNextFileW 0x00A80C09: ?InternetFindNextFileA 0x00A80C1C: ?InternetErrorDlg 0x00A80C42: ??nternetEnumPerSiteCookieDecisionW 0x00A80C66: ?nternetEnumPerSiteCookieDecisionA 0x00A80C7A: ?nternetCreateUrlW 0x00A80C8E: ?nternetCreateUrlA 0x00A80CA1: ?nternetCrackUrlW 0x00A80CB5: ?InternetCrackUrlA 0x00A80CC8: ?InternetConnectW 0x00A80CDC: ??nternetConnectA 0x00A80CFC: ??nternetConfirmZoneCrossingW 0x00A80D13: ??nternetCombineUrlW 0x00A80D27: InternetCloseHandle 0x00A80D4E: InternetClearAllPerSiteCookieDecisions 0x00A80D68: ?nternetCheckConnectionW 0x00A80D84: ??nternetCanonicalizeUrlW 0x00A80DA0: ??nternetCanonicalizeUrlA 0x00A80DBA: ??nternetAutodialHangup 0x00A80DD4: ?nternetAutodialCallback 0x00A80DE8: ??nternetAutodial 0x00A80E02: ??nternetAttemptConnect 0x00A80E14: ?ttpSendRequestW 0x00A80E2A: ??ttpSendRequestExW 0x00A80E3E: ?ttpSendRequestExA 0x00A80E50: ?ttpSendRequestA 0x00A80E62: ??ttpQueryInfoW 0x00A80E72: ?ttpQueryInfoA 0x00A80E84: ?ttpOpenRequestW 0x00A80E98: ??ttpOpenRequestA 0x00A80EAB: ??ttpEndRequestW 0x00A80EBB: HttpEndRequestA 0x00A80ED2: HttpAddRequestHeadersW 0x00A80EEA: ?ttpAddRequestHeadersA 0x00A80F01: ?etUrlCacheEntryInfoW 0x00A80F1B: ?GetUrlCacheEntryInfoExW 0x00A80F33: GetUrlCacheEntryInfoExA 0x00A80F49: GetUrlCacheEntryInfoA 0x00A80F62: ?GetUrlCacheConfigInfoW 0x00A80F7A: ?etUrlCacheConfigInfoA 0x00A80F93: ?tpSetCurrentDirectoryW 0x00A80FAB: FtpSetCurrentDirectoryA 0x00A80FBA: FtpRenameFileA 0x00A80FCF: ?tpRemoveDirectoryA 0x00A80FDC: FtpPutFileEx 0x00A80FEC: ??tpOpenFileW 0x00A80FFC: ??tpOpenFileA 0x00A81003: ??? 读取数据:0x00A81000************************************* 0x00A8100E: FtpGetFileSize 0x00A8101C: ?tpGetFileEx 0x00A81037: ??tpGetCurrentDirectoryW 0x00A8104F: FtpGetCurrentDirectoryA 0x00A81061: FtpFindFirstFileW 0x00A81075: ?FtpFindFirstFileA 0x00A81086: ?FtpDeleteFileW 0x00A81096: ?tpDeleteFileA 0x00A810AB: ?tpCreateDirectoryW 0x00A810BF: FtpCreateDirectoryA 0x00A810CB: FtpCommandA 0x00A810DE: FreeUrlCacheSpaceW 0x00A810F6: ?indNextUrlCacheEntryW 0x00A81110: ?indNextUrlCacheEntryExW 0x00A8112C: ??indNextUrlCacheEntryExA 0x00A81146: ??indNextUrlCacheEntryA 0x00A81162: ?indNextUrlCacheContainerW 0x00A8117E: ?indNextUrlCacheContainerA 0x00A81197: ?indFirstUrlCacheEntryW 0x00A811B1: FindFirstUrlCacheEntryExW 0x00A811CD: ?FindFirstUrlCacheEntryExA 0x00A811E7: ?FindFirstUrlCacheEntryA 0x00A81203: FindFirstUrlCacheContainerW 0x00A8121F: FindFirstUrlCacheContainerA 0x00A81231: FindCloseUrlCache 0x00A81247: ?DeleteUrlCacheGroup 0x00A8125C: DeleteUrlCacheEntryW 0x00A81274: ??eleteUrlCacheEntryA 0x00A81290: ??eleteUrlCacheContainerA 0x00A812A7: ??reateUrlCacheGroup 0x00A812BC: CreateUrlCacheEntryW 0x00A812D4: ??reateUrlCacheEntryA 0x00A812F0: ??reateUrlCacheContainerW 0x00A8130C: ??reateUrlCacheContainerA 0x00A81324: ??ommitUrlCacheEntryW 0x00A8133C: ??ommitUrlCacheEntryA 0x00A81343: ?? ? 