[求助]Visual Protect 脱壳,壳已经脱掉但修复不成功-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

[求助]Visual Protect 脱壳,壳已经脱掉但修复不成功

发表于: 2005-6-11 09:37 5104

[求助]Visual Protect 脱壳,壳已经脱掉但修复不成功

老刘

2005-6-11 09:37

5104

我在研究脱壳时发现一种壳是Visual Protect版本好像是2.25
搜索论坛fly大侠有一篇dll的脱壳
还搜到一篇fly的Visual Protect V3.54 脱壳 ―― VisualProtect.exe 主程序
还有一篇“小球”的文章
小球的文章太过笼统无法参照
根据fly大侠的文章在下面
006BCF90    55                push ebp
                              ====>进入OD后断在这！
006BCF91    8BEC                mov ebp,esp
006BCF93    51                push ecx
006BCF94    53                push ebx
006BCF95    56                push esi
006BCF96    57                push edi
006BCF97    C705 B03E6C00 000000>mov dword ptr ds:[6C3EB0],0
006BCFA1    68 48206C00       push VisualPr.006C2048                   ;ASCII "kernel32.dll"
006BCFA6    FF15 00006C00       call dword ptr ds:[<&KERNEL32.LoadLibraryA>];kernel32.LoadLibraryA
006BCFAC    A3 0C3F6C00       mov dword ptr ds:[6C3F0C],eax
006BCFB1    68 58206C00       push VisualPr.006C2058                      ;ASCII "GetModuleHandleA"
006BCFB6    A1 0C3F6C00       mov eax,dword ptr ds:[6C3F0C]
006BCFBB    50                push eax
006BCFBC    FF15 04006C00       call dword ptr ds:[<&KERNEL32.GetProcAddress>];kernel32.GetProcAddress

上面这段代码对于用Visual Protect V3.54加壳的程序来说几乎是固定的。

OK，不管那么多，F9 和 SHIFT+F9运行！直至出现“This application was protected using Visual Protect”的经典Visual Protect保护画面时停下，当然要点“Try”啦，否则程序退出还怎么玩？

///在我这里不通，F9异常后点击试用没有异常程序直接进入试用状态

下面是fly原文：
//
0079478F    3A0A                cmp cl,byte ptr ds:[edx]
                              ====>这里异常！当第2次异常时看看堆栈：

0012F39C 007FBEF5 返回到 VP.007FBEF5 来自 VP.00794788
0012F3A0 0012F3C8 指针到下一个 SEH 记录
0012F3A4 007FBEFF SE 句柄 //此处下断！

007FBEFF E9 DC7CF9FF       jmp VP.00793BE0
                              ====>堆栈区的第二条地址  设断  F9断在此处

00793BE0    8B4424 04          mov eax,dword ptr ss:[esp+4]
00793BE4    F740 04 06000000    test dword ptr ds:[eax+4],6
00793BEB    0F85 13010000       jnz VP.00793D04
…… …… 省略 …… ……    直接CTRL+F9执行到返回
007FBF04    8B45 FC             mov eax,dword ptr ss:[ebp-4]
007FBF07    E8 8C86F9FF       call VP.00794598
007FBF0C    E8 3780F9FF       call VP.00793F48
007FBF11    5F                pop edi
007FBF12    5E                pop esi
007FBF13    5B                pop ebx
007FBF14    59                pop ecx
007FBF15    5D                pop ebp
007FBF16    C3                retn
                              ====>返回到 0080802A
//
我没有找到相似代码段

我进入VP.dll的空间到和fly的差不多

发现在VP.dll里面全是注册效验代码
直到下面
//
fly原文
00835D75    B8 8C6A8300       mov eax,VP.00836A8C ; ASCII "SetEnvironment"
00835D7A    E8 B9BEFFFF       call VP.00831C38
00835D7F    A1 70BE8300       mov eax,dword ptr ds:[83BE70]
00835D84    8B40 41             mov eax,dword ptr ds:[eax+41]
                              ====>EAX=0026B508                   这是OEP的偏移值

00835D87    0345 10             add eax,dword ptr ss:[ebp+10]
                              ====>EAX=0026B508 + 00400000=0066B508 这就是OEP值

00835D8A    8945 FC             mov dword ptr ss:[ebp-4],eax
                              ====>[ebp-4]=EAX=0066B508       呵呵，记住这个[ebp-4]

