|
[求助]关于按键精灵的网络验证破解思路
6.8.1商业版我已经找到问题了 6.8.4的又让我迷惑了!! 为什么貌似过了验证,却和没验证一样 热键起动不了外挂呢 |
|
|
|
[求助]WinLicense V1.8.5.5 精细汉化版――游戏 不解的问题
最不帮忙 版本主 告诉我一下好吗? |
|
[求助]关于按键精灵的网络验证破解思路
想学习就加我 一起研究了! |
|
[原创]WinLicense V1.8.5.5 精细汉化版――游戏
伤心的是 现在 下了 用不了了 不是有效的WIN32F运行程序 |
|
[讨论]破解按键精灵6.83版本中时间限制问题
互相沟通 QQ:42805440 天天学习 好好向上! 加好友注明学习! |
|
[求助]关于按键精灵的小精灵脱壳问题
再顶 楼主 能加QQ聊聊不? 42805440 |
|
请高人指点按键精灵生成的小精灵破解思路,壳已脱,认证部份好像在附加数据里
楼主 告诉我脱壳的过程或方法或你所说文章地址吗 我的QQ 42805440 谢谢!在线等待 |
|
[求助]为什么依然不能用? 大家帮忙看看
又忙了一下午还是没找到OEP 有人指点下吗? QQ 42805440 新手入门 请好心的朋友帮我一下!! 谢谢 跪求 |
|
[求助]为什么依然不能用? 大家帮忙看看
如何断定哪儿才是真正的OEP? |
|
[求助]为什么依然不能用? 大家帮忙看看
由于是个DLL文件 再跟下去一会就返回到DLLLOADER了! 还在偿试中!。。。。希望能给个好方法 |
|
[求助]为什么依然不能用? 大家帮忙看看
由于我现在的权限不能上传附件 简单的说一下过程吧 文件名为p.dll 我试过附加进程 没有成功 无奈 直接加载DLL文件脱壳 用PEID判断是 PESPIN0。3X-1。XX 试着自己手动脱 挫败N次 最后找到skylly提供的脚本 果然可以正常走下去 找到OEP 但代码是: 00B49CB0 90 nop 00B49CB1 90 nop 00B49CB2 90 nop 00B49CB3 90 nop 00B49CB4 61 popad 00B49CB5 85C9 test ecx, ecx ; OEP ////脚本找到的 00B49CB7 F7C0 E51EFF84 test eax, 84FF1EE5 00B49CBD 21C1 and ecx, eax 00B49CBF 8BD0 mov edx, eax 00B49CC1 FFCA dec edx 00B49CC3 F7D9 neg ecx 00B49CC5 8D15 D00B00F4 lea edx, dword ptr [F4000BD0] 00B49CCB 0FBFD0 movsx edx, ax 00B49CCE D1C1 rol ecx, 1 00B49CD0 C1DA 7F rcr edx, 7F 00B49CD3 0FC9 bswap ecx 00B49CD5 0FCA bswap edx 00B49CD7 F7C2 AC7A681F test edx, 1F687AAC 00B49CDD C1D9 4C rcr ecx, 4C 我怎么看也不像是个OEP啊 由于我太菜也只好相信了!! 然后我用lordpe 找到LOADDLL 把P。DLL模块完全DUMP下来 然后修改基址为870000 再用IMP准备修复 但我用这个OEP时 是无效的。。(是不是用LOADDLL加载的DLL文件修复时都这样呢?) 无奈我只能从文件里找这些东西了 最后我找到了这些 00876928 $- FF25 5C62B100 jmp dword ptr [B1625C] ; ADVAPI32.RegCloseKey 0087692E 8BC0 mov eax, eax 00876930 $- FF25 5862B100 jmp dword ptr [B16258] ; ADVAPI32.RegOpenKeyExA 00876936 8BC0 mov eax, eax 00876938 $- FF25 5462B100 jmp dword ptr [B16254] ; ADVAPI32.RegQueryValueExA 0087693E 8BC0 mov eax, eax 00876940 $- FF25 CC63B100 jmp dword ptr [B163CC] ; kernel32.Beep 00876946 8BC0 mov eax, eax 00876948 $- FF25 C863B100 jmp dword ptr [B163C8] ; kernel32.CloseHandle 0087694E 8BC0 mov eax, eax 00876950 $- FF25 C463B100 jmp dword ptr [B163C4] ; kernel32.CompareStringA 00876956 8BC0 mov eax, eax 00876958 $- FF25 C463B100 jmp dword ptr [B163C4] ; kernel32.CompareStringA 0087695E 8BC0 mov eax, eax 00876960 $- FF25 C063B100 jmp dword ptr [B163C0] ; kernel32.CompareStringW 00876966 8BC0 mov eax, eax 00876968 $- FF25 BC63B100 jmp dword ptr [B163BC] ; kernel32.CopyFileA 0087696E 8BC0 mov eax, eax 00876970 $- FF25 B863B100 jmp dword ptr [B163B8] ; kernel32.CreateDirectoryA 00876976 8BC0 mov eax, eax 00876978 $- FF25 B463B100 jmp dword ptr [B163B4] ; kernel32.CreateEventA 0087697E 8BC0 mov eax, eax 00876980 $- FF25 B063B100 jmp dword ptr [B163B0] ; kernel32.CreateFileA 00876986 8BC0 mov eax, eax 00876988 $- FF25 B063B100 jmp dword ptr [B163B0] ; kernel32.CreateFileA 0087698E 8BC0 mov eax, eax 00876990 $- FF25 AC63B100 jmp dword ptr [B163AC] ; kernel32.CreateFileW 00876996 8BC0 mov eax, eax 00876998 $- FF25 A863B100 jmp dword ptr [B163A8] ; kernel32.CreateThread 0087699E 8BC0 mov eax, eax 008769A0 $- FF25 A463B100 jmp dword ptr [B163A4] ; ntdll.RtlDeleteCriticalSection 008769A6 8BC0 mov eax, eax 008769A8 $- FF25 A063B100 jmp dword ptr [B163A0] ; ntdll.RtlEnterCriticalSection 008769AE 8BC0 mov eax, eax 008769B0 $- FF25 9C63B100 jmp dword ptr [B1639C] ; kernel32.EnumCalendarInfoA 008769B6 8BC0 mov eax, eax 008769B8 $- FF25 9863B100 jmp dword ptr [B16398] ; kernel32.FileTimeToDosDateTime 008769BE 8BC0 mov eax, eax 008769C0 $- FF25 9463B100 jmp dword ptr [B16394] ; kernel32.FileTimeToLocalFileTime 008769C6 8BC0 mov eax, eax 008769C8 $- FF25 9063B100 jmp dword ptr [B16390] ; kernel32.FindClose 008769CE 8BC0 mov eax, eax 008769D0 $- FF25 8C63B100 jmp dword ptr [B1638C] ; kernel32.FindFirstFileA 008769D6 8BC0 mov eax, eax 008769D8 $- FF25 8863B100 jmp dword ptr [B16388] ; kernel32.FindResourceA 008769DE 8BC0 mov eax, eax 008769E0 $- FF25 8463B100 jmp dword ptr [B16384] ; kernel32.FormatMessageA 008769E6 8BC0 mov eax, eax 008769E8 $- FF25 8463B100 jmp dword ptr [B16384] ; kernel32.FormatMessageA 008769EE 8BC0 mov eax, eax 008769F0 $- FF25 8063B100 jmp dword ptr [B16380] ; kernel32.FormatMessageW 008769F6 8BC0 mov eax, eax 008769F8 $- FF25 7C63B100 jmp dword ptr [B1637C] ; kernel32.FreeLibrary 008769FE 8BC0 mov eax, eax 00876A00 $- FF25 7863B100 jmp dword ptr [B16378] ; kernel32.InterlockedDecrement 00876A06 8BC0 mov eax, eax 00876A08 $- FF25 7463B100 jmp dword ptr [B16374] ; kernel32.InterlockedExchange 00876A0E 8BC0 mov eax, eax 00876A10 $- FF25 7063B100 jmp dword ptr [B16370] ; kernel32.InterlockedIncrement 00876A16 8BC0 mov eax, eax 00876A18 $- FF25 6C63B100 jmp dword ptr [B1636C] ; kernel32.FreeResource 00876A1E 8BC0 mov eax, eax 00876A20 $- FF25 6863B100 jmp dword ptr [B16368] ; kernel32.GetACP 00876A26 8BC0 mov eax, eax 00876A28 $- FF25 6463B100 jmp dword ptr [B16364] ; kernel32.GetCPInfo 00876A2E 8BC0 mov eax, eax 00876A30 $- FF25 6063B100 jmp dword ptr [B16360] ; kernel32.GetComputerNameA 00876A36 8BC0 