0x00A813A2: WinHttpSetTimeouts 0x00A813BC: ?inHttpSetStatusCallback 0x00A813D2: ??inHttpSendRequest 0x00A813EA: ?inHttpReceiveResponse 0x00A813FF: ?inHttpQueryHeaders 0x00A81412: WinHttpOpenRequest 0x00A8141F: ?inHttpOpen 0x00A8142F: WinHttpCrackUrl 0x00A8143E: WinHttpConnect 0x00A81452: ?inHttpCloseHandle 0x00A8149A: VerQueryValueW 0x00A814AF: ?erQueryValueIndexW 0x00A814BE: VerQueryValueA 0x00A814D3: ?etFileVersionInfoW 0x00A814EB: GetFileVersionInfoSizeW 0x00A81503: GetFileVersionInfoSizeA 0x00A81517: GetFileVersionInfoA 0x00A8151B: ? 0x00A8162D: UrlMkSetSessionOption 0x00A81645: ?UrlMkGetSessionOption 0x00A8165E: ?URLOpenBlockingStreamW 0x00A81672: ?RLDownloadToFileW 0x00A8168B: ?RLDownloadToCacheFileW 0x00A816AF: SetSoftwareUpdateAdvertisementState 0x00A816C6: RevokeFormatEnumerator 0x00A816E0: ?evokeBindStatusCallback 0x00A816F3: ??eleaseBindInfo 0x00A8170A: RegisterMediaTypeClass 0x00A81724: ?egisterFormatEnumerator 0x00A81742: ??egisterBindStatusCallback 0x00A81759: ?btainUserAgentString 0x00A81766: ?IsValidURL 0x00A8177B: ?linkNavigateString 0x00A81791: GetSoftwareUpdateInfo 0x00A817A3: ?GetMarkOfTheWeb 0x00A817B4: FindMimeFromData 0x00A817C8: ??aultInIEFeature 0x00A817DC: ??reateURLMoniker 0x00A817F6: ??reateFormatEnumerator 0x00A8180C: ?reateAsyncBindCtxEx 0x00A8182B: ??oInternetSetFeatureEnabled 0x00A8183F: CoInternetQueryInfo 0x00A81852: CoInternetParseUrl 0x00A8187B: ?oInternetIsFeatureZoneElevationEnabled 0x00A8189C: CoInternetIsFeatureEnabledForUrl 0x00A818BA: ??oInternetIsFeatureEnabled 0x00A818D0: ?oInternetGetSession 0x00A818EC: ??oInternetGetSecurityUrl 0x00A8190F: ??oInternetCreateSecurityManager 0x00A81924: CoInternetCombineUrl 0x00A8192B: ?? ? 0x00A8192F: 悛 0x00A81933: 8 ? 0x00A81937: 悛 0x00A8194C: lineTranslateAddress 0x00A8195E: ??ineInitialize 0x00A81963: ? ? 0x00A81967: 镐? 0x00A8196B: ?? 0x00A8196F: 镐? 0x00A81973: ?? 0x00A81977: %妾 0x00A8197B: ?? 0x00A8197F: %妾 0x00A81983: ?? 0x00A81987: "濯 0x00A81995: SfpVerifyFile 0x00A819A7: ?SfcWLEventLogon 0x00A819B8: SfcWLEventLogoff 0x00A819CE: ??fcIsFileProtected 0x00A819E7: ?fcGetNextProtectedFile 0x00A819EB: ?? 0x00A81A66: TranslateNameW 0x00A81A7D: ?etContextAttributesW 0x00A81A97: ?QueryContextAttributesW 0x00A81ABD: LsaUnregisterPolicyChangeNotification 0x00A81AE3: ?LsaRegisterPolicyChangeNotification 0x00A81AFB: LsaRegisterLogonProcess 0x00A81B1A: LsaLookupAuthenticationPackage 0x00A81B28: ?saLogonUser 0x00A81B3F: ??saFreeReturnBuffer 0x00A81B59: LsaDeregisterLogonProcess 0x00A81B6F: ?LsaConnectUntrusted 0x00A81B8C: LsaCallAuthenticationPackage 0x00A81B9E: ??etUserNameExW 0x00A81BAE: ?etUserNameExA 0x00A81BFD: SceSvcConvertTextToSD 0x00A81C15: ?SceSvcConvertSDToText 0x00A81C35: ?SceSetupUpdateSecurityService 0x00A81C51: ?SceSetupUpdateSecurityKey 0x00A81C6E: ?SceSetupUpdateSecurityFile 0x00A81C8A: ?ceSetupUnwindSecurityFile 0x00A81CA4: ?ceSetupMoveSecurityFile 0x00A81E1C: SamSetSecurityObject 0x00A81E3D: ??amSetMemberAttributesOfGroup 0x00A81E55: ?SamSetInformationUser 0x00A81E6E: ?SamSetInformationGroup 0x00A81E87: ?amSetInformationDomain 