00835D8D    B8 144C8300       mov eax,VP.[NONAME]
00835D92    E8 A9100000       call VP.00836E40
00835D97    3B05 74018400       cmp eax,dword ptr ds:[840174]
00835D9D    A1 48BB8300       mov eax,dword ptr ds:[83BB48]
和我跟踪的差不多

下面是我跟踪的具体方法请大侠指点

od载入hou
004E9F90 w>  55          push ebp  //od载入hou停在这里
004E9F91    8BEC       mov ebp,esp
004E9F93    51          push ecx
004E9F94    53          push ebx
004E9F95    56          push esi
004E9F96    57          push edi
004E9F97    C705 B00E4F00>mov dword ptr ds:[4F0EB0],0
004E9FA1    68 48F04E00 push wscut.004EF048             ; ASCII "kernel32.dll"
004E9FA6    FF15 00D04E00 call dword ptr ds:[<&KERNEL32.Load>; KERNEL32.LoadLibraryA
004E9FAC    A3 0C0F4F00 mov dword ptr ds:[4F0F0C],eax
004E9FB1    68 58F04E00 push wscut.004EF058             ; ASCII "GetModuleHandleA"
004E9FB6    A1 0C0F4F00 mov eax,dword ptr ds:[4F0F0C]
004E9FBB    50          push eax
004E9FBC    FF15 04D04E00 call dword ptr ds:[<&KERNEL32.GetP>; KERNEL32.GetProcAddress
004E9FC2    A3 900E4F00 mov dword ptr ds:[4F0E90],eax
004E9FC7    6A 00       push 0
004E9FC9    FF15 900E4F00 call dword ptr ds:[4F0E90]
004E9FCF    A3 EC0E4F00 mov dword ptr ds:[4F0EEC],eax
004E9FD4    8B0D EC0E4F00 mov ecx,dword ptr ds:[4F0EEC]
004E9FDA    51          push ecx
004E9FDB    E8 C0050000 call wscut.004EA5A0  //F8进到下面
004E9FE0    83C4 04    add esp,4
004E9FE3    8945 FC    mov dword ptr ss:[ebp-4],eax
///////////////////////////////////////////////////////
部分代码省略，遇到向上的跳转一律F4向下走来到下面
004EAE49    51          push ecx
004EAE4A    68 400D4F00 push wscut.004F0D40
004EAE4F    68 780D4F00 push wscut.004F0D78
004EAE54    68 B8084F00 push wscut.004F08B8
004EAE59    8B15 EC0E4F00 mov edx,dword ptr ds:[4F0EEC]    ; wscut.00400000
004EAE5F    52          push edx
004EAE60    8D85 F8FEFFFF lea eax,dword ptr ss:[ebp-108]
004EAE66    50          push eax
004EAE67    8D8D E8FEFFFF lea ecx,dword ptr ss:[ebp-118]
004EAE6D    51          push ecx
004EAE6E    FF15 880E4F00 call dword ptr ds:[4F0E88]  //F8进入VP.dll空间，发现全是注册验证，继续GO
004EAE74    83BD F8FEFFFF>cmp dword ptr ss:[ebp-108],0
004EAE7B    74 0D       je short wscut.004EAE8A
004EAE7D    A1 EC0E4F00 mov eax,dword ptr ds:[4F0EEC]
004EAE82    0385 F8FEFFFF add eax,dword ptr ss:[ebp-108]
004EAE88    EB 02       jmp short wscut.004EAE8C

经过几次异常（不知道异常时应该怎么处理，我这里全部ALT＋F9返回，不知对否？）来到下面
/////////////////////////////////////////////////////////////////
002D5D75    B8 8C6A2D00 mov eax,VP.002D6A8C             ; ASCII "SetEnvironment"
002D5D7A    E8 B9BEFFFF call VP.002D1C38
002D5D7F    A1 70BE2D00 mov eax,dword ptr ds:[2DBE70]
002D5D84    8B40 41    mov eax,dword ptr ds:[eax+41]          //传说中的OEP的值出现了eax=000D0060
002D5D87    0345 10    add eax,dword ptr ss:[ebp+10]    ; wscut.00400000
002D5D8A    8945 FC    mov dword ptr ss:[ebp-4],eax
002D5D8D    B8 144C2D00 mov eax,VP.[NONAME]
002D5D92    E8 A9100000 call VP.002D6E40
002D5D97    3B05 74012E00 cmp eax,dword ptr ds:[2E0174]
002D5D9D    A1 48BB2D00 mov eax,dword ptr ds:[2DBB48]
002D5DA2    0F9400       sete byte ptr ds:[eax]
002D5DA5    A1 70BE2D00 mov eax,dword ptr ds:[2DBE70]