mov eax, eax 00876A38 $- FF25 5C63B100 jmp dword ptr [B1635C] ; kernel32.GetCurrentProcess 00876A3E 8BC0 mov eax, eax 00876A40 $- FF25 5863B100 jmp dword ptr [B16358] ; kernel32.GetCurrentProcessId 00876A46 8BC0 mov eax, eax 00876A48 $- FF25 5463B100 jmp dword ptr [B16354] ; kernel32.GetCurrentThreadId 00876A4E 8BC0 mov eax, eax 00876A50 $- FF25 5063B100 jmp dword ptr [B16350] ; kernel32.GetDateFormatA 00876A56 8BC0 mov eax, eax 00876A58 $- FF25 4C63B100 jmp dword ptr [B1634C] ; kernel32.GetDiskFreeSpaceA 00876A5E 8BC0 mov eax, eax 00876A60 $- FF25 4863B100 jmp dword ptr [B16348] ; kernel32.GetExitCodeThread 00876A66 8BC0 mov eax, eax 00876A68 $- FF25 4463B100 jmp dword ptr [B16344] ; kernel32.GetFileAttributesA 00876A6E 8BC0 mov eax, eax 00876A70 $- FF25 4063B100 jmp dword ptr [B16340] ; kernel32.GetFullPathNameA 00876A76 8BC0 mov eax, eax 00876A78 $- FF25 4063B100 jmp dword ptr [B16340] ; kernel32.GetFullPathNameA 00876A7E 8BC0 mov eax, eax 00876A80 $- FF25 3C63B100 jmp dword ptr [B1633C] ; kernel32.GetFullPathNameW 00876A86 8BC0 mov eax, eax 00876A88 $- FF25 3863B100 jmp dword ptr [B16338] ; ntdll.RtlGetLastWin32Error 00876A8E 8BC0 mov eax, eax 00876A90 $- FF25 3463B100 jmp dword ptr [B16334] ; kernel32.GetLocalTime 00876A96 8BC0 mov eax, eax 00876A98 $- FF25 3063B100 jmp dword ptr [B16330] ; kernel32.GetLocaleInfoA 00876A9E 8BC0 mov eax, eax 00876AA0 $- FF25 2C63B100 jmp dword ptr [B1632C] ; kernel32.GetModuleFileNameA 00876AA6 8BC0 mov eax, eax 00876AA8 $- FF25 2863B100 jmp dword ptr [B16328] ; kernel32.GetModuleHandleA 00876AAE 8BC0 mov eax, eax 00876AB0 $- FF25 2463B100 jmp dword ptr [B16324] ; kernel32.GetPrivateProfileStringA 00876AB6 8BC0 mov eax, eax 00876AB8 $- FF25 2063B100 jmp dword ptr [B16320] ; kernel32.GetProcAddress 00876ABE 8BC0 mov eax, eax 00876AC0 $- FF25 1C63B100 jmp dword ptr [B1631C] ; kernel32.GetStdHandle 00876AC6 8BC0 mov eax, eax 00876AC8 $- FF25 1863B100 jmp dword ptr [B16318] ; kernel32.GetStringTypeExA 00876ACE 8BC0 mov eax, eax 00876AD0 $- FF25 1463B100 jmp dword ptr [B16314] ; kernel32.GetSystemInfo 00876AD6 8BC0 mov eax, eax 00876AD8 $- FF25 1063B100 jmp dword ptr [B16310] ; kernel32.GetThreadLocale 00876ADE 8BC0 mov eax, eax 00876AE0 $- FF25 0C63B100 jmp dword ptr [B1630C] ; kernel32.GetTickCount 00876AE6 8BC0 mov eax, eax 00876AE8 $- FF25 0863B100 jmp dword ptr [B16308] ; kernel32.GetVersion 00876AEE 8BC0 mov eax, eax 00876AF0 $- FF25 0463B100 jmp dword ptr [B16304] ; kernel32.GetVersionExA 00876AF6 8BC0 mov eax, eax 00876AF8 $- FF25 0063B100 jmp dword ptr [B16300] ; kernel32.GlobalAddAtomA 00876AFE 8BC0 mov eax, eax 00876B00 $- FF25 FC62B100 jmp dword ptr [B162FC] ; kernel32.GlobalAlloc 00876B06 8BC0 mov eax, eax 00876B08 $- FF25 F862B100 jmp dword ptr [B162F8] ; kernel32.GlobalDeleteAtom 00876B0E 8BC0 mov eax, eax 00876B10 $- FF25 F462B100 jmp dword ptr [B162F4] ; kernel32.GlobalFindAtomA 00876B16 8BC0 mov eax, eax 00876B18 $- FF25 F062B100 jmp dword ptr [B162F0] ; kernel32.GlobalFree 00876B1E 8BC0 mov eax, eax 00876B20 $- FF25 EC62B100 jmp dword ptr [B162EC] ; kernel32.GlobalLock 00876B26 8BC0 mov eax, eax 00876B28 $- FF25 E862B100 jmp dword ptr [B162E8] ; kernel32.GlobalHandle 00876B2E 8BC0 mov eax, eax 00876B30 $- FF25 E462B100 jmp dword ptr [B162E4] ; kernel32.GlobalReAlloc 00876B36 8BC0 mov eax, eax 00876B38 $- FF25 E062B100 jmp dword ptr [B162E0] ; kernel32.GlobalUnlock 00876B3E 8BC0 mov eax, eax 00876B40 $- FF25 DC62B100 jmp dword ptr [B162DC] ; kernel32.InitializeCriticalSection 00876B46 8BC0 mov eax, eax 00876B48 $- FF25 D862B100 jmp dword ptr [B162D8] ; ntdll.RtlLeaveCriticalSection 00876B4E 8BC0 mov eax, eax 00876B50 $- FF25 D462B100 jmp dword ptr [B162D4] ; kernel32.LoadLibraryA 00876B56 8BC0 mov eax, eax 00876B58 $- FF25 D062B100 jmp dword ptr [B162D0] ; kernel32.LoadResource 00876B5E 8BC0 mov eax, eax 00876B60 $- FF25 CC62B100 jmp dword ptr [B162CC] ; kernel32.SetHandleCount 00876B66 8BC0 mov eax, eax 00876B68 $- FF25 C862B100 jmp dword ptr [B162C8] ; kernel32.MulDiv 00876B6E 8BC0 mov eax, eax 00876B70 $- FF25 C462B100 jmp dword ptr [B162C4] ; kernel32.MultiByteToWideChar 00876B76 8BC0 mov eax, eax 00876B78 $- FF25 C062B100 jmp dword ptr [B162C0] ; kernel32.OutputDebugStringA 00876B7E 8BC0 mov eax, eax 00876B80 $- FF25 BC62B100 jmp dword ptr [B162BC] ; kernel32.ReadFile 00876B86 8BC0 mov eax, eax 00876B88 $- FF25 B862B100 jmp dword ptr [B162B8] ; kernel32.ResetEvent 00876B8E 8BC0 mov eax, eax 00876B90 $- FF25 B462B100 jmp dword ptr [B162B4] ; kernel32.ResumeThread 00876B96 8BC0 mov eax, eax 00876B98 $- FF25 B062B100 jmp dword ptr [B162B0] ; kernel32.SetEndOfFile 00876B9E 8BC0 mov eax, eax 00876BA0 $- FF25 AC62B100 jmp dword ptr [B162AC] ; kernel32.SetErrorMode 00876BA6 8BC0 mov eax, eax 00876BA8 $- FF25 A862B100 jmp dword ptr [B162A8] ; kernel32.SetEvent 00876BAE 8BC0 mov eax, eax 00876BB0 $- FF25 A462B100 jmp dword ptr [B162A4] ; kernel32.SetFilePointer 00876BB6 8BC0 mov eax, eax 00876BB8 $- FF25 A062B100 