00401473 68 40404000 push wwwww.0040404>;00401478 E8 B3060000 call 111111.00401B3>
0040147D 83C4 0C add esp,0C
00401480 6A 00 push 0
00401482 6A 00 push 0
00401484 6A 00 push 0
00401486 68 801A4000 push wwwwww.00401A8>; 「a@
0040148B 6A 00 push 0
0040148D 6A 00 push 0
0040148F FF15 0C304000 call dword ptr ds>; kernel32.CreateThread
00401495 A3 BC414000 mov dword ptr ds:>
0040149A A1 E8414000 mov eax,dword ptr>
0040149F 8B08 mov ecx,dword ptr>
004014A1 51 push ecx
004014A2 6A 00 push 0
004014A4 68 FF0F1F00 push 1F0FFF
004014A9 FF15 08304000 call dword ptr ds>; kernel32.OpenProcess
004014AF 8D5424 18 lea edx,dword ptr>
004014B3 A3 C8414000 mov dword ptr ds:>
004014B8 52 push edx
004014B9 68 00FDDF87 push 87DFFD00
004014BE 6A FF push -1
004014C0 68 00000003 push 3000000
004014C5 50 push eax
004014C6 E8 45070000 call wwww.00401C1>
004014CB 8B4C24 2C mov ecx,dword ptr>
004014CF 8B15 DC414000 mov edx,dword ptr>
004014D5 83C4 14 add esp,14
004014D8 8B35 04304000 mov esi,dword ptr>; kernel32.ReadProcessMemory
004014DE 8D4424 1C lea eax,dword ptr>
004014E2 6A 00 push 0
004014E4 6A 04 push 4
004014E6 50 push eax
004014E7 8D840A 0EFFFFFF lea eax,dword ptr>
004014EE 8B0D C8414000 mov ecx,dword ptr>
004014F4 50 push eax
004014F5 51 push ecx
004014F6 FFD6 call esi
004014F8 8B5424 1C mov edx,dword ptr>
004014FC A1 D8414000 mov eax,dword ptr>
00401501 6A 00 push 0
00401503 6A 04 push 4
00401505 8D8C10 AC000000 lea ecx,dword ptr>
0040150C 8B15 C8414000 mov edx,dword ptr>
00401512 68 E4414000 push wwwwww.004041E>
00401517 51 push ecx
00401518 52 push edx
00401519 FFD6 call esi
0040151B A1 C8414000 mov eax,dword ptr>
00401520 50 push eax
00401521 FF15 48304000 call dword ptr ds>; kernel32.CloseHandle
00401527 8B4C24 20 mov ecx,dword ptr>
0040152B 8B35 2C404000 mov esi,dword ptr>
00401531 2BCE sub ecx,esi
00401533 890D D0414000 mov dword ptr ds:>
00401539 FFD7 call edi
0040153B 8B35 50324000 mov esi,dword ptr>; USER32.PostMessageA
00401541 2BC5 sub eax,ebp
00401543 3D 88130000 cmp eax,1388
00401548 76 0F jbe short wwww.00> 改JMP无法保存
0040154A 8B15 B8414000 mov edx,dword ptr>
00401550 6A 00 push 0
00401552 6A 00 push 0
00401554 6A 10 push 10
00401556 52 push edx
00401557 FFD6 call esi
00401559 FF15 00304000 call dword ptr ds>; kernel32.IsDebuggerPresent
0040155F 85C0 test eax,eax
00401561 74 0E je short wwwww.004> nop掉无法保存
00401563 A1 B8414000 mov eax,dword ptr>
00401568 6A 00 push 0
0040156A 6A 00 push 0
0040156C 6A 10 push 10
0040156E 50 push eax
0040156F FFD6 call esi
00401571 8D4C24 14 lea ecx,dword ptr>
改了两处,发现无法保存,不知道什么原因,具体软件可以见我其他的帖子
拜托大牛帮我看下好吗,小弟是新手
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课