0x00A81E9E: SamSetInformationAlias 0x00A81EAB: ?amRidToSid 0x00A81EC4: SamRemoveMemberFromGroup 0x00A81EE8: ??amRemoveMemberFromForeignDomain 0x00A81F04: ??amRemoveMemberFromAlias 0x00A81F1E: ??amQuerySecurityObject 0x00A81F37: ?amQueryInformationUser 0x00A81F50: SamQueryInformationGroup 0x00A81F6D: ??amQueryInformationDomain 0x00A81F88: ?SamQueryInformationAlias 0x00A81FA6: ??amQueryDisplayInformation 0x00A81FB3: ?amOpenUser 0x00A81FC0: SamOpenGroup 0x00A81FD1: ??amOpenDomain 0x00A81FE0: ?SamOpenAlias 0x00A81FFA: ??amLookupNamesInDomain 0x00A82003: ?amL|? 读取数据:0x00A82000************************************* 0x00A82010: ookupIdsInDomain 0x00A8202E: ??amLookupDomainInSamServer 0x00A82044: ?amGetMembersInGroup 0x00A8205C: ??amGetMembersInAlias 0x00A82073: ??amGetGroupsForUser 0x00A82091: SamGetDisplayEnumerationIndex 0x00A820AB: ?SamGetCompatibilityMode 0x00A820C1: SamGetAliasMembership 0x00A820D1: ?SamFreeMemory 0x00A820ED: ?SamEnumerateUsersInDomain 0x00A8210A: ?SamEnumerateGroupsInDomain 0x00A8212A: ?amEnumerateDomainsInSamServer 0x00A82147: ?amEnumerateAliasesInDomain 0x00A82155: SamDeleteUser 0x00A82166: ?SamDeleteGroup 0x00A82176: ?amDeleteAlias 0x00A8218E: ?amCreateUser2InDomain 0x00A821A6: ?amCreateGroupInDomain 0x00A821BE: ?amCreateAliasInDomain 0x00A821CA: ?amConnect 0x00A821DA: ?amCloseHandle 0x00A821EF: ?amAddMemberToGroup 0x00A82203: SamAddMemberToAlias 0x00A82207: 8"? 0x00A8220B: 蓁? 0x00A8220F: ,"? 0x00A82213: 觇? 0x00A82217: "? 0x00A8221B: 楠 0x00A82229: UuidToStringA 0x00A82236: ?UuidCreate 0x00A82246: ?pcStringFreeA 0x00A8224B: ?#? 0x00A822D9: WaitForTSConnectionsPolicyChanges 0x00A822F4: ?RegWinStationQueryValueW 0x00A82313: ??egWinStationQueryNumValueW 0x00A82328: RegWinStationQueryEx 0x00A8233C: ??egUserConfigSet 0x00A82352: ??egUserConfigQuery 0x00A82363: ?egPdEnumerateW 0x00A8237F: RegIsMachinePolicyAllowHelp 0x00A82396: RegIsMachineInHelpMode 0x00A823A8: ?egGetUserPolicy 0x00A823C1: ??egGetMachinePolicyEx 0x00A823DE: ?RegDenyTSConnectionsPolicy 0x00A823FA: ?egDefaultUserConfigQueryW 0x00A82412: ?egConsoleShadowQueryW 0x00A82436: RasReferenceRasman 0x00A82445: ?asInitialize 0x00A8250A: RasWizSetEntryName 0x00A82523: ?asWizQueryMaxPageCount 0x00A8253A: RasWizIsEntryRenamable 0x00A8255C: ?asWizGetUserInputConnectionName 0x00A8257B: ??asWizGetSuggestedEntryName 0x00A8258D: RasWizGetNCCFlags 0x00A825A4: ?RasWizCreateNewEntry 0x00A825B7: ??asUserPrefsDlg 0x00A825CC: RasUserGetManualDial 0x00A825E7: ??asUserEnableManualDial 0x00A825FB: RasSrvQueryShowIcon 0x00A82617: RasSrvIsConnectionConnected 0x00A8262F: RasSrvInitializeService 0x00A82646: RasSrvHangupConnection 0x00A8265D: ?asSrvEnumConnections 0x00A82674: ?RasSrvCleanupService 0x00A82694: ??asSrvAllowConnectionsConfig 0x00A826A9: ??asSrvAddWizPages 0x00A826BE: ?RasSrvAddPropPages 0x00A826D0: ?asPhonebookDlgW 0x00A826E0: ??asEntryDlgW 0x00A826EF: ??asDialDlgW 0x00A827F5: RasValidateEntryNameW 0x00A8280C: ?RasUnshareConnection 0x00A82822: ??asShareConnection 0x00A82838: ?asSetSharedAutoDial 0x00A82852: ??asSetEntryPropertiesW 0x00A8286A: ?asSetAutodialAddressW 0x00A8287B: ?asRenameEntryW 0x00A82894: RasQuerySharedConnection 0x00A828AE: ??asQuerySharedAutoDial 0x00A828C4: ?asQueryLanConnTable 0x00A828DD: ??asIsSharedConnection 0x00A828EA: ?RasHangUpW 0x00A82905: ?asGetSubEntryPropertiesW 0x00A8291D: ?RasGetSubEntryHandleW 0x00A82935: ?RasGetProjectionInfoW 0x00A8294A: ?RasGetErrorStringW 0x00A82962: ?asGetEntryPropertiesW 0x00A8297A: ?asGetEntryDialParamsW 0x00A8298E: ?asGetCredentialsW 0x00A829AA: ?asGetConnectionStatistics 0x00A829C0: ?asGetConnectStatusW 0x00A829DA: ??asGetAutodialAddressW 0x00A829EB: ?asEnumEntriesW 0x00A829FF: RasEnumConnectionsW 0x00A82A08: RasDialW 0x00A82A1B: ??asDeleteEntryW 0x00A82A36: RasConnectionNotificationW 0x00A82A49: ?wRasUninitialize 0x00A82A5E: ?DwEnumEntryDetails 0x00A82A6C: ?wCloneEntry 0x00A82AA7: LocateCatalogsW 0x00A82AB3: LoadIFilter 0x00A82AC6: CITextToFullTreeEx 0x00A82ACF: ?IState 0x00A82ADE: CIMakeICommand 0x00A82AE3: ?+? 0x00A82AE7: 横? 0x00A82AEB: 0+? 0x00A82AEF: 横? 0x00A82AF3: +? 0x00A82AF7: 横? 0x00A82AFB: +? 0x00A82AFF: 横? 0x00A82B14: GetModuleInformation 0x00A82B2C: ??etModuleFileNameExW 0x00A82B42: ??etModuleBaseNameW 0x00A82B56: ?numProcessModules 0x00A82BC8: vServerPropPages 0x00A82BD8: ??QueueCreate 0x00A82BED: ??PrinterPropPages 0x00A82C01: ?vDocumentDefaults 0x00A82C11: ?bPrinterSetup 0x00A82C22: ?bFolderRefresh 0x00A82C35: ?FolderGetPrinter 0x00A82C4B: ?bFolderEnumPrinters 0x00A82C61: UnregisterPrintNotify 0x00A82C76: ?ShowErrorMessageSC 0x00A82C8A: ?howErrorMessageHR 0x00A82C9F: ?egisterPrintNotify 0x00A82CE7: SetSuspendState 0x00A82CFA: SetActivePwrScheme 0x00A82D09: ?eadPwrScheme 0x00A82D1F: ?IsPwrSuspendAllowed 0x00A82D34: IsPwrShutdownAllowed 0x00A82D4D: ??sPwrHibernateAllowed 0x00A82D62: ?GetActivePwrScheme 0x00A82D9D: LresultFromObject 0x00A82DAC: ?GetRoleTextW 0x00A82DC9: ??reateStdAccessibleProxyW 0x00A82DE5: ?CreateStdAccessibleObject 0x00A82E02: ?AccessibleObjectFromWindow 0x00A82E79: NtLicenseRequestW 0x00A82E8A: ?NtLSFreeHandle 0x00A82E8F: ?.? 0x00A82E93: 襁? 0x00A82E97: ?? 0x00A82E9B: ゎ? 0x00A82EB9: NPCancelConnectionForCSCAgent 0x00A82ED7: ?NPAddConnection3ForCSCAgent 0x00A82F42: DsWriteAccountSpnW 0x00A82F56: ?sUnquoteRdnValueW 0x00A82F61: ?sUnBindW 0x00A82F6E: ?DsMakeSpnW 0x00A82F8A: ?sMakePasswordCredentialsW 0x00A82F95: ?sGetRdnW 0x00A82FB1: ?DsFreePasswordCredentials 0x00A82FC5: ?DsFreeNameResultW 0x00A82FD5: ?DsCrackNamesW 0x00A82FE7: ?DsBindWithCredW 0x00A82FEF: DsBindW 0x00A8301E: NcFreeNetconProperties 0x00A8302C: ?rOemUpgrade 0x00A83053: ??rGetAnswerFileParametersForNetCard 0x00A83057: |0? 0x00A8305B: W愍 0x00A8305F: d0? 0x00A83063: ^濯 0x00A83079: SHDisconnectNetDrives 0x00A83092: ?NetPlacesWizardDoModal 0x00A83097: ?0? 0x00A8309B: }楠 0x00A8309F: ?? 0x00A830A3: ?? 0x00A830C3: UpdateLanaConfigUsingAnswerfile 0x00A830DD: HrDiAddComponentToINetCfg 0x00A830E3: ?T5? 