|
[求助]新手发问!为什么dump后的文件还是显示加壳的?
最初由 fly 发布 那个我看过,原来不是直接接在脱壳后面的,在后面呀。多谢!我好好看看。 |
|
[求助]新手发问!为什么dump后的文件还是显示加壳的?
请问关于“LordPE来dump,ImportRec修复输入表”的贴子吗?好象都是关于脱的,没有关于dump的使用方法,以及dump是在做什么,什么原理等等。 |
|
[求助]关于Armadillo
用一个叫mm_dillodie1.6的程序居然自动把它脱掉了。(不好意思,急于帮人解决问题,先自动能脱就脱吧。) 脱掉以后,发现这东西还是双进程,一启动就上来一个广告,我想把它弄掉,关掉窗口时,会显示: If you close the sponsor window, you will close all Free Tools.Are you sure? 于是,一按,整个程序全被关掉了。 我用W32ASM打开它,并没有找到sponsor之类的字串,用OD打开,也没有找到。按理说,用PEiD查出来没有加密,就应该能找到这个sponsor的字串的呀,为什么查不到呢?百丝不得其解。。。难道在相关的dll中?用FileMon查了一下,启动时也没载入什么文件啊。 用dir得到的目录列表: hypersrv.exe Exchanges.dat ExchangesDefs.txt cache.map bridge.dll ActualDatafeed.chm HyperServerLite.chm Exchanges.map cache.dat dilloDIE.log hypersrv.exe.dDIE.exe(自动脱壳脱掉的文件) 现在问题是,我应该如何修改这个已经被脱的程序,才能把那个广告程序删掉呀?不需要做破解注册之类的,只需要把上来就弹广告的程序弄掉就可以了。请大家教教我吧?先谢谢了 附上dilloDIE.log的日志文件 ++++++++++++++ CreateProcess... --> Filename: hypersrv.exe --> Process ID: 00001738 Debugblocker detected... Entering Child Process... --> Process ID: 0000174C IAT Initialization hooked... --> 010B99EE Rebuilding Import Table... --> Thunk @ 0066A2A8 = kernel32.dll!GetCurrentThreadId --> Thunk @ 0066A2AC = kernel32.dll!DeleteCriticalSection --> Thunk @ 0066A2B0 = kernel32.dll!LeaveCriticalSection --> Thunk @ 0066A2B4 = kernel32.dll!EnterCriticalSection --> Thunk @ 0066A2B8 = kernel32.dll!InitializeCriticalSection --> Thunk @ 0066A2BC = kernel32.dll!VirtualFree --> Thunk @ 0066A2C0 = kernel32.dll!VirtualAlloc --> Thunk @ 0066A2C4 = kernel32.dll!LocalFree --> Thunk @ 0066A2C8 = kernel32.dll!LocalAlloc --> Thunk @ 0066A2CC = kernel32.dll!InterlockedDecrement --> Thunk @ 0066A2D0 = kernel32.dll!InterlockedIncrement --> Thunk @ 0066A2D4 = kernel32.dll!VirtualQuery --> Thunk @ 0066A2D8 = kernel32.dll!WideCharToMultiByte --> Thunk @ 0066A2DC = kernel32.dll!MultiByteToWideChar --> Thunk @ 0066A2E0 = kernel32.dll!lstrlenA --> Thunk @ 0066A2E4 = kernel32.dll!lstrcpynA --> Thunk @ 0066A2E8 = kernel32.dll!lstrcpyA --> Thunk @ 0066A2EC = kernel32.dll!LoadLibraryExA --> Thunk @ 0066A2F0 = kernel32.dll!GetThreadLocale --> Thunk @ 0066A2F4 = kernel32.dll!GetStartupInfoA --> Thunk @ 0066A2F8 = kernel32.dll!GetProcAddress --> Thunk @ 0066A2FC = kernel32.dll!GetModuleHandleA --> Thunk @ 0066A300 = kernel32.dll!GetModuleFileNameA --> Thunk @ 0066A304 = kernel32.dll!GetLocaleInfoA --> Thunk @ 0066A308 = kernel32.dll!GetLastError --> Thunk @ 0066A30C = kernel32.dll!GetCommandLineA --> Thunk @ 0066A310 = kernel32.dll!FreeLibrary --> Thunk @ 0066A314 = kernel32.dll!FindFirstFileA --> Thunk @ 0066A318 = kernel32.dll!FindClose --> Thunk @ 0066A31C = kernel32.dll!ExitProcess --> Thunk @ 0066A320 = kernel32.dll!ExitThread --> Thunk @ 0066A324 = kernel32.dll!CreateThread --> Thunk @ 0066A328 = kernel32.dll!WriteFile --> Thunk @ 0066A32C = kernel32.dll!UnhandledExceptionFilter --> Thunk @ 0066A330 = kernel32.dll!SetFilePointer --> Thunk @ 0066A334 = kernel32.dll!SetEndOfFile --> Thunk @ 0066A338 = kernel32.dll!RtlUnwind --> Thunk @ 0066A33C = kernel32.dll!ReadFile --> Thunk @ 0066A340 = kernel32.dll!RaiseException --> Thunk @ 0066A344 = kernel32.dll!GetStdHandle --> Thunk @ 0066A348 = kernel32.dll!GetFileSize --> Thunk @ 0066A34C = kernel32.dll!GetSystemTime --> Thunk @ 0066A350 = kernel32.dll!GetFileType --> Thunk @ 0066A354 = kernel32.dll!CreateFileA --> Thunk @ 0066A358 = kernel32.dll!CloseHandle --> Thunk @ 0066A360 = user32.dll!GetKeyboardType --> Thunk @ 0066A364 = user32.dll!LoadStringA --> Thunk @ 0066A368 = user32.dll!MessageBoxA --> Thunk @ 0066A36C = user32.dll!CharNextA --> Thunk @ 0066A374 = advapi32.dll!RegQueryValueExA --> Thunk @ 0066A378 = advapi32.dll!RegOpenKeyExA --> Thunk @ 0066A37C = advapi32.dll!RegCloseKey --> Thunk @ 0066A384 = oleaut32.dll!SafeArrayPutElement --> Thunk @ 0066A388 = oleaut32.dll!SafeArrayPtrOfIndex --> Thunk @ 0066A38C = oleaut32.dll!SafeArrayGetElement --> Thunk @ 0066A390 = oleaut32.dll!SafeArrayUnaccessData --> Thunk @ 0066A394 = oleaut32.dll!SafeArrayAccessData --> Thunk @ 0066A398 = oleaut32.dll!SafeArrayGetUBound --> Thunk @ 0066A39C = oleaut32.dll!SafeArrayCreate --> Thunk @ 0066A3A0 = oleaut32.dll!VariantChangeTypeEx --> Thunk @ 0066A3A4 = oleaut32.dll!VariantCopyInd --> Thunk @ 0066A3A8 = oleaut32.dll!VariantClear --> Thunk @ 0066A3AC = oleaut32.dll!SysStringLen --> Thunk @ 0066A3B0 = oleaut32.dll!SysFreeString --> Thunk @ 0066A3B4 = oleaut32.dll!SysReAllocStringLen --> Thunk @ 0066A3B8 = oleaut32.dll!SysAllocStringLen --> Thunk @ 0066A3C0 = kernel32.dll!TlsSetValue --> Thunk @ 0066A3C4 = kernel32.dll!TlsGetValue --> Thunk @ 0066A3C8 = kernel32.dll!LocalAlloc --> Thunk @ 0066A3CC = kernel32.dll!GetModuleHandleA --> Thunk @ 0066A3D0 = kernel32.dll!GetModuleFileNameA --> Thunk @ 0066A3D8 = borlndmm.dll!