002D5D7A    E8 B9BEFFFF call VP.002D1C38
002D5D7F    A1 70BE2D00 mov eax,dword ptr ds:[2DBE70]
002D5D84    8B40 41    mov eax,dword ptr ds:[eax+41]
002D5D87    0345 10    add eax,dword ptr ss:[ebp+10]
002D5D8A    8945 FC    mov dword ptr ss:[ebp-4],eax
002D5D8D    B8 144C2D00 mov eax,VP.[NONAME]             ; 记住这里的值，参照fly的教程，就是这里eax=000D0060
002D5D92    E8 A9100000 call VP.002D6E40
002D5D97    3B05 74012E00 cmp eax,dword ptr ds:[2E0174]
002D5D9D    A1 48BB2D00 mov eax,dword ptr ds:[2DBB48]

002D5EB0    8B45 08    mov eax,dword ptr ss:[ebp+8]       //看到这里，断定是Delphi程序
002D5EB3    FF50 08    call dword ptr ds:[eax+8]
002D5EB6    EB 16       jmp short VP.002D5ECE
002D5EB8    B8 406B2D00 mov eax,VP.002D6B40             ; ASCII "Delphi ImportTable"
002D5EBD    E8 76BDFFFF call VP.002D1C38
002D5EC2    A1 84BB2D00 mov eax,dword ptr ds:[2DBB84]
002D5EC7    8B00       mov eax,dword ptr ds:[eax]
002D5EC9    E8 7AA6FEFF call VP.[NONAME]
002D5ECE    A1 48BB2D00 mov eax,dword ptr ds:[2DBB48]

////////////////////////////////////////////////
上面看到希望了OEP就是eax=000D0060
好，继续走
下面：
////////////////////
002D5FBF    52          push edx
002D5FC0    50          push eax
002D5FC1    8D95 58FAFFFF lea edx,dword ptr ss:[ebp-5A8]
002D5FC7    B8 08000000 mov eax,8
002D5FCC    E8 AF2FF6FF call VP.00238F80
002D5FD1    8B8D 58FAFFFF mov ecx,dword ptr ss:[ebp-5A8]
002D5FD7    8D85 5CFAFFFF lea eax,dword ptr ss:[ebp-5A4]
002D5FDD    BA 946B2D00 mov edx,VP.002D6B94             ; ASCII "Finalizing 0x"
002D5FE2    E8 B5E8F5FF call VP.0023489C
002D5FE7    8B85 5CFAFFFF mov eax,dword ptr ss:[ebp-5A4]
002D5FED    E8 46BCFFFF call VP.002D1C38
002D5FF2 - FF65 FC    jmp dword ptr ss:[ebp-4]          ; wscut.004D0060       飞向光明之巅（有抄袭FLY之嫌啊！！^_^）OEP：D0060
002D5FF5    6A 00       push 0
002D5FF7    E8 C00CF6FF call VP.00236CBC
002D5FFC    E9 C6040000 jmp VP.002D64C7
002D6001    A1 70BE2D00 mov eax,dword ptr ds:[2DBE70]
002D6006    8B40 41    mov eax,dword ptr ds:[eax+41]
002D6009    8B55 0C    mov edx,dword ptr ss:[ebp+C]
002D600C    8902       mov dword ptr ds:[edx],eax
002D600E    8B45 0C    mov eax,dword ptr ss:[ebp+C]
002D6011    8B00       mov eax,dword ptr ds:[eax]