jmp dword ptr [B162A0] ; ntdll.RtlSetLastWin32Error 00876BBE 8BC0 mov eax, eax 00876BC0 $- FF25 9C62B100 jmp dword ptr [B1629C] ; kernel32.SetThreadLocale 00876BC6 8BC0 mov eax, eax 00876BC8 $- FF25 9862B100 jmp dword ptr [B16298] ; kernel32.SizeofResource 00876BCE 8BC0 mov eax, eax 00876BD0 $- FF25 9462B100 jmp dword ptr [B16294] ; kernel32.Sleep 00876BD6 8BC0 mov eax, eax 00876BD8 $- FF25 9062B100 jmp dword ptr [B16290] ; kernel32.SuspendThread 00876BDE 8BC0 mov eax, eax 00876BE0 $- FF25 8C62B100 jmp dword ptr [B1628C] ; kernel32.VirtualAlloc 00876BE6 8BC0 mov eax, eax 00876BE8 $- FF25 8862B100 jmp dword ptr [B16288] ; kernel32.VirtualProtect 00876BEE 8BC0 mov eax, eax 00876BF0 $- FF25 8462B100 jmp dword ptr [B16284] ; kernel32.VirtualQuery 00876BF6 8BC0 mov eax, eax 00876BF8 $- FF25 8062B100 jmp dword ptr [B16280] ; kernel32.WaitForSingleObject 00876BFE 8BC0 mov eax, eax 00876C00 $- FF25 7C62B100 jmp dword ptr [B1627C] ; kernel32.WideCharToMultiByte 00876C06 8BC0 mov eax, eax 00876C08 $- FF25 7862B100 jmp dword ptr [B16278] ; kernel32.WriteFile 00876C0E 8BC0 mov eax, eax 00876C10 $- FF25 7462B100 jmp dword ptr [B16274] ; kernel32.WritePrivateProfileStringA 00876C16 8BC0 mov eax, eax 00876C18 $- FF25 7062B100 jmp dword ptr [B16270] ; kernel32.WriteProcessMemory 00876C1E 8BC0 mov eax, eax 00876C20 $- FF25 6C62B100 jmp dword ptr [B1626C] ; kernel32.lstrcmpA 00876C26 8BC0 mov eax, eax 00876C28 $- FF25 6862B100 jmp dword ptr [B16268] ; kernel32.lstrcmpW 00876C2E 8BC0 mov eax, eax 00876C30 $- FF25 6462B100 jmp dword ptr [B16264] ; kernel32.lstrcpyA 00876C36 8BC0 mov eax, eax 00876C38 $- FF25 DC63B100 jmp dword ptr [B163DC] ; VERSION.GetFileVersionInfoA 00876C3E 8BC0 mov eax, eax 00876C40 $- FF25 D863B100 jmp dword ptr [B163D8] ; VERSION.GetFileVersionInfoSizeA 00876C46 8BC0 mov eax, eax 00876C48 $- FF25 D463B100 jmp dword ptr [B163D4] ; VERSION.VerQueryValueA 00876C4E 8BC0 mov eax, eax 00876C50 $- FF25 0065B100 jmp dword ptr [B16500] ; GDI32.BitBlt 00876C56 8BC0 mov eax, eax 00876C58 $- FF25 FC64B100 jmp dword ptr [B164FC] ; GDI32.CopyEnhMetaFileA 00876C5E 8BC0 mov eax, eax 00876C60 $- FF25 F864B100 jmp dword ptr [B164F8] ; GDI32.CreateBitmap 00876C66 8BC0 mov eax, eax 00876C68 $- FF25 F464B100 jmp dword ptr [B164F4] ; GDI32.CreateBrushIndirect 00876C6E 8BC0 mov eax, eax 00876C70 $- FF25 F064B100 jmp dword ptr [B164F0] ; GDI32.CreateCompatibleBitmap 00876C76 8BC0 mov eax, eax 00876C78 $- FF25 EC64B100 jmp dword ptr [B164EC] ; GDI32.CreateCompatibleDC 00876C7E 8BC0 mov eax, eax 00876C80 $- FF25 E864B100 jmp dword ptr [B164E8] ; GDI32.CreateDIBSection 00876C86 8BC0 mov eax, eax 00876C88 $- FF25 E464B100 jmp dword ptr [B164E4] ; GDI32.CreateDIBitmap 00876C8E 8BC0 mov eax, eax 00876C90 $- FF25 E064B100 jmp dword ptr [B164E0] ; GDI32.CreateFontIndirectA 00876C96 8BC0 mov eax, eax 00876C98 $- FF25 DC64B100 jmp dword ptr [B164DC] ; GDI32.CreateHalftonePalette 00876C9E 8BC0 mov eax, eax 00876CA0 $- FF25 D864B100 jmp dword ptr [B164D8] ; GDI32.CreatePalette 00876CA6 8BC0 mov eax, eax 00876CA8 $- FF25 D464B100 jmp dword ptr [B164D4] ; GDI32.CreatePenIndirect 00876CAE 8BC0 mov eax, eax 00876CB0 $- FF25 D064B100 jmp dword ptr [B164D0] ; GDI32.CreateSolidBrush 00876CB6 8BC0 mov eax, eax 00876CB8 $- FF25 CC64B100 jmp dword ptr [B164CC] ; GDI32.DeleteDC 00876CBE 8BC0 mov eax, eax 00876CC0 $- FF25 C864B100 jmp dword ptr [B164C8] ; GDI32.DeleteEnhMetaFile 00876CC6 8BC0 mov eax, eax 00876CC8 $- FF25 C464B100 jmp dword ptr [B164C4] ; GDI32.DeleteObject 00876CCE 8BC0 mov eax, eax 00876CD0 $- FF25 C064B100 jmp dword ptr [B164C0] ; GDI32.Ellipse 00876CD6 8BC0 mov eax, eax 00876CD8 $- FF25 BC64B100 jmp dword ptr [B164BC] ; GDI32.ExcludeClipRect 00876CDE 8BC0 mov eax, eax 00876CE0 $- FF25 B864B100 jmp dword ptr [B164B8] ; GDI32.ExtTextOutA 00876CE6 8BC0 mov eax, eax 00876CE8 $- FF25 B464B100 jmp dword ptr [B164B4] ; GDI32.ExtTextOutW 00876CEE 8BC0 mov eax, eax 00876CF0 $- FF25 B064B100 jmp dword ptr [B164B0] ; GDI32.GdiFlush 00876CF6 8BC0 mov eax, eax 00876CF8 $- FF25 AC64B100 jmp dword ptr [B164AC] ; GDI32.GetBitmapBits 00876CFE 8BC0 mov eax, eax 00876D00 $- FF25 A864B100 jmp dword ptr [B164A8] ; GDI32.GetBrushOrgEx 00876D06 8BC0 mov eax, eax 00876D08 $- FF25 A464B100 jmp dword ptr [B164A4] ; GDI32.GetClipBox 00876D0E 8BC0 mov eax, eax 00876D10 $- FF25 A064B100 jmp dword ptr [B164A0] ; GDI32.GetCurrentPositionEx 00876D16 8BC0 mov eax, eax 00876D18 $- FF25 9C64B100 jmp dword ptr [B1649C] ; GDI32.GetDCOrgEx 00876D1E 8BC0 mov eax, eax 00876D20 $- FF25 9864B100 jmp dword ptr [B16498] ; GDI32.GetDIBColorTable 00876D26 8BC0 mov eax, eax 00876D28 $- FF25 9464B100 jmp dword ptr [B16494] ; GDI32.GetDIBits 00876D2E 8BC0 mov eax, eax 00876D30 $- FF25 9064B100 jmp dword ptr [B16490] ; GDI32.GetDeviceCaps 00876D36 8BC0 mov eax, eax 00876D38 $- FF25 8C64B100 jmp dword ptr [B1648C] ; GDI32.GetEnhMetaFileBits 00876D3E 8BC0 mov eax, eax 00876D40 $- FF25 8864B100 jmp dword ptr [B16488] ; GDI32.GetEnhMetaFileHeader 