@Borlndmm@SysGetMem$qqri --> Thunk @ 0066A3E0 = kernel32.dll!GetProcAddress --> Thunk @ 0066A3E4 = kernel32.dll!GetModuleHandleA --> Thunk @ 0066A3EC = advapi32.dll!RegSetValueExA --> Thunk @ 0066A3F0 = advapi32.dll!RegQueryValueExA --> Thunk @ 0066A3F4 = advapi32.dll!RegQueryInfoKeyA --> Thunk @ 0066A3F8 = advapi32.dll!RegOpenKeyExA --> Thunk @ 0066A3FC = advapi32.dll!RegFlushKey --> Thunk @ 0066A400 = advapi32.dll!RegEnumValueA --> Thunk @ 0066A404 = advapi32.dll!RegEnumKeyExA --> Thunk @ 0066A408 = advapi32.dll!RegDeleteValueA --> Thunk @ 0066A40C = advapi32.dll!RegDeleteKeyA --> Thunk @ 0066A410 = advapi32.dll!RegCreateKeyExA --> Thunk @ 0066A414 = advapi32.dll!RegCloseKey --> Thunk @ 0066A41C = kernel32.dll!lstrcpyA --> Thunk @ 0066A420 = kernel32.dll!lstrcmpA --> Thunk @ 0066A424 = kernel32.dll!WritePrivateProfileStringA --> Thunk @ 0066A428 = kernel32.dll!WriteFile --> Thunk @ 0066A42C = kernel32.dll!WideCharToMultiByte --> Thunk @ 0066A430 = kernel32.dll!WaitForSingleObject --> Thunk @ 0066A434 = kernel32.dll!WaitForMultipleObjects --> Thunk @ 0066A438 = kernel32.dll!VirtualQueryEx --> Thunk @ 0066A43C = kernel32.dll!VirtualQuery --> Thunk @ 0066A440 = kernel32.dll!VirtualFree --> Thunk @ 0066A444 = kernel32.dll!VirtualAlloc --> Thunk @ 0066A448 = kernel32.dll!VerLanguageNameA --> Thunk @ 0066A44C = kernel32.dll!UnmapViewOfFile --> Thunk @ 0066A450 = kernel32.dll!TerminateThread --> Thunk @ 0066A454 = kernel32.dll!SystemTimeToFileTime --> Thunk @ 0066A458 = kernel32.dll!Sleep --> Thunk @ 0066A45C = kernel32.dll!SizeofResource --> Thunk @ 0066A460 = kernel32.dll!SetThreadPriority --> Thunk @ 0066A464 = kernel32.dll!SetThreadLocale --> Thunk @ 0066A468 = kernel32.dll!SetLastError --> Thunk @ 0066A46C = kernel32.dll!SetFilePointer --> Thunk @ 0066A470 = kernel32.dll!SetEvent --> Thunk @ 0066A474 = kernel32.dll!SetErrorMode --> Thunk @ 0066A478 = kernel32.dll!SetEndOfFile --> Thunk @ 0066A47C = kernel32.dll!SetCurrentDirectoryA --> Thunk @ 0066A480 = kernel32.dll!ResumeThread --> Thunk @ 0066A484 = kernel32.dll!ResetEvent --> Thunk @ 0066A488 = kernel32.dll!RemoveDirectoryA --> Thunk @ 0066A48C = kernel32.dll!ReleaseSemaphore --> Thunk @ 0066A490 = kernel32.dll!ReleaseMutex --> Thunk @ 0066A494 = kernel32.dll!ReadFile --> Thunk @ 0066A498 = kernel32.dll!QueryPerformanceFrequency --> Thunk @ 0066A49C = kernel32.dll!OutputDebugStringA --> Thunk @ 0066A4A0 = kernel32.dll!OpenProcess --> Thunk @ 0066A4A4 = kernel32.dll!MultiByteToWideChar --> Thunk @ 0066A4A8 = kernel32.dll!MulDiv --> Thunk @ 0066A4AC = kernel32.dll!MoveFileA --> Thunk @ 0066A4B0 = kernel32.dll!MapViewOfFile --> Thunk @ 0066A4B4 = kernel32.dll!LockResource --> Thunk @ 0066A4B8 = kernel32.dll!LoadResource --> Thunk @ 0066A4BC = kernel32.dll!LoadLibraryA --> Thunk @ 0066A4C0 = kernel32.dll!LeaveCriticalSection --> Thunk @ 0066A4C4 = kernel32.dll!IsBadReadPtr --> Thunk @ 0066A4C8 = kernel32.dll!IsBadCodePtr --> Thunk @ 0066A4CC = kernel32.dll!InitializeCriticalSectionAndSpinCount --> Thunk @ 0066A4D0 = kernel32.dll!InitializeCriticalSection --> Thunk @ 0066A4D4 = kernel32.dll!GlobalUnlock --> Thunk @ 0066A4D8 = kernel32.dll!GlobalSize --> Thunk @ 0066A4DC = kernel32.dll!GlobalReAlloc --> Thunk @ 0066A4E0 = kernel32.dll!GlobalHandle --> Thunk @ 0066A4E4 = kernel32.dll!GlobalLock --> Thunk @ 0066A4E8 = kernel32.dll!GlobalFree --> Thunk @ 0066A4EC = kernel32.dll!GlobalDeleteAtom --> Thunk @ 0066A4F0 = kernel32.dll!GlobalAlloc --> Thunk @ 0066A4F4 = kernel32.dll!GlobalAddAtomA --> Thunk @ 0066A4F8 = kernel32.dll!GetVolumeInformationA --> Thunk @ 0066A4FC = kernel32.dll!GetVersionExA --> Thunk @ 0066A500 = kernel32.dll!GetVersion --> Thunk @ 0066A504 = kernel32.dll!GetTimeZoneInformation --> Thunk @ 0066A508 = kernel32.dll!GetTimeFormatA --> Thunk @ 0066A50C = kernel32.dll!GetTickCount --> Thunk @ 0066A510 = kernel32.dll!GetThreadLocale --> Thunk @ 0066A514 = kernel32.dll!GetTempPathA --> Thunk @ 0066A518 = kernel32.dll!GetSystemTime --> Thunk @ 0066A51C = kernel32.dll!GetSystemInfo --> Thunk @ 0066A520 = kernel32.dll!GetStringTypeExA --> Thunk @ 0066A524 = kernel32.dll!GetProcAddress --> Thunk @ 0066A528 = kernel32.dll!GetPrivateProfileStringA --> Thunk @ 0066A52C = kernel32.dll!GetOverlappedResult --> Thunk @ 0066A530 = kernel32.dll!GetModuleHandleA --> Thunk @ 0066A534 = kernel32.dll!GetModuleFileNameA --> Thunk @ 0066A538 = kernel32.dll!GetLocaleInfoA --> Thunk @ 0066A53C = kernel32.dll!GetLocalTime --> Thunk @ 0066A540 = kernel32.dll!GetLastError --> Thunk @ 0066A544 = kernel32.dll!GetFileSize --> Thunk @ 0066A548 = kernel32.dll!GetFileAttributesExA --> Thunk @ 0066A54C = kernel32.dll!GetFileAttributesA --> Thunk @ 0066A550 = kernel32.dll!GetExitCodeThread --> Thunk @ 0066A554 = kernel32.dll!GetDriveTypeA --> Thunk @ 0066A558 = kernel32.dll!GetDiskFreeSpaceA --> Thunk @ 0066A55C = kernel32.dll!GetDateFormatA --> Thunk @ 0066A560 = kernel32.dll!GetCurrentThreadId --> Thunk @ 0066A564 = kernel32.dll!GetCurrentProcessId --> Thunk @ 0066A568 = kernel32.dll!GetCurrentProcess --> Thunk @ 0066A56C = kernel32.dll!GetComputerNameA --> Thunk @ 0066A570 = kernel32.dll!GetCPInfo --> Thunk @ 0066A574 = kernel32.dll!FreeResource --> Thunk @ 0066A578 = kernel32.dll!InterlockedIncrement --> Thunk @ 0066A57C = kernel32.dll!InterlockedExchangeAdd --> Thunk @ 0066A580 = kernel32.dll!InterlockedExchange --> Thunk @ 0066A584 = kernel32.dll!InterlockedDecrement --> Thunk @ 0066A588 = kernel32.dll!FreeLibrary --> Thunk @ 0066A58C = kernel32.dll!FormatMessageA --> Thunk @ 0066A590 = kernel32.dll!FlushFileBuffers --> Thunk @ 0066A594 = kernel32.dll!FindResourceA --> Thunk @ 0066A598 = kernel32.dll!FindNextFileA --> Thunk @ 0066A59C = kernel32.dll!FindFirstFileA --> Thunk @ 0066A5A0 = kernel32.dll!FindClose --> Thunk @ 0066A5A4 = kernel32.dll!FileTimeToSystemTime --> Thunk @ 0066A5A8 = kernel32.dll!FileTimeToLocalFileTime --> Thunk @ 0066A5AC = kernel32.dll!FileTimeToDosDateTime --> Thunk @ 0066A5B0 = kernel32.dll!EnumCalendarInfoA --> Thunk @ 0066A5B4 = kernel32.dll!EnterCriticalSection --> Thunk @ 0066A5B8 = kernel32.dll!DeleteFileA --> Thunk @ 0066A5BC = kernel32.dll!DeleteCriticalSection --> Thunk @ 0066A5C0 = kernel32.dll!CreateThread --> Thunk @ 0066A5C4 = kernel32.dll!CreateSemaphoreA --> Thunk @ 0066A5C8 = kernel32.dll!CreateMutexA --> Thunk @ 0066A5CC = kernel32.dll!CreateFileMappingA --> Thunk @ 0066A5D0 = kernel32.dll!CreateFileA --> Thunk @ 0066A5D4 = kernel32.dll!CreateEventA --> Thunk @ 0066A5D8 = kernel32.dll!CreateDirectoryA --> Thunk @ 0066A5DC = kernel32.dll!CompareStringA --> Thunk @ 0066A5E0 = kernel32.dll!CloseHandle --> Thunk @ 0066A5E8 = version.dll!VerQueryValueA --> Thunk @ 0066A5EC = version.dll!GetFileVersionInfoSizeA --> Thunk @ 0066A5F0 = version.dll!GetFileVersionInfoA --> Thunk @ 0066A5F8 = gdi32.dll!UpdateColors --> Thunk @ 0066A5FC = gdi32.dll!UnrealizeObject --> Thunk @ 0066A600 = gdi32.dll!StretchBlt --> Thunk @ 0066A604 = gdi32.dll!SetWindowOrgEx --> Thunk @ 0066A608 = gdi32.dll!SetWindowExtEx --> Thunk @ 0066A60C = gdi32.dll!SetWinMetaFileBits --> Thunk @ 0066A610 = gdi32.dll!SetViewportOrgEx --> Thunk @ 0066A614 = gdi32.dll!SetViewportExtEx --> Thunk @ 0066A618 = gdi32.dll!SetTextColor --> Thunk @ 0066A61C = gdi32.dll!SetTextAlign --> Thunk @ 0066A620 = gdi32.dll!SetStretchBltMode --> Thunk @ 0066A624 = gdi32.dll!SetROP2 --> Thunk @ 0066A628 = gdi32.dll!SetPixel --> Thunk @ 0066A62C = gdi32.dll!SetMapMode --> Thunk @ 0066A630 = gdi32.dll!SetEnhMetaFileBits --> Thunk @ 0066A634 = gdi32.dll!SetDIBits --> Thunk @ 0066A638 = gdi32.dll!SetDIBColorTable --> Thunk @ 0066A63C = gdi32.dll!SetBrushOrgEx --> Thunk @ 0066A640 = gdi32.dll!SetBkMode --> Thunk @ 0066A644 = gdi32.dll!SetBkColor --> Thunk @ 0066A648 = gdi32.dll!SelectPalette --> Thunk @ 0066A64C = gdi32.dll!SelectObject --> Thunk @ 0066A650 = gdi32.dll!SelectClipRgn --> Thunk @ 0066A654 = gdi32.dll!SaveDC --> Thunk @ 0066A658 = gdi32.dll!RoundRect --> Thunk @ 0066A65C = gdi32.dll!RestoreDC --> Thunk @ 0066A660 = gdi32.dll!Rectangle --> Thunk @ 0066A664 = gdi32.dll!RectVisible --> Thunk @ 0066A668 = gdi32.dll!RealizePalette --> Thunk @ 0066A66C = gdi32.dll!PtInRegion --> Thunk @ 