0x00A83241: NetpUpgradePreNT5JoinInfo 0x00A83250: ?NetpIsRemote 0x00A8325B: ??etbios 0x00A8326F: NetWkstaUserGetInfo 0x00A8327F: NetWkstaGetInfo 0x00A8328F: NetValidateName 0x00A8329E: NetUserSetInfo 0x00A832B0: ?etUserModalsGet 0x00A832C9: ??etUserGetLocalGroups 0x00A832DA: ?NetUserGetInfo 0x00A832EC: ?etUserGetGroups 0x00A832FA: ??etUserDel 0x00A83311: ?etUserChangePassword 0x00A8331E: ?NetUserAdd 0x00A8332F: ?etUnjoinDomain 0x00A8333F: NetShareSetInfo 0x00A8334F: NetShareGetInfo 0x00A8335E: NetSessionEnum 0x00A83370: ?etServerSetInfo 0x00A83384: ??etServerGetInfo 0x00A833A0: ??etRenameMachineInDomain 0x00A833BE: ??etQueryDisplayInformation 0x00A833D4: ?etMessageBufferSend 0x00A833EF: ??etLocalGroupGetMembers 0x00A833FD: NetJoinDomain 0x00A83415: ?NetGetJoinInformation 0x00A83432: ?NetEnumerateTrustedDomains 0x00A83441: ?etDfsGetInfo 0x00A83457: ?NetDfsGetClientInfo 0x00A83468: NetApiBufferFree 0x00A83480: ??etApiBufferAllocate 0x00A83493: ??etAlertRaiseEx 0x00A834A5: I_NetNameValidate 0x00A834BD: ?I_NetNameCanonicalize 0x00A834E1: ?DsRoleGetPrimaryDomainInformation 0x00A834F4: ?DsRoleFreeMemory 0x00A8350C: ??sGetDcSiteCoverageW 0x00A83527: ??sGetDcNameWithAccountW 0x00A83534: DsGetDcNameW 0x00A83550: ??sEnumerateDomainTrustsW 0x00A83569: ??sAddressToSiteNamesW 0x00A835C1: SpcGetCertFromKey 0x00A835D5: ?SignerTimeStampEx 0x00A835E4: ?SignerSignEx 0x00A835FF: ??ignerFreeSignerContext 0x00A8360F: PvkGetCryptProv 0x00A83620: PvkFreeCryptProv 0x00A83638: ??etCryptProvFromCert 0x00A83651: ??reeCryptProvFromCert 0x00A83657: ??? 0x00A8365B: ?? 0x00A8365F: |6? 0x00A83663: ?? 0x00A83667: l6? 0x00A8366B: ?? 0x00A8367A: TransparentBlt 0x00A83688: ?radientFill 0x00A83696: ??lphaBlend 0x00A836EE: ShowModelessHTMLDialog 0x00A83700: ?howHTMLDialogEx 0x00A83712: ??howHTMLDialog 0x00A837A8: acmStreamUnprepareHeader 0x00A837B9: ??cmStreamSize 0x00A837D2: ?acmStreamPrepareHeader 0x00A837E1: ?cmStreamOpen 0x00A837F4: ?acmStreamConvert 0x00A83806: ??cmStreamClose 0x00A8381C: ?cmFormatTagDetailsW 0x00A83830: ??cmFormatSuggest 0x00A838A4: MPRUI_WNetDisconnectDialog1W 0x00A838C4: ??PRUI_WNetDisconnectDialog1A 0x00A838E2: ??PRUI_WNetDisconnectDialog 0x00A83900: ?PRUI_WNetConnectionDialog1W 0x00A83920: ??PRUI_WNetConnectionDialog1A 0x00A8393E: ??PRUI_WNetConnectionDialog 0x00A8395A: ?PRUI_WNetClearConnections 0x00A83975: ?PRUI_ShowReconnectDialog 0x00A83992: ?MPRUI_DoProfileErrorDialog 0x00A839AA: ?PRUI_DoPasswordDialog 0x00A83ABA: WNetUseConnectionW 0x00A83AD2: ?NetRestoreConnectionW 0x00A83AEA: ?NetRestoreConnectionA 0x00A83B03: ?NetRestoreConnection2W 0x00A83B11: WNetOpenEnumW 0x00A83B20: ?WNetGetUserW 0x00A83B39: ??NetGetUniversalNameW 0x00A83B52: ?WNetGetResourceParentW 0x00A83B6F: ?NetGetResourceInformationW 0x00A83B8B: WNetGetResourceInformationA 0x00A83BA0: WNetGetProviderTypeW 0x00A83BB8: ??NetGetProviderNameW 0x00A83BD6: ??NetGetNetworkInformationW 0x00A83BE9: ?NetGetLastErrorW 0x00A83BFD: ?WNetGetLastErrorA 0x00A83C12: ?WNetGetConnectionW 0x00A83C26: ?NetGetConnectionA 0x00A83C3B: ?NetGetConnection3W 0x00A83C52: WNetFormatNetworkNameW 0x00A83C65: ?NetEnumResourceW 0x00A83C7E: ?WNetDisconnectDialog1W 0x00A83C94: ?NetDisconnectDialog 0x00A83CAE: ??NetConnectionDialog1W 0x00A83CC4: ?NetConnectionDialog 0x00A83CD5: ??NetCloseEnum 0x00A83CEC: ?WNetClearConnections 0x00A83D06: ??NetCancelConnection2W 0x00A83D1B: ?NetAddConnection3W 0x00A83D2F: WNetAddConnection2W 0x00A83D45: MultinetGetErrorTextW 0x00A83D69: ?MultinetGetConnectionPerformanceW 0x00A83E19: PRShowSaveWizardW 0x00A83E2F: ?PRShowSaveWizardExW 0x00A83E45: PRShowSaveFromMsginaW 0x00A83E5C: ?PRShowRestoreWizardW 0x00A83E76: ??RShowRestoreWizardExW 0x00A83E90: ?RShowRestoreFromMsginaW 0x00A83EA0: ??RShowKeyMgr 0x00A83F73: SetAdapterIpAddress 0x00A83F85: NotifyRouteChange 0x00A83F98: ?NotifyAddrChange 0x00A83FBC: ??hGetInterfaceNameFromDeviceGuid 0x00A83FD0: ??etUdpStatistics 0x00A83FE4: ??etTcpStatistics 0x00A83FF9: ??etRTTAndHopCount 0x00A84003: ?GetP|? 读取数据:0x00A84000************************************* 0x00A8400D: erAdapterInfo 0x00A84025: ?GetNumberOfInterfaces 0x00A84037: ?GetIpStatistics 0x00A84045: GetIpNetTable 0x00A84059: ?GetIpForwardTable 0x00A8406A: ?GetIpAddrTable 0x00A8407C: ?etInterfaceInfo 0x00A8408A: ??etIfTable 0x00A84096: ?etIfEntry 0x00A840A9: ?etIcmpStatistics 0x00A840BE: ?GetFriendlyIfIndex 0x00A840CC: ?etBestRoute 0x00A840E0: ??etBestInterface 0x00A840F3: ??etAdaptersInfo 0x00A84108: GetAdaptersAddresses 0x00A8412E: ??llocateAndGetIpAddrTableFromStack 0x00A84133: ?A? 0x00A84137: ^濯 0x00A8413B: `A? 0x00A8413F: ^濯 0x00A84143: HA? 0x00A84147: W愍 0x00A8415D: IcfGetOperationalMode 0x00A8416D: ?IcfDisconnect 0x00A8417A: ?IcfConnect 0x00A84183: ???C? 0x00A84226: SetWindowExtEx 0x00A84238: ?etViewportOrgEx 0x00A8424C: ??etViewportExtEx 0x00A84263: ??etSystemPaletteUse 0x00A8426E: SetMapMode 0x00A8427D: ?electPalette 0x00A8428C: ?SelectObject 0x00A8429E: ??ealizePalette 0x00A842B7: ?etSystemPaletteEntries 0x00A842C6: GetStockObject 0x00A842D5: ?etObjectType 0x00A842E5: ?GetDeviceCaps 0x00A842F4: ?DeleteObject 0x00A84300: ??eleteDC 0x00A84311: ??reatePalette 0x00A84324: ?CreateDIBSection 0x00A8433A: ??reateCompatibleDC 0x00A84352: ?reateCompatibleBitmap 0x00A8435A: ?itBlt 0x00A84479: JetUpdate 0x00A84484: ?JetTerm2 0x00A8448F: ??etTerm 0x00A844A5: JetSetSystemParameter 0x00A844BC: ?JetSetSessionContext 0x00A844D0: ??etSetIndexRange 0x00A844E6: ??etSetCurrentIndex 0x00A844F4: ?etSetColumn 0x00A844FF: ??etSeek 0x00A8450B: JetRollback 0x00A8451D: JetRetrieveColumn 0x00A84536: ?JetResetSessionContext 0x00A84548: ?etPrepareUpdate 0x00A84558: ??etOpenTable 0x00A8456B: ??etOpenDatabase 0x00A84573: JetMove 0x00A8457E: JetMakeKey 0x00A84587: ?etInit 0x00A8459B: JetIndexRecordCount 0x00A845B1: JetGetTableColumnInfo 0x00A845C6: ?JetGetDatabaseInfo 0x00A845D5: ?etEndSession 0x00A845E9: ?JetDetachDatabase 0x00A845FA: ?JetDeleteTable 0x00A84605: ?etDelete 0x00A84621: ?JetCreateTableColumnIndex 0x00A84635: ?JetCreateDatabase 0x00A8464C: ?JetCommitTransaction 0x00A8465D: ??etCloseTable 0x00A84670: ?JetCloseDatabase 0x00A84687: ??etBeginTransaction 0x00A84697: JetBeginSession 0x00A846A9: JetAttachDatabase 0x00A846B8: ?JetAddColumn 0x00A846C3: ????J? 0x00A847F9: UtilDrawBlendRect 0x00A8480A: ?SetGadgetStyle 0x00A8481D: ?etGadgetRootInfo 0x00A8482D: ?SetGadgetRect 0x00A8483F: ?SetGadgetParent 0x00A84856: SetGadgetMessageFilter 0x00A84866: ?etGadgetFocus 0x00A84876: ?etGadgetFillI 0x00A8488B: ?etGadgetBufferInfo 0x00A8489B: MapGadgetPoints 0x00A848AE: LookupGadgetTicket 0x00A848C0: ?nvalidateGadget 0x00A848CF: ??nitGadgets 0x00A848DC: GetStdColorI 0x00A848F1: ??etStdColorBrushI 0x00A84901: ?GetMessageExW 0x00A84913: ?GetGadgetTicket 0x00A84921: GetGadgetSize 0x00A84930: ?GetGadgetRgn 0x00A84941: ??etGadgetRect 0x00A84952: ?GetGadgetFocus 0x00A84966: ?etGadgetAnimation 0x00A84970: ?etDebug 0x00A84988: ??orwardGadgetMessage 0x00A84998: ??indStdColor 0x00A849AF: ??indGadgetFromPoint 0x00A849BD: DetachWndProc 0x00A849CC: ?DeleteHandle 0x00A849DE: ??UserSendEvent 0x00A849EE: ?UserPostEvent 0x00A849FC: ?reateGadget 0x00A84A0C: ??reateAction 0x00A84A22: ??uildInterpolation 0x00A84A33: ?uildDropTarget 0x00A84A42: BuildAnimation 0x00A84A4D: ?utoTrace 0x00A84A5E: ?AttachWndProcW 0x00A84AB7: DhcpStaticRefreshParams 0x00A84AC9: DhcpRequestParams 0x00A84AE1: ?DhcpReleaseParameters 0x00A84AFA: ?DhcpNotifyConfigChange 0x00A84B0E: ?hcpCApiInitialize 0x00A84B1F: ?hcpCApiCleanup 0x00A84B40: DhcpAcquireParametersByBroadcast 0x00A84B59: ??hcpAcquireParameters 0x00A84B92: DirectDrawEnumerateExW 0x00A84BAA: ?irectDrawEnumerateExA 0x00A84BBE: ?irectDrawCreateEx 0x00A84BD0: ?irectDrawCreate 0x00A84C1B: LocalEnrollNoDS 0x00A84C27: LocalEnroll 0x00A84C42: CryptUIDlgViewCertificateW 0x00A84C56: ?ryptUIDlgViewCTLW 0x00A84C6A: ?ryptUIDlgViewCRLW 0x00A84E33: CryptVerifyMessageSignature 0x00A84E53: CryptVerifyCertificateSignature 0x00A84E66: CryptUnprotectData 0x00A84E78: ?ryptSignMessage 0x00A84E99: ??ryptSignAndEncodeCertificate 0x00A84EAC: ?CryptQueryObject 0x00A84EC0: ??ryptProtectData 0x00A84ED4: ??ryptMsgGetParam 0x00A84EF2: ??ryptMsgGetAndVerifySigner 0x00A84F01: ?ryptMsgClose 0x00A84F1E: ?CryptImportPublicKeyInfoEx 0x00A84F38: ?ryptImportPublicKeyInfo 0x00A8501F: VerifySubjectCertificateContext 0x00A85040: CertVerifyCertificateChainPolicy 0x00A85052: ??ertStrToNameW 0x00A85075: ?ertSetCertificateContextProperty 0x00A85091: ?CertRegisterPhysicalStore 0x00A850A6: ?CertRDNValueToStrW 0x00A850BC: ?ertOpenSystemStoreW 0x00A850CD: ??ertOpenStore 0x00A850DE: ?CertNameToStrW 0x00A850F6: ?ertGetPublicKeyLength 0x00A8510A: ?ertGetNameStringW 0x00A8512D: ?ertGetIssuerCertificateFromStore 0x00A85147: ?CertGetEnhancedKeyUsage 0x00A85169: CertGetCertificateContextProperty 0x00A85183: ?CertGetCertificateChain 0x00A8519E: CertFreeCertificateContext 0x00A851B8: ?ertFreeCertificateChain 0x00A851CE: ??ertFreeCTLContext 