00876D46 8BC0 mov eax, eax 00876D48 $- FF25 8464B100 jmp dword ptr [B16484] ; GDI32.GetEnhMetaFilePaletteEntries 00876D4E 8BC0 mov eax, eax 00876D50 $- FF25 8064B100 jmp dword ptr [B16480] ; GDI32.GetObjectA 00876D56 8BC0 mov eax, eax 00876D58 $- FF25 7C64B100 jmp dword ptr [B1647C] ; GDI32.GetPaletteEntries 00876D5E 8BC0 mov eax, eax 00876D60 $- FF25 7864B100 jmp dword ptr [B16478] ; GDI32.GetPixel 00876D66 8BC0 mov eax, eax 00876D68 $- FF25 7464B100 jmp dword ptr [B16474] ; GDI32.GetStockObject 00876D6E 8BC0 mov eax, eax 00876D70 $- FF25 7064B100 jmp dword ptr [B16470] ; GDI32.GetSystemPaletteEntries 00876D76 8BC0 mov eax, eax 00876D78 $- FF25 6C64B100 jmp dword ptr [B1646C] ; GDI32.GetTextExtentPoint32A 00876D7E 8BC0 mov eax, eax 00876D80 $- FF25 6864B100 jmp dword ptr [B16468] ; GDI32.GetTextExtentPoint32W 00876D86 8BC0 mov eax, eax 00876D88 $- FF25 6464B100 jmp dword ptr [B16464] ; GDI32.GetTextMetricsA 00876D8E 8BC0 mov eax, eax 00876D90 $- FF25 6064B100 jmp dword ptr [B16460] ; GDI32.GetWinMetaFileBits 00876D96 8BC0 mov eax, eax 00876D98 $- FF25 5C64B100 jmp dword ptr [B1645C] ; GDI32.GetWindowOrgEx 00876D9E 8BC0 mov eax, eax 00876DA0 $- FF25 5864B100 jmp dword ptr [B16458] ; GDI32.IntersectClipRect 00876DA6 8BC0 mov eax, eax 00876DA8 $- FF25 5464B100 jmp dword ptr [B16454] ; GDI32.LineTo 00876DAE 8BC0 mov eax, eax 00876DB0 $- FF25 5064B100 jmp dword ptr [B16450] ; GDI32.MaskBlt 00876DB6 8BC0 mov eax, eax 00876DB8 $- FF25 4C64B100 jmp dword ptr [B1644C] ; GDI32.MoveToEx 00876DBE 8BC0 mov eax, eax 00876DC0 $- FF25 4864B100 jmp dword ptr [B16448] ; GDI32.PatBlt 00876DC6 8BC0 mov eax, eax 00876DC8 $- FF25 4464B100 jmp dword ptr [B16444] ; GDI32.Pie 00876DCE 8BC0 mov eax, eax 00876DD0 $- FF25 4064B100 jmp dword ptr [B16440] ; GDI32.PlayEnhMetaFile 00876DD6 8BC0 mov eax, eax 00876DD8 $- FF25 3C64B100 jmp dword ptr [B1643C] ; GDI32.Polyline 00876DDE 8BC0 mov eax, eax 00876DE0 $- FF25 3864B100 jmp dword ptr [B16438] ; GDI32.RealizePalette 00876DE6 8BC0 mov eax, eax 00876DE8 $- FF25 3464B100 jmp dword ptr [B16434] ; GDI32.RectVisible 00876DEE 8BC0 mov eax, eax 00876DF0 $- FF25 3064B100 jmp dword ptr [B16430] ; GDI32.Rectangle 00876DF6 8BC0 mov eax, eax 00876DF8 $- FF25 2C64B100 jmp dword ptr [B1642C] ; GDI32.RestoreDC 00876DFE 8BC0 mov eax, eax 00876E00 $- FF25 2864B100 jmp dword ptr [B16428] ; GDI32.SaveDC 00876E06 8BC0 mov eax, eax 00876E08 $- FF25 2464B100 jmp dword ptr [B16424] ; GDI32.SelectClipRgn 00876E0E 8BC0 mov eax, eax 00876E10 $- FF25 2064B100 jmp dword ptr [B16420] ; GDI32.SelectObject 00876E16 8BC0 mov eax, eax 00876E18 $- FF25 1C64B100 jmp dword ptr [B1641C] ; GDI32.SelectPalette 00876E1E 8BC0 mov eax, eax 00876E20 $- FF25 1864B100 jmp dword ptr [B16418] ; GDI32.SetBkColor 00876E26 8BC0 mov eax, eax 00876E28 $- FF25 1464B100 jmp dword ptr [B16414] ; GDI32.SetBkMode 00876E2E 8BC0 mov eax, eax 00876E30 $- FF25 1064B100 jmp dword ptr [B16410] ; GDI32.SetBrushOrgEx 00876E36 8BC0 mov eax, eax 00876E38 $- FF25 0C64B100 jmp dword ptr [B1640C] ; GDI32.SetDIBColorTable 00876E3E 8BC0 mov eax, eax 00876E40 $- FF25 0864B100 jmp dword ptr [B16408] ; GDI32.SetEnhMetaFileBits 00876E46 8BC0 mov eax, eax 00876E48 $- FF25 0464B100 jmp dword ptr [B16404] ; GDI32.SetPixel 00876E4E 8BC0 mov eax, eax 00876E50 $- FF25 0064B100 jmp dword ptr [B16400] ; GDI32.SetROP2 00876E56 8BC0 mov eax, eax 00876E58 $- FF25 FC63B100 jmp dword ptr [B163FC] ; GDI32.SetStretchBltMode 00876E5E 8BC0 mov eax, eax 00876E60 $- FF25 F863B100 jmp dword ptr [B163F8] ; GDI32.SetTextColor 00876E66 8BC0 mov eax, eax 00876E68 $- FF25 F463B100 jmp dword ptr [B163F4] ; GDI32.SetViewportOrgEx 00876E6E 8BC0 mov eax, eax 00876E70 $- FF25 F063B100 jmp dword ptr [B163F0] ; GDI32.SetWinMetaFileBits 00876E76 8BC0 mov eax, eax 00876E78 $- FF25 EC63B100 jmp dword ptr [B163EC] ; GDI32.SetWindowOrgEx 00876E7E 8BC0 mov eax, eax 00876E80 $- FF25 E863B100 jmp dword ptr [B163E8] ; GDI32.StretchBlt 00876E86 8BC0 mov eax, eax 00876E88 $- FF25 E463B100 jmp dword ptr [B163E4] ; GDI32.UnrealizeObject 00876E8E 8BC0 mov eax, eax 00876E90 $- FF25 0468B100 jmp dword ptr [B16804] ; USER32.ActivateKeyboardLayout 00876E96 8BC0 mov eax, eax 00876E98 $- FF25 0068B100 jmp dword ptr [B16800] ; USER32.AdjustWindowRectEx 00876E9E 8BC0 mov eax, eax 00876EA0 $- FF25 F467B100 jmp dword ptr [B167F4] ; USER32.CharLowerA 00876EA6 8BC0 mov eax, eax 00876EA8 $- FF25 E867B100 jmp dword ptr [B167E8] ; USER32.BeginDeferWindowPos 00876EAE 8BC0 mov eax, eax 00876EB0 $- FF25 E467B100 jmp dword ptr [B167E4] ; USER32.BeginPaint 00876EB6 8BC0 mov eax, eax 00876EB8 $- FF25 E067B100 jmp dword ptr [B167E0] ; USER32.CallNextHookEx 00876EBE 8BC0 mov eax, eax 00876EC0 $- FF25 DC67B100 jmp dword ptr [B167DC] ; USER32.CallWindowProcA 00876EC6 8BC0 mov eax, eax 00876EC8 $- FF25 DC67B100 jmp dword ptr [B167DC] ; USER32.CallWindowProcA 00876ECE 8BC0 mov eax, eax 00876ED0 $- FF25 D867B100 jmp dword ptr [B167D8] ; USER32.CallWindowProcW 00876ED6 