0066A670 = gdi32.dll!Polyline --> Thunk @ 0066A674 = gdi32.dll!Polygon --> Thunk @ 0066A678 = gdi32.dll!PolyPolyline --> Thunk @ 0066A67C = gdi32.dll!PlayEnhMetaFile --> Thunk @ 0066A680 = gdi32.dll!PatBlt --> Thunk @ 0066A684 = gdi32.dll!PaintRgn --> Thunk @ 0066A688 = gdi32.dll!MoveToEx --> Thunk @ 0066A68C = gdi32.dll!MaskBlt --> Thunk @ 0066A690 = gdi32.dll!LineTo --> Thunk @ 0066A694 = gdi32.dll!LPtoDP --> Thunk @ 0066A698 = gdi32.dll!IntersectClipRect --> Thunk @ 0066A69C = gdi32.dll!GetWindowOrgEx --> Thunk @ 0066A6A0 = gdi32.dll!GetWinMetaFileBits --> Thunk @ 0066A6A4 = gdi32.dll!GetViewportOrgEx --> Thunk @ 0066A6A8 = gdi32.dll!GetTextMetricsA --> Thunk @ 0066A6AC = gdi32.dll!GetTextExtentPointA --> Thunk @ 0066A6B0 = gdi32.dll!GetTextExtentPoint32A --> Thunk @ 0066A6B4 = gdi32.dll!GetTextColor --> Thunk @ 0066A6B8 = gdi32.dll!GetTextAlign --> Thunk @ 0066A6BC = gdi32.dll!GetSystemPaletteEntries --> Thunk @ 0066A6C0 = gdi32.dll!GetStockObject --> Thunk @ 0066A6C4 = gdi32.dll!GetRgnBox --> Thunk @ 0066A6C8 = gdi32.dll!GetROP2 --> Thunk @ 0066A6CC = gdi32.dll!GetPixel --> Thunk @ 0066A6D0 = gdi32.dll!GetPaletteEntries --> Thunk @ 0066A6D4 = gdi32.dll!GetObjectType --> Thunk @ 0066A6D8 = gdi32.dll!GetObjectA --> Thunk @ 0066A6DC = gdi32.dll!GetNearestColor --> Thunk @ 0066A6E0 = gdi32.dll!GetEnhMetaFilePaletteEntries --> Thunk @ 0066A6E4 = gdi32.dll!GetEnhMetaFileHeader --> Thunk @ 0066A6E8 = gdi32.dll!GetEnhMetaFileBits --> Thunk @ 0066A6EC = gdi32.dll!GetDeviceCaps --> Thunk @ 0066A6F0 = gdi32.dll!GetDIBits --> Thunk @ 0066A6F4 = gdi32.dll!GetDIBColorTable --> Thunk @ 0066A6F8 = gdi32.dll!GetDCOrgEx --> Thunk @ 0066A6FC = gdi32.dll!GetCurrentPositionEx --> Thunk @ 0066A700 = gdi32.dll!GetCurrentObject --> Thunk @ 0066A704 = gdi32.dll!GetClipRgn --> Thunk @ 0066A708 = gdi32.dll!GetClipBox --> Thunk @ 0066A70C = gdi32.dll!GetBrushOrgEx --> Thunk @ 0066A710 = gdi32.dll!GetBkMode --> Thunk @ 0066A714 = gdi32.dll!GetBkColor --> Thunk @ 0066A718 = gdi32.dll!GetBitmapBits --> Thunk @ 0066A71C = gdi32.dll!GdiFlush --> Thunk @ 0066A720 = gdi32.dll!FrameRgn --> Thunk @ 0066A724 = gdi32.dll!ExtTextOutA --> Thunk @ 0066A728 = gdi32.dll!ExtSelectClipRgn --> Thunk @ 0066A72C = gdi32.dll!ExtCreatePen --> Thunk @ 0066A730 = gdi32.dll!ExcludeClipRect --> Thunk @ 0066A734 = gdi32.dll!Ellipse --> Thunk @ 0066A738 = gdi32.dll!DeleteObject --> Thunk @ 0066A73C = gdi32.dll!DeleteEnhMetaFile --> Thunk @ 0066A740 = gdi32.dll!DeleteDC --> Thunk @ 0066A744 = gdi32.dll!CreateSolidBrush --> Thunk @ 0066A748 = gdi32.dll!CreateRectRgnIndirect --> Thunk @ 0066A74C = gdi32.dll!CreateRectRgn --> Thunk @ 0066A750 = gdi32.dll!CreatePolygonRgn --> Thunk @ 0066A754 = gdi32.dll!CreatePenIndirect --> Thunk @ 0066A758 = gdi32.dll!CreatePen --> Thunk @ 0066A75C = gdi32.dll!CreatePatternBrush --> Thunk @ 0066A760 = gdi32.dll!CreatePalette --> Thunk @ 0066A764 = gdi32.dll!CreateHalftonePalette --> Thunk @ 0066A768 = gdi32.dll!CreateFontIndirectA --> Thunk @ 0066A76C = gdi32.dll!CreateEllipticRgn --> Thunk @ 0066A770 = gdi32.dll!CreateDIBitmap --> Thunk @ 0066A774 = gdi32.dll!CreateDIBSection --> Thunk @ 0066A778 = gdi32.dll!CreateCompatibleDC --> Thunk @ 0066A77C = gdi32.dll!CreateCompatibleBitmap --> Thunk @ 0066A780 = gdi32.dll!CreateBrushIndirect --> Thunk @ 0066A784 = gdi32.dll!CreateBitmap --> Thunk @ 0066A788 = gdi32.dll!CopyEnhMetaFileA --> Thunk @ 0066A78C = gdi32.dll!CombineRgn --> Thunk @ 0066A790 = gdi32.dll!BitBlt --> Thunk @ 0066A798 = user32.dll!WindowFromPoint --> Thunk @ 0066A79C = user32.dll!WinHelpA --> Thunk @ 0066A7A0 = user32.dll!WaitMessage --> Thunk @ 0066A7A4 = user32.dll!VkKeyScanA --> Thunk @ 0066A7A8 = user32.dll!ValidateRect --> Thunk @ 0066A7AC = user32.dll!UpdateWindow --> Thunk @ 0066A7B0 = user32.dll!UnregisterClassA --> Thunk @ 0066A7B4 = user32.dll!UnionRect --> Thunk @ 0066A7B8 = user32.dll!UnhookWindowsHookEx --> Thunk @ 0066A7BC = user32.dll!TranslateMessage --> Thunk @ 0066A7C0 = user32.dll!TranslateMDISysAccel --> Thunk @ 0066A7C4 = user32.dll!TrackPopupMenu --> Thunk @ 0066A7C8 = user32.dll!SystemParametersInfoA --> Thunk @ 0066A7CC = user32.dll!ShowWindow --> Thunk @ 0066A7D0 = user32.dll!ShowScrollBar --> Thunk @ 0066A7D4 = user32.dll!ShowOwnedPopups --> Thunk @ 0066A7D8 = user32.dll!ShowCursor --> Thunk @ 