002D5FF2处跳转后来到这里
不是吧？写这篇文章的时候已经不能试用了
上面上能试用的时候复制的代码！！

总之和fly的差不多，下面是fly的
0066B508    55                push ebp
                              ====>在这儿用LordPE完全DUMP这个进程
0066B509    8BEC                mov ebp,esp
0066B50B    83C4 F0             add esp,-10
0066B50E    B8 D0AC6600       mov eax,VisualPr.0066ACD0
0066B513    E8 E8BCD9FF       call VisualPr.00407200
0066B518    A1 34D86700       mov eax,dword ptr ds:[67D834]
0066B51D    8B00                mov eax,dword ptr ds:[eax]
0066B51F    E8 301EE2FF       call VisualPr.0048D354
0066B524    A1 34D86700       mov eax,dword ptr ds:[67D834]
0066B529    8B00                mov eax,dword ptr ds:[eax]
0066B52B    BA B0B56600       mov edx,VisualPr.0066B5B0    ; ASCII "Visual Protect"
0066B530    E8 D318E2FF       call VisualPr.0048CE08
然后用ImportREC选择这个进程填入oep＝D0060，然后IT AutoSearch，然后Get Import”，有许多函数无效，用“追踪层次3”修复无效。FixDump，不能正常运行！
请大侠指点啊
程序地址：http://ssbbs.hn8868.com/soft/22.exe