8BC0 mov eax, eax 00876ED8 $- FF25 F067B100 jmp dword ptr [B167F0] ; USER32.CharLowerBuffA 00876EDE 8BC0 mov eax, eax 00876EE0 $- FF25 EC67B100 jmp dword ptr [B167EC] ; USER32.CharNextA 00876EE6 8BC0 mov eax, eax 00876EE8 $- FF25 FC67B100 jmp dword ptr [B167FC] ; USER32.CharToOemA 00876EEE 8BC0 mov eax, eax 00876EF0 $- FF25 F867B100 jmp dword ptr [B167F8] ; USER32.CharUpperBuffA 00876EF6 8BC0 mov eax, eax 00876EF8 $- FF25 D467B100 jmp dword ptr [B167D4] ; USER32.CheckMenuItem 00876EFE 8BC0 mov eax, eax 00876F00 $- FF25 D067B100 jmp dword ptr [B167D0] ; USER32.ChildWindowFromPoint 00876F06 8BC0 mov eax, eax 00876F08 $- FF25 CC67B100 jmp dword ptr [B167CC] ; USER32.ClientToScreen 00876F0E 8BC0 mov eax, eax 00876F10 $- FF25 C867B100 jmp dword ptr [B167C8] ; USER32.CreateIcon 00876F16 8BC0 mov eax, eax 00876F18 $- FF25 C467B100 jmp dword ptr [B167C4] ; USER32.CreateMenu 00876F1E 8BC0 mov eax, eax 00876F20 $- FF25 C067B100 jmp dword ptr [B167C0] ; USER32.CreatePopupMenu 00876F26 8BC0 mov eax, eax 00876F28 $- FF25 BC67B100 jmp dword ptr [B167BC] ; USER32.DefFrameProcA 00876F2E 8BC0 mov eax, eax 00876F30 .- FF25 B867B100 jmp dword ptr [B167B8] ; USER32.DefMDIChildProcA 00876F36 8BC0 mov eax, eax 00876F38 $- FF25 B467B100 jmp dword ptr [B167B4] ; USER32.DefWindowProcA 00876F3E 8BC0 mov eax, eax 00876F40 $- FF25 B067B100 jmp dword ptr [B167B0] ; USER32.DefWindowProcW 00876F46 8BC0 mov eax, eax 00876F48 $- FF25 AC67B100 jmp dword ptr [B167AC] ; USER32.DeferWindowPos 00876F4E 8BC0 mov eax, eax 00876F50 $- FF25 A867B100 jmp dword ptr [B167A8] ; USER32.DeleteMenu 00876F56 8BC0 mov eax, eax 00876F58 $- FF25 A467B100 jmp dword ptr [B167A4] ; USER32.DestroyIcon 00876F5E 8BC0 mov eax, eax 00876F60 $- FF25 A067B100 jmp dword ptr [B167A0] ; USER32.DestroyIcon 00876F66 8BC0 mov eax, eax 00876F68 $- FF25 9C67B100 jmp dword ptr [B1679C] ; USER32.DestroyMenu 00876F6E 8BC0 mov eax, eax 00876F70 $- FF25 9867B100 jmp dword ptr [B16798] ; USER32.DestroyWindow 00876F76 8BC0 mov eax, eax 00876F78 $- FF25 9467B100 jmp dword ptr [B16794] ; USER32.DispatchMessageA 00876F7E 8BC0 mov eax, eax 00876F80 $- FF25 9067B100 jmp dword ptr [B16790] ; USER32.DispatchMessageW 00876F86 8BC0 mov eax, eax 00876F88 $- FF25 8C67B100 jmp dword ptr [B1678C] ; USER32.DrawEdge 00876F8E 8BC0 mov eax, eax 00876F90 $- FF25 8867B100 jmp dword ptr [B16788] ; USER32.DrawFocusRect 00876F96 8BC0 mov eax, eax 00876F98 $- FF25 8467B100 jmp dword ptr [B16784] ; USER32.DrawFrameControl 00876F9E 8BC0 mov eax, eax 00876FA0 $- FF25 8067B100 jmp dword ptr [B16780] ; USER32.DrawIcon 00876FA6 8BC0 mov eax, eax 00876FA8 $- FF25 7C67B100 jmp dword ptr [B1677C] ; USER32.DrawIconEx 00876FAE 8BC0 mov eax, eax 00876FB0 $- FF25 7867B100 jmp dword ptr [B16778] ; USER32.DrawMenuBar 00876FB6 8BC0 mov eax, eax 00876FB8 $- FF25 7467B100 jmp dword ptr [B16774] ; USER32.DrawTextA 00876FBE 8BC0 mov eax, eax 00876FC0 $- FF25 7467B100 jmp dword ptr [B16774] ; USER32.DrawTextA 00876FC6 8BC0 mov eax, eax 00876FC8 $- FF25 7067B100 jmp dword ptr [B16770] ; USER32.DrawTextW 00876FCE 8BC0 mov eax, eax 00876FD0 $- FF25 6C67B100 jmp dword ptr [B1676C] ; USER32.EnableMenuItem 00876FD6 8BC0 mov eax, eax 00876FD8 .- FF25 6867B100 jmp dword ptr [B16768] ; USER32.EnableScrollBar 00876FDE 8BC0 mov eax, eax 00876FE0 $- FF25 6467B100 jmp dword ptr [B16764] ; USER32.EnableWindow 00876FE6 8BC0 mov eax, eax 00876FE8 $- FF25 6067B100 jmp dword ptr [B16760] ; USER32.EndDeferWindowPos 00876FEE 8BC0 mov eax, eax 00876FF0 $- FF25 5C67B100 jmp dword ptr [B1675C] ; USER32.EndPaint 00876FF6 8BC0 mov eax, eax 00876FF8 $- FF25 5867B100 jmp dword ptr [B16758] ; USER32.EnumThreadWindows 00876FFE 8BC0 mov eax, eax 00877000 $- FF25 5467B100 jmp dword ptr [B16754] ; USER32.EnumWindows 00877006 8BC0 mov eax, eax 00877008 $- FF25 5067B100 jmp dword ptr [B16750] ; USER32.EqualRect 0087700E 8BC0 mov eax, eax 00877010 $- FF25 4C67B100 jmp dword ptr [B1674C] ; USER32.FillRect 00877016 8BC0 mov eax, eax 00877018 $- FF25 4867B100 jmp dword ptr [B16748] ; USER32.FindWindowA 0087701E 8BC0 mov eax, eax 00877020 $- FF25 4467B100 jmp dword ptr [B16744] ; USER32.FrameRect 00877026 8BC0 mov eax, eax 00877028 $- FF25 4067B100 jmp dword ptr [B16740] ; USER32.GetActiveWindow 0087702E 8BC0 mov eax, eax 00877030 $- FF25 3C67B100 jmp dword ptr [B1673C] ; USER32.GetCapture 00877036 8BC0 mov eax, eax 00877038 $- FF25 3867B100 jmp dword ptr [B16738] ; USER32.GetClassInfoA 0087703E 8BC0 mov eax, eax 00877040 $- FF25 3467B100 jmp dword ptr [B16734] ; USER32.GetClassInfoW 00877046 8BC0 mov eax, eax 00877048 $- FF25 3067B100 jmp dword ptr [B16730] ; USER32.GetClassNameA 0087704E 8BC0 mov eax, eax 00877050 $- FF25 2C67B100 jmp dword ptr [B1672C] ; USER32.GetClassNameW 00877056 8BC0 mov eax, eax 00877058 $- FF25 2867B100 jmp dword ptr [B16728] ; USER32.GetClientRect 0087705E 8BC0 mov eax, eax 00877060 $- FF25 2467B100 jmp dword ptr [B16724] ; USER32.GetClipboardData 00877066 8BC0 mov eax, eax 00877068 $- FF25 