0066A7DC = user32.dll!ShowCaret --> Thunk @ 0066A7E0 = user32.dll!SetWindowRgn --> Thunk @ 0066A7E4 = user32.dll!SetWindowsHookExA --> Thunk @ 0066A7E8 = user32.dll!SetWindowTextA --> Thunk @ 0066A7EC = user32.dll!SetWindowPos --> Thunk @ 0066A7F0 = user32.dll!SetWindowPlacement --> Thunk @ 0066A7F4 = user32.dll!SetWindowLongA --> Thunk @ 0066A7F8 = user32.dll!SetTimer --> Thunk @ 0066A7FC = user32.dll!SetScrollRange --> Thunk @ 0066A800 = user32.dll!SetScrollPos --> Thunk @ 0066A804 = user32.dll!SetScrollInfo --> Thunk @ 0066A808 = user32.dll!SetRectEmpty --> Thunk @ 0066A80C = user32.dll!SetRect --> Thunk @ 0066A810 = user32.dll!SetPropA --> Thunk @ 0066A814 = user32.dll!SetParent --> Thunk @ 0066A818 = user32.dll!SetMenuItemInfoA --> Thunk @ 0066A81C = user32.dll!SetMenu --> Thunk @ 0066A820 = user32.dll!SetKeyboardState --> Thunk @ 0066A824 = user32.dll!SetForegroundWindow --> Thunk @ 0066A828 = user32.dll!SetFocus --> Thunk @ 0066A82C = user32.dll!SetCursor --> Thunk @ 0066A830 = user32.dll!SetClipboardViewer --> Thunk @ 0066A834 = user32.dll!SetClipboardData --> Thunk @ 0066A838 = user32.dll!SetClassLongA --> Thunk @ 0066A83C = user32.dll!SetCapture --> Thunk @ 0066A840 = user32.dll!SetActiveWindow --> Thunk @ 0066A844 = user32.dll!SendMessageA --> Thunk @ 0066A848 = user32.dll!ScrollWindowEx --> Thunk @ 0066A84C = user32.dll!ScrollWindow --> Thunk @ 0066A850 = user32.dll!ScreenToClient --> Thunk @ 0066A854 = user32.dll!RemovePropA --> Thunk @ 0066A858 = user32.dll!RemoveMenu --> Thunk @ 0066A85C = user32.dll!ReleaseDC --> Thunk @ 0066A860 = user32.dll!ReleaseCapture --> Thunk @ 0066A864 = user32.dll!RegisterWindowMessageA --> Thunk @ 0066A868 = user32.dll!RegisterClipboardFormatA --> Thunk @ 0066A86C = user32.dll!RegisterClassA --> Thunk @ 0066A870 = user32.dll!RedrawWindow --> Thunk @ 0066A874 = user32.dll!PtInRect --> Thunk @ 0066A878 = user32.dll!PostQuitMessage --> Thunk @ 0066A87C = user32.dll!PostMessageA --> Thunk @ 0066A880 = user32.dll!PeekMessageA --> Thunk @ 0066A884 = user32.dll!OpenClipboard --> Thunk @ 0066A888 = user32.dll!OffsetRect --> Thunk @ 0066A88C = user32.dll!OemToCharA --> Thunk @ 0066A890 = user32.dll!MsgWaitForMultipleObjects --> Thunk @ 0066A894 = user32.dll!MessageBoxA --> Thunk @ 0066A898 = user32.dll!MessageBeep --> Thunk @ 0066A89C = user32.dll!MapWindowPoints --> Thunk @ 0066A8A0 = user32.dll!MapVirtualKeyA --> Thunk @ 0066A8A4 = user32.dll!LoadStringA --> Thunk @ 0066A8A8 = user32.dll!LoadKeyboardLayoutA --> Thunk @ 0066A8AC = user32.dll!LoadIconA --> Thunk @ 0066A8B0 = user32.dll!LoadCursorA --> Thunk @ 0066A8B4 = user32.dll!LoadBitmapA --> Thunk @ 0066A8B8 = user32.dll!KillTimer --> Thunk @ 0066A8BC = user32.dll!IsZoomed --> Thunk @ 0066A8C0 = user32.dll!IsWindowVisible --> Thunk @ 0066A8C4 = user32.dll!IsWindowEnabled --> Thunk @ 0066A8C8 = user32.dll!IsWindow --> Thunk @ 0066A8CC = user32.dll!IsRectEmpty --> Thunk @ 0066A8D0 = user32.dll!IsIconic --> Thunk @ 0066A8D4 = user32.dll!IsDialogMessageA --> Thunk @ 0066A8D8 = user32.dll!IsClipboardFormatAvailable --> Thunk @ 0066A8DC = user32.dll!IsChild --> Thunk @ 0066A8E0 = user32.dll!IsCharAlphaNumericA --> Thunk @ 0066A8E4 = user32.dll!IsCharAlphaA --> Thunk @ 0066A8E8 = user32.dll!InvertRect --> Thunk @ 0066A8EC = user32.dll!InvalidateRect --> Thunk @ 0066A8F0 = user32.dll!IntersectRect --> Thunk @ 0066A8F4 = user32.dll!InsertMenuItemA --> Thunk @ 0066A8F8 = user32.dll!InsertMenuA --> Thunk @ 0066A8FC = user32.dll!InflateRect --> Thunk @ 0066A900 = user32.dll!HideCaret --> Thunk @ 0066A904 = user32.dll!GetWindowThreadProcessId --> Thunk @ 0066A908 = user32.dll!GetWindowTextA --> Thunk @ 0066A90C = user32.dll!GetWindowRect --> Thunk @ 0066A910 = user32.dll!GetWindowPlacement --> Thunk @ 0066A914 = user32.dll!GetWindowLongA --> Thunk @ 0066A918 = user32.dll!GetWindowDC --> Thunk @ 0066A91C = user32.dll!GetTopWindow --> Thunk @ 0066A920 = user32.dll!GetSystemMetrics --> Thunk @ 0066A924 = user32.dll!GetSystemMenu --> Thunk @ 0066A928 = user32.dll!GetSysColorBrush --> Thunk @ 0066A92C = user32.dll!GetSysColor --> Thunk @ 0066A930 = user32.dll!GetSubMenu --> Thunk @ 0066A934 = user32.dll!GetScrollRange --> Thunk @ 0066A938 = user32.dll!GetScrollPos --> Thunk @ 0066A93C = user32.dll!GetScrollInfo --> Thunk @ 0066A940 = user32.dll!GetPropA --> Thunk @ 0066A944 = user32.dll!GetParent --> Thunk @ 0066A948 = user32.dll!GetWindow --> Thunk @ 0066A94C = user32.dll!GetMessageTime --> Thunk @ 0066A950 = user32.dll!GetMessagePos --> Thunk @ 0066A954 = user32.dll!GetMessageA --> Thunk @ 0066A958 = user32.dll!GetMenuStringA --> Thunk @ 0066A95C = user32.dll!GetMenuState --> Thunk @ 0066A960 = user32.dll!GetMenuItemInfoA --> Thunk @ 0066A964 = user32.dll!GetMenuItemID --> Thunk @ 0066A968 = user32.dll!GetMenuItemCount --> Thunk @ 0066A96C = user32.dll!GetMenuDefaultItem --> Thunk @ 0066A970 = user32.dll!GetMenu --> Thunk @ 0066A974 = user32.dll!GetLastActivePopup --> Thunk @ 0066A978 = user32.dll!GetKeyboardState --> Thunk @ 0066A97C = user32.dll!GetKeyboardLayoutList --> Thunk @ 0066A980 = user32.dll!GetKeyboardLayout --> Thunk @ 0066A984 = user32.dll!GetKeyState --> Thunk @ 0066A988 = user32.dll!GetKeyNameTextA --> Thunk @ 0066A98C = user32.dll!GetIconInfo --> Thunk @ 0066A990 = user32.dll!GetForegroundWindow --> Thunk @ 0066A994 = user32.dll!GetFocus --> Thunk @ 0066A998 = user32.dll!GetDoubleClickTime --> Thunk @ 0066A99C = user32.dll!GetDlgItem --> Thunk @ 0066A9A0 = user32.dll!GetDesktopWindow --> Thunk @ 0066A9A4 = user32.dll!GetDCEx --> Thunk @ 0066A9A8 = user32.dll!GetDC --> Thunk @ 0066A9AC = user32.dll!GetCursorPos --> Thunk @ 0066A9B0 = user32.dll!GetCursor --> Thunk @ 0066A9B4 = user32.dll!GetClipboardData --> Thunk @ 0066A9B8 = user32.dll!GetClientRect --> Thunk @ 0066A9BC = user32.dll!GetClassNameA --> Thunk @ 0066A9C0 = user32.dll!GetClassLongA --> Thunk @ 0066A9C4 = user32.dll!GetClassInfoA --> Thunk @ 0066A9C8 = user32.dll!GetCaretPos --> Thunk @ 0066A9CC = user32.dll!GetCapture --> Thunk @ 0066A9D0 = user32.dll!GetAsyncKeyState --> Thunk @ 0066A9D4 = user32.dll!GetActiveWindow --> Thunk @ 0066A9D8 = user32.dll!FrameRect --> Thunk @ 0066A9DC = user32.dll!FindWindowA --> Thunk @ 0066A9E0 = user32.dll!FillRect --> Thunk @ 0066A9E4 = user32.dll!EqualRect --> Thunk @ 0066A9E8 = user32.dll!EnumWindows --> Thunk @ 0066A9EC = user32.dll!EnumThreadWindows --> Thunk @ 0066A9F0 = user32.dll!EnumClipboardFormats --> Thunk @ 0066A9F4 = user32.dll!EndPaint --> Thunk @ 0066A9F8 = user32.dll!EnableWindow --> Thunk @ 0066A9FC = user32.dll!EnableScrollBar --> Thunk @ 0066AA00 = user32.dll!EnableMenuItem --> Thunk @ 0066AA04 = user32.dll!EmptyClipboard --> Thunk @ 0066AA08 = user32.dll!DrawTextA --> Thunk @ 0066AA0C = user32.dll!DrawMenuBar --> Thunk @ 0066AA10 = user32.dll!DrawIconEx --> Thunk @ 0066AA14 = user32.dll!DrawIcon --> Thunk @ 0066AA18 = user32.dll!DrawFrameControl --> Thunk @ 0066AA1C = user32.dll!DrawFocusRect --> Thunk @ 0066AA20 = user32.dll!DrawEdge --> Thunk @ 0066AA24 = user32.dll!DragDetect --> Thunk @ 0066AA28 = user32.dll!DispatchMessageA --> Thunk @ 0066AA2C = user32.dll!DestroyWindow --> Thunk @ 0066AA30 = user32.dll!DestroyMenu --> Thunk @ 0066AA34 = user32.dll!DestroyIcon --> Thunk @ 0066AA38 = user32.dll!DestroyCursor --> Thunk @ 0066AA3C = user32.dll!DeleteMenu --> Thunk @ 0066AA40 = user32.dll!DefWindowProcA --> Thunk @ 0066AA44 = user32.dll!DefMDIChildProcA --> Thunk @ 0066AA48 = user32.dll!DefFrameProcA --> Thunk @ 0066AA4C = user32.dll!CreateWindowExA --> Thunk @ 0066AA50 = user32.dll!CreatePopupMenu --> Thunk @ 0066AA54 = user32.dll!CreateMenu --> Thunk @ 0066AA58 = user32.dll!CreateIcon --> Thunk @ 0066AA5C = user32.dll!CopyImage --> Thunk @ 0066AA60 = user32.dll!CloseClipboard --> Thunk @ 0066AA64 = user32.dll!ClientToScreen --> Thunk @ 0066AA68 = user32.dll!ChildWindowFromPointEx --> Thunk @ 0066AA6C = user32.dll!ChildWindowFromPoint --> Thunk @ 0066AA70 = user32.dll!CheckMenuItem --> Thunk @ 0066AA74 = user32.dll!ChangeClipboardChain --> Thunk @ 0066AA78 = user32.dll!CallWindowProcA --> Thunk @ 0066AA7C = user32.dll!CallNextHookEx --> Thunk @ 0066AA80 = user32.dll!BeginPaint --> Thunk @ 0066AA84 = user32.dll!CharNextA --> Thunk @ 0066AA88 = user32.dll!CharLowerBuffA --> Thunk @ 0066AA8C = user32.dll!CharLowerA --> Thunk @ 0066AA90 = user32.dll!CharUpperBuffA --> Thunk @ 0066AA94 = user32.dll!AdjustWindowRectEx --> Thunk @ 0066AA98 = user32.dll!ActivateKeyboardLayout --> Thunk @ 0066AAA0 = ole32.dll!CoTaskMemFree --> Thunk @ 0066AAA4 = ole32.dll!CoCreateGuid --> Thunk @ 0066AAA8 = ole32.dll!CLSIDFromString --> Thunk @ 