0x00A851E4: ?ertFindSubjectInCTL 0x00A851F9: ??ertFindExtension 0x00A85216: ?CertFindCertificateInStore 0x00A8522A: ?ertFindCTLInStore 0x00A85247: ?ertEnumCertificatesInStore 0x00A85267: CertDuplicateCertificateContext 0x00A8527F: CertDuplicateCTLContext 0x00A8529E: CertDeleteCertificateFromStore 0x00A852BC: ?ertCreateCertificateContext 0x00A852D4: ??ertCreateCTLContext 0x00A852E8: ??ertControlStore 0x00A85306: ??ertCompareCertificateName 0x00A85316: ?ertCloseStore 0x00A85338: ?ertAddCertificateContextToStore 0x00A8533F: ??S? 0x00A8537F: CredUIStoreSSOCredW 0x00A8539B: CredUIPromptForCredentialsW 0x00A853B0: CredUIParseUserNameW 0x00A853C6: ??redUIInitControls 0x00A853E1: ?redUIFlushAllCredentials 0x00A85406: ?CredUICmdLinePromptForCredentialsW 0x00A8543E: SubscribeToCDF 0x00A85455: ?arseDesktopComponent 0x00A8D313: ]??DuplicateEncryptionInfoFile 0x00A8E0B0: ?产?E,?肴?etSecurityDescriptorControl 0x00A8E0C9: ??etNamedSecurityInfoW 0x00A8E0E1: ?GetNamedSecurityInfoW 0x00A8E0FB: ?????? SV3??u ? 0x00A83241: NetpUpgradePreNT5JoinInfo 0x00A83250: ?NetpIsRemote 0x00A8325B: ??etbios 0x00A8326F: NetWkstaUserGetInfo 0x00A8327F: NetWkstaGetInfo 0x00A8328F: NetValidateName 0x00A8329E: NetUserSetInfo 0x00A832B0: ?etUserModalsGet 0x00A832C9: ??etUserGetLocalGroups 0x00A832DA: ?NetUserGetInfo 0x00A832EC: ?etUserGetGroups 0x00A832FA: ??etUserDel 0x00A83311: ?etUserChangePassword 0x00A8331E: ?NetUserAdd 0x00A8332F: ?etUnjoinDomain 0x00A8333F: NetShareSetInfo 0x00A8334F: NetShareGetInfo 0x00A8335E: NetSessionEnum 0x00A83370: ?etServerSetInfo 0x00A83384: ??etServerGetInfo 0x00A833A0: ??etRenameMachineInDomain 0x00A833BE: ??etQueryDisplayInformation 0x00A833D4: ?etMessageBufferSend 0x00A833EF: ??etLocalGroupGetMembers 0x00A833FD: NetJoinDomain 0x00A83415: ?NetGetJoinInformation 0x00A83432: ?NetEnumerateTrustedDomains 0x00A83441: ?etDfsGetInfo 0x00A83457: ?NetDfsGetClientInfo 0x00A83468: NetApiBufferFree 0x00A83480: ??etApiBufferAllocate 0x00A83493: ??etAlertRaiseEx 0x00A834A5: I_NetNameValidate 0x00A834BD: ?I_NetNameCanonicalize 0x00A834E1: ?DsRoleGetPrimaryDomainInformation 0x00A834F4: ?DsRoleFreeMemory 0x00A8350C: ??sGetDcSiteCoverageW 0x00A83527: ??sGetDcNameWithAccountW 0x00A83534: DsGetDcNameW 0x00A83550: ??sEnumerateDomainTrustsW 0x00A83569: ??sAddressToSiteNamesW 0x00A835C1: SpcGetCertFromKey 0x00A835D5: ?SignerTimeStampEx 0x00A835E4: ?SignerSignEx 0x00A835FF: ??ignerFreeSignerContext 0x00A8360F: PvkGetCryptProv 0x00A83620: PvkFreeCryptProv 0x00A83638: ??etCryptProvFromCert 0x00A83651: ??reeCryptProvFromCert 0x00A8367A: TransparentBlt 0x00A83688: ?radientFill 0x00A83696: ??lphaBlend 0x00A84F52: ??ryptHashPublicKeyInfo 0x00A84F65: ?ryptFormatObject 0x00A84F80: ?CryptExportPublicKeyInfo 0x00A84F97: ??ryptEncryptMessage 0x00A84FAB: CryptEncodeObjectEx 0x00A84FBD: CryptEncodeObject 0x00A84FD3: ?CryptDecryptMessage 0x00A84FE7: CryptDecodeObjectEx 0x00A84FF9: CryptDecodeObject |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值