2067B100 jmp dword ptr [B16720] ; USER32.GetCursor 0087706E 8BC0 mov eax, eax 00877070 $- FF25 1C67B100 jmp dword ptr [B1671C] ; USER32.GetCursorPos 00877076 8BC0 mov eax, eax 00877078 $- FF25 1867B100 jmp dword ptr [B16718] ; USER32.GetDC 0087707E 8BC0 mov eax, eax 00877080 $- FF25 1467B100 jmp dword ptr [B16714] ; USER32.GetDCEx 00877086 8BC0 mov eax, eax 00877088 $- FF25 1067B100 jmp dword ptr [B16710] ; USER32.GetDesktopWindow 0087708E 8BC0 mov eax, eax 00877090 $- FF25 0C67B100 jmp dword ptr [B1670C] ; USER32.GetFocus 00877096 8BC0 mov eax, eax 00877098 $- FF25 0867B100 jmp dword ptr [B16708] ; USER32.GetForegroundWindow 0087709E 8BC0 mov eax, eax 008770A0 $- FF25 0467B100 jmp dword ptr [B16704] ; USER32.GetIconInfo 008770A6 8BC0 mov eax, eax 008770A8 $- FF25 0067B100 jmp dword ptr [B16700] ; USER32.GetKeyNameTextA 008770AE 8BC0 mov eax, eax 008770B0 $- FF25 FC66B100 jmp dword ptr [B166FC] ; USER32.GetKeyNameTextW 008770B6 8BC0 mov eax, eax 008770B8 $- FF25 F866B100 jmp dword ptr [B166F8] ; USER32.GetKeyState 008770BE 8BC0 mov eax, eax 008770C0 $- FF25 F466B100 jmp dword ptr [B166F4] ; USER32.GetKeyboardLayout 008770C6 8BC0 mov eax, eax 008770C8 $- FF25 F066B100 jmp dword ptr [B166F0] ; USER32.GetKeyboardLayoutList 008770CE 8BC0 mov eax, eax 008770D0 $- FF25 EC66B100 jmp dword ptr [B166EC] ; USER32.GetKeyboardState 008770D6 8BC0 mov eax, eax 008770D8 $- FF25 E866B100 jmp dword ptr [B166E8] ; USER32.GetLastActivePopup 008770DE 8BC0 mov eax, eax 008770E0 $- FF25 E466B100 jmp dword ptr [B166E4] ; USER32.GetMenu 008770E6 8BC0 mov eax, eax 008770E8 $- FF25 E066B100 jmp dword ptr [B166E0] ; USER32.GetMenuItemCount 008770EE 8BC0 mov eax, eax 008770F0 $- FF25 DC66B100 jmp dword ptr [B166DC] ; USER32.GetMenuItemID 008770F6 8BC0 mov eax, eax 008770F8 $- FF25 D866B100 jmp dword ptr [B166D8] ; USER32.GetMenuItemInfoA 008770FE 8BC0 mov eax, eax 00877100 $- FF25 D466B100 jmp dword ptr [B166D4] ; USER32.GetMenuItemInfoW 00877106 8BC0 mov eax, eax 00877108 $- FF25 D066B100 jmp dword ptr [B166D0] ; USER32.GetMenuState 0087710E 8BC0 mov eax, eax 00877110 $- FF25 CC66B100 jmp dword ptr [B166CC] ; USER32.GetMenuStringA 00877116 8BC0 mov eax, eax 00877118 $- FF25 C866B100 jmp dword ptr [B166C8] ; USER32.GetMenuStringW 0087711E 8BC0 mov eax, eax 00877120 $- FF25 C466B100 jmp dword ptr [B166C4] ; USER32.GetMessagePos 00877126 8BC0 mov eax, eax 00877128 $- FF25 C066B100 jmp dword ptr [B166C0] ; USER32.GetWindow 0087712E 8BC0 mov eax, eax 00877130 $- FF25 BC66B100 jmp dword ptr [B166BC] ; USER32.GetParent 00877136 8BC0 mov eax, eax 00877138 $- FF25 B866B100 jmp dword ptr [B166B8] ; USER32.GetPropA 0087713E 8BC0 mov eax, eax 00877140 .- FF25 B466B100 jmp dword ptr [B166B4] ; USER32.GetScrollInfo 00877146 8BC0 mov eax, eax 00877148 $- FF25 B066B100 jmp dword ptr [B166B0] ; USER32.GetScrollPos 0087714E 8BC0 mov eax, eax 00877150 .- FF25 AC66B100 jmp dword ptr [B166AC] ; USER32.GetScrollRange 00877156 8BC0 mov eax, eax 00877158 $- FF25 A866B100 jmp dword ptr [B166A8] ; USER32.GetSubMenu 0087715E 8BC0 mov eax, eax 00877160 $- FF25 A466B100 jmp dword ptr [B166A4] ; USER32.GetSysColor 00877166 8BC0 mov eax, eax 00877168 $- FF25 A066B100 jmp dword ptr [B166A0] ; USER32.GetSysColorBrush 0087716E 8BC0 mov eax, eax 00877170 $- FF25 9C66B100 jmp dword ptr [B1669C] ; USER32.GetSystemMenu 00877176 8BC0 mov eax, eax 00877178 $- FF25 9866B100 jmp dword ptr [B16698] ; USER32.GetSystemMetrics 0087717E 8BC0 mov eax, eax 00877180 $- FF25 9466B100 jmp dword ptr [B16694] ; USER32.GetTopWindow 00877186 8BC0 mov eax, eax 00877188 $- FF25 C066B100 jmp dword ptr [B166C0] ; USER32.GetWindow 0087718E 8BC0 mov eax, eax 00877190 $- FF25 9066B100 jmp dword ptr [B16690] ; USER32.GetWindowDC 00877196 8BC0 mov eax, eax 00877198 $- FF25 8C66B100 jmp dword ptr [B1668C] ; USER32.GetWindowLongA 0087719E 8BC0 mov eax, eax 008771A0 $- FF25 8866B100 jmp dword ptr [B16688] ; USER32.GetWindowLongW 008771A6 8BC0 mov eax, eax 008771A8 $- FF25 8466B100 jmp dword ptr [B16684] ; USER32.GetWindowPlacement 008771AE 8BC0 mov eax, eax 008771B0 $- FF25 8066B100 jmp dword ptr [B16680] ; USER32.GetWindowRect 008771B6 8BC0 mov eax, eax 008771B8 $- FF25 7C66B100 jmp dword ptr [B1667C] ; USER32.GetWindowTextA 008771BE 8BC0 mov eax, eax 008771C0 $- FF25 7866B100 jmp dword ptr [B16678] ; USER32.GetWindowTextW 008771C6 8BC0 mov eax, eax 008771C8 $- FF25 7466B100 jmp dword ptr [B16674] ; USER32.GetWindowTextLengthW 008771CE 8BC0 mov eax, eax 008771D0 $- FF25 7066B100 jmp dword ptr [B16670] ; USER32.GetWindowThreadProcessId 008771D6 8BC0 mov eax, eax 008771D8 $- FF25 7066B100 jmp dword ptr [B16670] ; USER32.GetWindowThreadProcessId 008771DE 8BC0 mov eax, eax 008771E0 $- FF25 6C66B100 jmp dword ptr [B1666C] ; USER32.InflateRect 008771E6 8BC0 mov eax, eax 008771E8 $- FF25 6866B100 jmp dword ptr [B16668] ; USER32.InsertMenuA 008771EE 8BC0 mov eax, eax 008771F0 $- FF25 6466B100 jmp dword ptr [B16664] ; USER32.InsertMenuItemA 008771F6 8BC0 mov