0066AAAC = ole32.dll!StringFromCLSID --> Thunk @ 0066AAB0 = ole32.dll!CoUninitialize --> Thunk @ 0066AAB4 = ole32.dll!CoInitialize --> Thunk @ 0066AAB8 = ole32.dll!IsEqualGUID --> Thunk @ 0066AAC0 = oleaut32.dll!GetErrorInfo --> Thunk @ 0066AAC4 = oleaut32.dll!SysFreeString --> Thunk @ 0066AACC = comctl32.dll!InitializeFlatSB --> Thunk @ 0066AAD0 = comctl32.dll!FlatSB_ShowScrollBar --> Thunk @ 0066AAD4 = comctl32.dll!FlatSB_SetScrollProp --> Thunk @ 0066AAD8 = comctl32.dll!FlatSB_SetScrollInfo --> Thunk @ 0066AADC = comctl32.dll!ImageList_SetIconSize --> Thunk @ 0066AAE0 = comctl32.dll!ImageList_GetIconSize --> Thunk @ 0066AAE4 = comctl32.dll!ImageList_Write --> Thunk @ 0066AAE8 = comctl32.dll!ImageList_Read --> Thunk @ 0066AAEC = comctl32.dll!ImageList_GetDragImage --> Thunk @ 0066AAF0 = comctl32.dll!ImageList_DragShowNolock --> Thunk @ 0066AAF4 = comctl32.dll!ImageList_SetDragCursorImage --> Thunk @ 0066AAF8 = comctl32.dll!ImageList_DragMove --> Thunk @ 0066AAFC = comctl32.dll!ImageList_DragLeave --> Thunk @ 0066AB00 = comctl32.dll!ImageList_DragEnter --> Thunk @ 0066AB04 = comctl32.dll!ImageList_EndDrag --> Thunk @ 0066AB08 = comctl32.dll!ImageList_BeginDrag --> Thunk @ 0066AB0C = comctl32.dll!ImageList_GetIcon --> Thunk @ 0066AB10 = comctl32.dll!ImageList_Remove --> Thunk @ 0066AB14 = comctl32.dll!ImageList_DrawEx --> Thunk @ 0066AB18 = comctl32.dll!ImageList_Replace --> Thunk @ 0066AB1C = comctl32.dll!ImageList_Draw --> Thunk @ 0066AB20 = comctl32.dll!ImageList_GetBkColor --> Thunk @ 0066AB24 = comctl32.dll!ImageList_SetBkColor --> Thunk @ 0066AB28 = comctl32.dll!ImageList_ReplaceIcon --> Thunk @ 0066AB2C = comctl32.dll!ImageList_Add --> Thunk @ 0066AB30 = comctl32.dll!ImageList_GetImageCount --> Thunk @ 0066AB34 = comctl32.dll!ImageList_Destroy --> Thunk @ 0066AB38 = comctl32.dll!ImageList_Create --> Thunk @ 0066AB3C = comctl32.dll!InitCommonControls --> Thunk @ 0066AB44 = shell32.dll!Shell_NotifyIconA --> Thunk @ 0066AB48 = shell32.dll!ShellExecuteA --> Thunk @ 0066AB50 = wininet.dll!InternetGetConnectedState --> Thunk @ 0066AB54 = wininet.dll!InternetAutodial --> Thunk @ 0066AB5C = IMAGEHLP.DLL!UnMapAndLoad --> Thunk @ 0066AB60 = IMAGEHLP.DLL!ImageRvaToSection --> Thunk @ 0066AB64 = IMAGEHLP.DLL!ImageDirectoryEntryToData --> Thunk @ 0066AB6C = imagehlp.dll!ImageRvaToVa --> Thunk @ 0066AB74 = comdlg32.dll!GetSaveFileNameA --> Thunk @ 0066AB78 = comdlg32.dll!GetOpenFileNameA --> Thunk @ 0066AB80 = winmm.dll!timeGetTime --> Thunk @ 0066AB84 = winmm.dll!PlaySoundA --> Thunk @ 0066AB8C = kernel32.dll!InterlockedDecrement --> Thunk @ 0066AB90 = kernel32.dll!InterlockedIncrement --> Thunk @ 0066AB94 = kernel32.dll!InterlockedExchangeAdd --> Thunk @ 0066AB98 = kernel32.dll!InterlockedExchange --> Thunk @ 0066ABA0 = ws2_32.dll!WSASocketA --> Thunk @ 0066ABA4 = ws2_32.dll!WSASend --> Thunk @ 0066ABA8 = ws2_32.dll!WSARecv --> Thunk @ 0066ABAC = ws2_32.dll!WSAGetOverlappedResult --> Thunk @ 0066ABB0 = ws2_32.dll!WSAEventSelect --> Thunk @ 0066ABB4 = ws2_32.dll!WSAGetLastError --> Thunk @ 0066ABB8 = ws2_32.dll!WSACleanup --> Thunk @ 0066ABBC = ws2_32.dll!WSAStartup --> Thunk @ 0066ABC0 = ws2_32.dll!gethostbyname --> Thunk @ 0066ABC4 = ws2_32.dll!shutdown --> Thunk @ 0066ABC8 = ws2_32.dll!ntohs --> Thunk @ 0066ABCC = ws2_32.dll!listen --> Thunk @ 0066ABD0 = ws2_32.dll!inet_addr --> Thunk @ 0066ABD4 = ws2_32.dll!htons --> Thunk @ 0066ABD8 = ws2_32.dll!closesocket --> Thunk @ 0066ABDC = ws2_32.dll!bind --> Thunk @ 0066ABE0 = ws2_32.dll!accept --> Thunk @ 0066ABE8 = kernel32.dll!InterlockedExchangeAdd --> Thunk @ 0066ABEC = kernel32.dll!InterlockedExchange --> Thunk @ 0066ABF0 = kernel32.dll!InterlockedIncrement --> Thunk @ 0066ABF8 = kernel32.dll!SetFilePointer --> Thunk @ 0066AC00 = ODBCCP32.DLL!SQLValidDSN --> Thunk @ 0066AC08 = ODBC32.DLL!SQLSpecialColumns --> Thunk @ 0066AC0C = ODBC32.DLL!SQLSetStmtAttr --> Thunk @ 0066AC10 = ODBC32.DLL!SQLSetPos --> Thunk @ 0066AC14 = ODBC32.DLL!SQLSetEnvAttr --> Thunk @ 0066AC18 = ODBC32.DLL!SQLSetDescField --> Thunk @ 0066AC1C = ODBC32.DLL!SQLSetConnectAttr --> Thunk @ 0066AC20 = ODBC32.DLL!SQLRowCount --> Thunk @ 0066AC24 = ODBC32.DLL!SQLPutData --> Thunk @ 0066AC28 = ODBC32.DLL!SQLProcedures --> Thunk @ 0066AC2C = ODBC32.DLL!SQLProcedureColumns --> Thunk @ 0066AC30 = ODBC32.DLL!SQLPrimaryKeys --> Thunk @ 0066AC34 = ODBC32.DLL!SQLPrepare --> Thunk @ 0066AC38 = ODBC32.DLL!SQLParamData --> Thunk @ 0066AC3C = ODBC32.DLL!SQLNumResultCols --> Thunk @ 0066AC40 = ODBC32.DLL!SQLGetStmtAttr --> Thunk @ 0066AC44 = ODBC32.DLL!SQLGetInfo --> Thunk @ 0066AC48 = ODBC32.DLL!SQLGetFunctions --> Thunk @ 0066AC4C = ODBC32.DLL!SQLGetEnvAttr --> Thunk @ 0066AC50 = ODBC32.DLL!SQLGetDiagRec --> Thunk @ 0066AC54 = ODBC32.DLL!SQLGetDiagField --> Thunk @ 0066AC58 = ODBC32.DLL!SQLGetData --> Thunk @ 0066AC5C = ODBC32.DLL!SQLGetCursorName --> Thunk @ 0066AC60 = ODBC32.DLL!SQLGetConnectAttr --> Thunk @ 0066AC64 = ODBC32.DLL!SQLFreeStmt --> Thunk @ 0066AC68 = ODBC32.DLL!SQLFreeHandle --> Thunk @ 0066AC6C = ODBC32.DLL!SQLFetchScroll --> Thunk @ 0066AC70 = ODBC32.DLL!SQLFetch --> Thunk @ 0066AC74 = ODBC32.DLL!SQLExecute --> Thunk @ 0066AC78 = ODBC32.DLL!SQLExecDirect --> Thunk @ 0066AC7C = ODBC32.DLL!SQLDriverConnect --> Thunk @ 0066AC80 = ODBC32.DLL!SQLDisconnect --> Thunk @ 0066AC84 = ODBC32.DLL!SQLDescribeParam --> Thunk @ 0066AC88 = ODBC32.DLL!SQLDescribeCol --> Thunk @ 0066AC8C = ODBC32.DLL!SQLConnect --> Thunk @ 0066AC90 = ODBC32.DLL!SQLColAttribute --> Thunk @ 0066AC94 = ODBC32.DLL!SQLBulkOperations --> Thunk @ 0066AC98 = ODBC32.DLL!SQLBindParameter --> Thunk @ 0066AC9C = ODBC32.DLL!SQLBindCol --> Thunk @ 0066ACA0 = ODBC32.DLL!SQLAllocHandle --> Thunk @ 0066ACA8 = kernel32.dll!MulDiv --> Thunk @ 0066ACB0 = HHCtrl.ocx!HtmlHelpA --> Thunk @ 0066ACB8 = asidbe.dll!Ordinal0000009E --> Thunk @ 0066ACBC = asidbe.dll!Ordinal0000008F --> Thunk @ 0066ACC0 = asidbe.dll!Ordinal0000007C --> Thunk @ 0066ACC4 = asidbe.dll!Ordinal00000075 --> Thunk @ 0066ACC8 = asidbe.dll!Ordinal0000005D --> Thunk @ 0066ACCC = asidbe.dll!Ordinal0000004E --> Thunk @ 0066ACD0 = asidbe.dll!Ordinal00000040 --> Thunk @ 0066ACD4 = asidbe.dll!Ordinal0000002B --> Thunk @ 0066ACD8 = asidbe.dll!Ordinal0000000F --> Thunk @ 0066ACDC = asidbe.dll!Ordinal0000000E --> Thunk @ 0066ACE4 = mosecur.dll!GetInfo --> Thunk @ 0066ACE8 = mosecur.dll!RegisterTrialApplicationDlg --> Thunk @ 0066ACF0 = ole32.dll!CoUninitialize --> Thunk @ 0066ACF4 = ole32.dll!CoInitialize --> Thunk @ 0066ACFC = shell32.dll!SHGetMalloc Call OEP hooked... --> 010BCA39 --> 010BCA56 New Thread created. ID: 00001384 OEP resolved to: 0065E794 Scanning for potential Nanomites... --> Analyzing Int3 @ 004010C8 --> No Nanomites Used... Aborting Nanomite Scan... Resolving Nanomites... Dumping PE Sections... Done. I did all of this in 15 seconds! |
|
[讨论]关于ESP定律
不好意思,我现在又有问题了。(刚才那个基本算是明白了,那个ESP和EIP的作用除外。) 针对原作者这句话,我有点不解。 >>>>>>>>>>>>>>>> 首先,告诉你一条经验也是事实---当PE文件运行开始的时候,也就是进入壳的第一行代码的时候。寄存器的值总是上面的那些值,不信你自己去试试!而当到达OEP后,绝大多的程序都第一句都是压栈!(除了BC编写的程序,BC一般是在下面几句压栈) <<<<<<<<<<<<<<<< 他说,“当到达OEP后,绝大多的程序都第一句都是压栈!”我怎么觉得应该是这样的,先弹栈,再JMP到OEP啊? 看这张图: 里面明明是先popad,然后是那行OEP嘛。 有谁来指出我的错误? |
|
[讨论]关于ESP定律
最初由 zzCherring 发布 嗯,谢谢你。我喜欢用skype。我在取名字时,乱取的话,也喜欢用zz_,比如zz_beauty,以前乱用过。 作者所说的:1.向堆栈中压入下一行程序的地址; 我现在想了想,汇编和普通的高级语言编程确实应该是不一样的。 0xA: call 0xC OxB: some instruction 这样的话,在高级语言中没有"向堆栈中压入下一行程序的地址"这么一说的,可能实质上还是存在的,但对普通用户来说,这个东西是透明的,根本不用想管,或是想象。 但在汇编中,流程是这样的: 到了0xA处,它要执行 call 0xC。要转至0xC处的一段代码。但,要先把下一步的地址0xB压入一个栈中(你说是EIP?),然后才真正地转到0xC处,即作者说的 JMP 0xC。这段代码结束了,要通过RET(这个是return的缩写吧?)返回时,把0xB的值从栈中弹出。于是,代码就接着从0xB处继续,对吧? 现在好象完全明白过来了!谢谢。 关于ESP定律,在这个页面上有: http://www.pediy.com/bbshtml/BBS6/pediy6083.htm |
|
[讨论]关于ESP定律
最初由 skype 发布 ESP E* Stack Pointer Register? EIP E* Instruction Pointer Register? |
|
|
|
[求助]关于Armadillo
我应该如何修改这个已经被脱的程序,才能把那个广告程序删掉呀? 不需要做破解注册之类的,只需要把上来就弹广告的程序弄掉就可以了。 我以前只用过ResHacker修改一些资源而改,没遇上过这么的例子。请大家教教我吧?先谢谢了 |
|
[求助]关于Armadillo
最初由 bestchao 发布 这个论坛好bt啊,一天只让我发5贴。我昨晚就想发这个的,结果发现被锁了,只好今天一下班就回来发。 overlay我昨天问过的,不过觉得听得一知半解的。当时不是说是附加数据吗?我不懂,当时还问什么是附加数据。那位朋友给的例子倒是蛮生动的,只是到了.exe文件里是什么概念,我不太懂。 朋友你能不能给点指示啊?我现在只会大致地用一下W32ASM和OD。本人觉得自己电脑水平不算差,不过只是以前从没有接触过这些软件罢了。 而且我读大学时,没发现这个好地方,不然我早成破解高手了。说不定我的工作和人生也改变了。。。 话扯远了,朋友,指点一下吧。 |
|
[求助]Overlay
最初由 bestchao 发布 你这个比喻蛮生动的。就像现在一些自己能播放的东西,比如一个flash转成的.exe文件。嗯,这个问题先到这里吧,不想再问了。再问要被人骂了。呵呵。 |
|
[求助]Overlay
最初由 skylly 发布 不好意思,比较笨。不是程序员出身。那附加的可能是一些什么数据呢?如果能举几个例子出来就好了。就是附加了些什么东西上去了呢?为什么要加附加呢? 谢谢:) |
|
[求助]新人入行的问题。
其实我的意思是: 从0开始,应该要一步一步来吧? 那么,从最简单的例子,一个一个来,逐渐成长。 现在的问题是,一上来就这么难,或我的意思是说没有比较简单的例子,我想从最简单的开始学起。 我有一定的电脑基础的。不是电脑盲,有一定的自信,才到这里来学的,嗯。希望大家给点意见,谢谢。 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值