eax, eax 008771F8 $- FF25 6066B100 jmp dword ptr [B16660] ; USER32.IntersectRect 008771FE 8BC0 mov eax, eax 00877200 $- FF25 5C66B100 jmp dword ptr [B1665C] ; USER32.InvalidateRect 00877206 8BC0 mov eax, eax 00877208 $- FF25 5866B100 jmp dword ptr [B16658] ; USER32.IsChild 0087720E 8BC0 mov eax, eax 00877210 $- FF25 5466B100 jmp dword ptr [B16654] ; USER32.IsDialogMessageA 00877216 8BC0 mov eax, eax 00877218 $- FF25 5466B100 jmp dword ptr [B16654] ; USER32.IsDialogMessageA 0087721E 8BC0 mov eax, eax 00877220 $- FF25 5066B100 jmp dword ptr [B16650] ; USER32.IsDialogMessageW 00877226 8BC0 mov eax, eax 00877228 $- FF25 4C66B100 jmp dword ptr [B1664C] ; USER32.IsIconic 0087722E 8BC0 mov eax, eax 00877230 $- FF25 4866B100 jmp dword ptr [B16648] ; USER32.IsRectEmpty 00877236 8BC0 mov eax, eax 00877238 $- FF25 4466B100 jmp dword ptr [B16644] ; USER32.IsWindow 0087723E 8BC0 mov eax, eax 00877240 $- FF25 4066B100 jmp dword ptr [B16640] ; USER32.IsWindowEnabled 00877246 8BC0 mov eax, eax 00877248 $- FF25 3C66B100 jmp dword ptr [B1663C] ; USER32.IsWindowUnicode 0087724E 8BC0 mov eax, eax 00877250 $- FF25 3866B100 jmp dword ptr [B16638] ; USER32.IsWindowVisible 00877256 8BC0 mov eax, eax 00877258 $- FF25 3466B100 jmp dword ptr [B16634] ; USER32.IsZoomed 0087725E 8BC0 mov eax, eax 00877260 $- FF25 3066B100 jmp dword ptr [B16630] ; USER32.KillTimer 00877266 8BC0 mov eax, eax 00877268 $- FF25 2C66B100 jmp dword ptr [B1662C] ; USER32.LoadBitmapA 0087726E 8BC0 mov eax, eax 00877270 $- FF25 2866B100 jmp dword ptr [B16628] ; USER32.LoadCursorA 00877276 8BC0 mov eax, eax 00877278 $- FF25 2466B100 jmp dword ptr [B16624] ; USER32.LoadIconA 0087727E 8BC0 mov eax, eax 00877280 $- FF25 2066B100 jmp dword ptr [B16620] ; USER32.LoadKeyboardLayoutA 00877286 8BC0 mov eax, eax 00877288 $- FF25 1C66B100 jmp dword ptr [B1661C] ; USER32.LoadStringA 0087728E 8BC0 mov eax, eax 00877290 $- FF25 1866B100 jmp dword ptr [B16618] ; USER32.LoadStringW 00877296 8BC0 mov eax, eax 00877298 $- FF25 1466B100 jmp dword ptr [B16614] ; USER32.MapVirtualKeyA 0087729E 8BC0 mov eax, eax 008772A0 $- FF25 1066B100 jmp dword ptr [B16610] ; USER32.MapVirtualKeyW 008772A6 8BC0 mov eax, eax 008772A8 $- FF25 0C66B100 jmp dword ptr [B1660C] ; USER32.MapWindowPoints 008772AE 8BC0 mov eax, eax 008772B0 $- FF25 0866B100 jmp dword ptr [B16608] ; USER32.MessageBeep 008772B6 8BC0 mov eax, eax 008772B8 $- FF25 0466B100 jmp dword ptr [B16604] ; USER32.MessageBoxA 008772BE 8BC0 mov eax, eax 008772C0 $- FF25 0066B100 jmp dword ptr [B16600] ; USER32.MsgWaitForMultipleObjects 008772C6 8BC0 mov eax, eax 008772C8 $- FF25 FC65B100 jmp dword ptr [B165FC] ; USER32.OemToCharA 008772CE 8BC0 mov eax, eax 008772D0 $- FF25 F865B100 jmp dword ptr [B165F8] ; USER32.OffsetRect 008772D6 8BC0 mov eax, eax 008772D8 $- FF25 F465B100 jmp dword ptr [B165F4] ; USER32.PeekMessageA 008772DE 8BC0 mov eax, eax 008772E0 $- FF25 F065B100 jmp dword ptr [B165F0] ; USER32.PostMessageA 008772E6 8BC0 mov eax, eax 008772E8 $- FF25 EC65B100 jmp dword ptr [B165EC] ; USER32.PostMessageW 008772EE 8BC0 mov eax, eax 008772F0 $- FF25 E865B100 jmp dword ptr [B165E8] ; USER32.PostQuitMessage 008772F6 8BC0 mov eax, eax 008772F8 $- FF25 E465B100 jmp dword ptr [B165E4] ; USER32.PtInRect 008772FE 8BC0 mov eax, eax 00877300 $- FF25 E065B100 jmp dword ptr [B165E0] ; USER32.RedrawWindow 00877306 8BC0 mov eax, eax 00877308 $- FF25 DC65B100 jmp dword ptr [B165DC] ; USER32.RegisterClassA 0087730E 8BC0 mov eax, eax 00877310 $- FF25 D865B100 jmp dword ptr [B165D8] ; USER32.RegisterClassW 00877316 8BC0 mov eax, eax 00877318 $- FF25 D465B100 jmp dword ptr [B165D4] ; USER32.RegisterWindowMessageA 0087731E 8BC0 mov eax, eax 00877320 $- FF25 D065B100 jmp dword ptr [B165D0] ; USER32.RegisterWindowMessageA 00877326 8BC0 mov eax, eax 00877328 $- FF25 CC65B100 jmp dword ptr [B165CC] ; USER32.ReleaseCapture 0087732E 8BC0 mov eax, eax 00877330 $- FF25 C865B100 jmp dword ptr [B165C8] ; USER32.ReleaseDC 00877336 8BC0 mov eax, eax 00877338 $- FF25 C465B100 jmp dword ptr [B165C4] ; USER32.RemoveMenu 0087733E 8BC0 mov eax, eax 00877340 $- FF25 C065B100 jmp dword ptr [B165C0] ; USER32.RemovePropA 00877346 8BC0 mov eax, eax 00877348 $- FF25 BC65B100 jmp dword ptr [B165BC] ; USER32.ScreenToClient 0087734E 8BC0 mov eax, eax 00877350 $- FF25 B865B100 jmp dword ptr [B165B8] ; USER32.ScrollWindow 00877356 8BC0 mov eax, eax 00877358 $- FF25 B465B100 jmp dword ptr [B165B4] ; USER32.SendMessageA 0087735E 8BC0 mov eax, eax 00877360 $- FF25 B465B100 jmp dword ptr [B165B4] ; USER32.SendMessageA 00877366 8BC0 mov eax, eax 00877368 $- FF25 B065B100 jmp dword ptr [B165B0] ; USER32.SendMessageW 0087736E 8BC0 mov eax, eax 00877370 $- FF25 AC65B100 jmp dword ptr [B165AC] ; USER32.SetActiveWindow 00877376 8BC0 mov eax, eax 00877378 $- FF25 A865B100 jmp dword ptr [B165A8] ; USER32.SetCapture 0087737E 8BC0 mov eax, eax 00877380 $- FF25 A465B100 jmp dword ptr [B165A4] ; USER32.SetClassLongA 00877386 8BC0 mov eax, eax 00877388 $- FF25 A065B100 jmp dword ptr [B165A0] ; USER32.SetCursor 0087738E 8BC0 mov eax, eax 00877390 $- FF25 9C65B100 jmp dword ptr [B1659C] ; USER32.SetFocus 00877396 8BC0 mov eax, eax 00877398 $- FF25 9865B100 jmp dword ptr [B16598] ; USER32.SetForegroundWindow 0087739E 8BC0 mov eax, eax 008773A0 $- FF25 9465B100 jmp dword ptr [B16594] ; USER32.SetMenu 008773A6 8BC0 mov eax, eax 008773A8 $- FF25 9065B100 jmp dword ptr [B16590] ; USER32.SetMenuItemInfoA 008773AE 8BC0 mov eax, eax 008773B0 $- FF25 8C65B100 jmp dword ptr [B1658C] ; USER32.SetMenuItemInfoW 008773B6 8BC0 mov eax, eax 008773B8 $- FF25 8865B100 jmp dword ptr [B16588] ; USER32.SetParent 008773BE 8BC0 mov eax, eax 008773C0 $- FF25 8465B100 jmp dword ptr [B16584] ; USER32.SetPropA 008773C6 8BC0 mov eax, eax 008773C8 $- FF25 8065B100 jmp dword ptr [B16580] ; USER32.SetRect 008773CE 8BC0 mov eax, eax 008773D0 .- FF25 7C65B100 jmp dword ptr [B1657C] ; USER32.SetScrollInfo 008773D6 8BC0 mov eax, eax 008773D8 .- FF25 7865B100 jmp dword ptr [B16578] ; USER32.SetScrollPos 008773DE 8BC0 mov eax, eax 008773E0 .- FF25 7465B100 jmp dword ptr [B16574] ; USER32.SetScrollRange 008773E6 8BC0 mov eax, eax 008773E8 $- FF25 7065B100 jmp dword ptr [B16570] ; USER32.SetTimer 008773EE 8BC0 mov eax, eax 008773F0 $- FF25 6C65B100 jmp dword ptr [B1656C] ; USER32.SetWindowLongA 008773F6 8BC0 mov eax, eax 008773F8 $- FF25 6C65B100 jmp dword ptr [B1656C] ; USER32.SetWindowLongA 008773FE 8BC0 mov eax, eax 00877400 $- FF25 6865B100 jmp dword ptr [B16568] ; USER32.SetWindowLongW 00877406 8BC0 mov eax, eax 00877408 $- FF25 6465B100 jmp dword ptr [B16564] ; USER32.SetWindowPlacement 0087740E 8BC0 mov eax, eax 00877410 $- FF25 6065B100 jmp dword ptr [B16560] ; USER32.SetWindowPos 00877416 8BC0 mov eax, eax 00877418 $- FF25 5C65B100 jmp dword ptr [B1655C] ; USER32.SetWindowTextA 0087741E 8BC0 mov eax, eax 00877420 $- FF25 5C65B100 jmp dword ptr [B1655C] ; USER32.SetWindowTextA 00877426 8BC0 mov eax, eax 00877428 $- FF25 5865B100 jmp dword ptr [B16558] ; USER32.SetWindowTextW 0087742E 8BC0 mov eax, eax 00877430 $- FF25 5465B100 jmp dword ptr [B16554] ; USER32.SetWindowsHookExA 00877436 8BC0 mov eax, eax 00877438 $- FF25 5065B100 jmp dword ptr [B16550] ; USER32.SetWindowsHookExW 0087743E 8BC0 mov eax, eax 00877440 $- FF25 4C65B100 jmp dword ptr [B1654C] ; USER32.ShowCursor 00877446 8BC0 mov eax, eax 00877448 $- FF25 4865B100 jmp dword ptr [B16548] ; USER32.ShowOwnedPopups 0087744E 8BC0 mov eax, eax 00877450 .- FF25 4465B100 jmp dword ptr [B16544] ; USER32.ShowScrollBar 00877456 8BC0 mov eax, eax 00877458 $- FF25 4065B100 jmp dword ptr [B16540] ; USER32.ShowWindow 0087745E 8BC0 mov eax, eax 00877460 $- FF25 3C65B100 jmp dword ptr [B1653C] ; USER32.SystemParametersInfoA 00877466 8BC0 mov eax, eax 00877468 $- FF25 3865B100 jmp dword ptr [B16538] ; USER32.TrackPopupMenu 0087746E 8BC0 mov eax, eax 00877470 $- FF25 3465B100 jmp dword ptr [B16534] ; USER32.TranslateMDISysAccel 00877476 8BC0 mov eax, eax 00877478 $- FF25 3065B100 jmp dword ptr [B16530] ; USER32.TranslateMessage 0087747E 8BC0 mov eax, eax 00877480 $- FF25 2C65B100 jmp dword ptr [B1652C] ; USER32.UnhookWindowsHookEx 00877486 8BC0 mov eax, eax 00877488 $- FF25 2865B100 jmp dword ptr [B16528] ; USER32.UnregisterClassA 0087748E 8BC0 mov eax, eax 00877490 $- FF25 2465B100 jmp dword ptr [B16524] ; USER32.UnregisterClassW 00877496 8BC0 mov eax, eax 00877498 $- FF25 2065B100 jmp dword ptr [B16520] ; USER32.UpdateWindow 0087749E 8BC0 mov eax, eax 008774A0 $- FF25 1C65B100 jmp dword ptr [B1651C] ; USER32.VkKeyScanW 008774A6 8BC0 mov eax, eax 008774A8 $- FF25 1865B100 jmp dword ptr [B16518] ; USER32.WaitMessage 008774AE 8BC0 mov eax, eax 008774B0 $- FF25 1465B100 jmp dword ptr [B16514] ; USER32.WinHelpA 008774B6 8BC0 mov eax, eax 008774B8 $- FF25 1065B100 jmp dword ptr [B16510] ; USER32.WindowFromPoint 008774BE 8BC0 mov eax, eax 上面那些里面的B16204---B16924 里就应该是我要找的吧? 于是我就用IMP在RAV=B16204-870000=2A6204的位置大小为1000 查找输入表 果然 找到了17个有效 还有一些无效的 跑到地址B1692C处 看到下面除了 00B1690C F4 2B A2 71 66 2B A2 71 6A 40 A2 71 39 96 A2 71 ?f+j@9枹q 00B1691C 00 3E A2 71 00 00 00 00 F7 A8 B2 76 00 00 00 00 .>....鳕瞯.... 00B1692C 4B 45 52 4E 45 4C 33 32 2E 44 4C 4C 00 00 44 00 KERNEL32.DLL..D. 00B1693C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00B1694C 00 00 00 00 00 00 4C 00 00 00 00 00 00 00 00 00 ......L......... 00B1695C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 45 00 ..............E. 00B1696C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ............... 这些往 下全是0000了 于是我修改RAV为B16204 大小为158重新查一下 得到全部为有效函数,,, 这时的IAT还是没办法 (这里用IMP怎么搞》?) 直接修复DUMP出来的文件。 再用LORDPE打开修复后的文件 修改OEP为2D9CB5 RAV为2E1000(新加的区段就为这个,不知道我添的对不对) 重新校验和 保存。。。。。 修复PE文件 3个成功。。RAV不需要修复的提示!。。 运行程序 开始正常 当一点STAR的时候 程序就消失了 呵呵 进程退出!(正常进程也会退出 但会启动另一个进程,这修复后的却不会了。头疼!) 再用OD加载下看看吧 哈 这回好了 干脆提示 格式错误或未知格式了! 是不是 那个OEP不对哦? |
|
[求助]忙了一下午 仍然是茫然!!
没人帮我顶 我自己顶顶 版主可以帮我吗? |
|
|
|
[求助]请高手指教。ASPR的难题
新手上路 研究研究 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值