[课程]Android-CTF解题方法汇总！

收藏・0

免费・0

支持

最新回复 (5)
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 2 楼想办法避开输入表加密 2005-6-11 12:25 0
老刘雪币： 451 活跃值： (117) 能力值： ( LV3，RANK：20 ) 在线值：发帖 13 回帖 137 粉丝 1 关注私信	老刘 3 楼ｆｌｙ大侠能不能给个详细的说你不是说这个壳不加密输入表吗？我知道加密输入表之前会有一个跳转可就是找不到，给点提示吧，或者有没有固定的特征代码啊加密输入表是在跳向程序真正入口之前吧有多远呢？请给个提示类似的脱壳文章太少了 2005-6-11 13:21 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 4 楼我哪里说过Visual Protect不加密输入表？看看壳是如何处理输入表，就能找到避开加密的方法 2005-6-11 13:33 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 5 楼具体避开输入表加密的方法去搜索：《用Ollydbg手脱Visual Protect V3.54加壳的DLL》 OEP: 000D0060 IATRVA: 000D51A0 IATSize: 00000744 FThunk: 000D51A4 NbFunc: 0000002B 1 000D51A4 kernel32.dll 0080 DeleteCriticalSection 1 000D51A8 kernel32.dll 0241 LeaveCriticalSection 1 000D51AC kernel32.dll 0097 EnterCriticalSection 1 000D51B0 kernel32.dll 0216 InitializeCriticalSection 1 000D51B4 kernel32.dll 036E VirtualFree 1 000D51B8 kernel32.dll 036B VirtualAlloc 1 000D51BC kernel32.dll 024C LocalFree 1 000D51C0 kernel32.dll 0248 LocalAlloc 1 000D51C4 kernel32.dll 013F GetCurrentThreadId 1 000D51C8 kernel32.dll 021A InterlockedDecrement 1 000D51CC kernel32.dll 021E InterlockedIncrement 1 000D51D0 kernel32.dll 0373 VirtualQuery 1 000D51D4 kernel32.dll 037F WideCharToMultiByte 1 000D51D8 kernel32.dll 02F8 SetCurrentDirectoryA 1 000D51DC kernel32.dll 0265 MultiByteToWideChar 1 000D51E0 kernel32.dll 03B3 lstrlen 1 000D51E4 kernel32.dll 03B0 lstrcpyn 1 000D51E8 kernel32.dll 0243 LoadLibraryExA 1 000D51EC kernel32.dll 01CD GetThreadLocale 1 000D51F0 kernel32.dll 01AD GetStartupInfoA 1 000D51F4 kernel32.dll 0198 GetProcAddress 1 000D51F8 kernel32.dll 0176 GetModuleHandleA 1 000D51FC kernel32.dll 0174 GetModuleFileNameA 1 000D5200 kernel32.dll 016C GetLocaleInfoA 1 000D5204 kernel32.dll 0169 GetLastError 1 000D5208 kernel32.dll 013A GetCurrentDirectoryA 1 000D520C kernel32.dll 010A GetCommandLineA 1 000D5210 kernel32.dll 00F1 FreeLibrary 1 000D5214 kernel32.dll 00D1 FindFirstFileA 1 000D5218 kernel32.dll 00CD FindClose 1 000D521C kernel32.dll 00B7 ExitProcess 1 000D5220 kernel32.dll 038C WriteFile 1 000D5224 kernel32.dll 0358 UnhandledExceptionFilter 1 000D5228 kernel32.dll 0307 SetFilePointer 1 000D522C kernel32.dll 02FE SetEndOfFile 1 000D5230 kernel32.dll 02C5 RtlUnwind 1 000D5234 kernel32.dll 02A4 ReadFile 1 000D5238 kernel32.dll 0297 RaiseException 1 000D523C kernel32.dll 01AF GetStdHandle 1 000D5240 kernel32.dll 015C GetFileSize 1 000D5244 kernel32.dll 015F GetFileType 1 000D5248 kernel32.dll 0050 CreateFileA 1 000D524C kernel32.dll 0032 CloseHandle FThunk: 000D5254 NbFunc: 00000004 1 000D5254 user32.dll 0128 GetKeyboardType 1 000D5258 user32.dll 01C9 LoadStringA 1 000D525C user32.dll 01DD MessageBoxA 1 000D5260 user32.dll 002B CharNextA FThunk: 000D5268 NbFunc: 00000003 1 000D5268 advapi32.dll 01EE RegQueryValueExA 1 000D526C advapi32.dll 01E4 RegOpenKeyExA 1 000D5270 advapi32.dll 01CB RegCloseKey FThunk: 000D5278 NbFunc: 00000003 1 000D5278 oleaut32.dll 0006 SysFreeString 1 000D527C oleaut32.dll 0005 SysReAllocStringLen 1 000D5280 oleaut32.dll 0004 SysAllocStringLen FThunk: 000D5288 NbFunc: 00000004 1 000D5288 kernel32.dll 034F TlsSetValue 1 000D528C kernel32.dll 034E TlsGetValue 1 000D5290 kernel32.dll 0248 LocalAlloc 1 000D5294 kernel32.dll 0176 GetModuleHandleA FThunk: 000D529C NbFunc: 00000003 1 000D529C advapi32.dll 01EE RegQueryValueExA 1 000D52A0 advapi32.dll 01E4 RegOpenKeyExA 1 000D52A4 advapi32.dll 01CB RegCloseKey FThunk: 000D52AC NbFunc: 00000042 1 000D52AC kernel32.dll 03AD lstrcpy 1 000D52B0 kernel32.dll 0391 WritePrivateProfileStringA 1 000D52B4 kernel32.dll 038C WriteFile 1 000D52B8 kernel32.dll 037B WaitForSingleObject 1 000D52BC kernel32.dll 0373 VirtualQuery 1 000D52C0 kernel32.dll 036B VirtualAlloc 1 000D52C4 kernel32.dll 033F Sleep 1 000D52C8 kernel32.dll 033E SizeofResource 1 000D52CC kernel32.dll 032D SetThreadLocale 1 000D52D0 kernel32.dll 0307 SetFilePointer 1 000D52D4 kernel32.dll 0302 SetEvent 1 000D52D8 kernel32.dll 0301 SetErrorMode 1 000D52DC kernel32.dll 02FE SetEndOfFile 1 000D52E0 kernel32.dll 02BD ResetEvent 1 000D52E4 kernel32.dll 02A4 ReadFile 1 000D52E8 kernel32.dll 0265 MultiByteToWideChar 1 000D52EC kernel32.dll 0264 MulDiv 1 000D52F0 kernel32.dll 0255 LockResource 1 000D52F4 kernel32.dll 0247 LoadResource 1 000D52F8 kernel32.dll 0242 LoadLibraryA 1 000D52FC kernel32.dll 0241 LeaveCriticalSection 1 000D5300 kernel32.dll 0216 InitializeCriticalSection 1 000D5304 kernel32.dll 01FD GlobalUnlock 1 000D5308 kernel32.dll 01FA GlobalSize 1 000D530C kernel32.dll 01F9 GlobalReAlloc 1 000D5310 kernel32.dll 01F7 GlobalMemoryStatus 1 000D5314 kernel32.dll 01F5 GlobalHandle 1 000D5318 kernel32.dll 01F6 GlobalLock 1 000D531C kernel32.dll 01F2 GlobalFree 1 000D5320 kernel32.dll 01EE GlobalFindAtomA 1 000D5324 kernel32.dll 01ED GlobalDeleteAtom 1 000D5328 kernel32.dll 01EB GlobalAlloc 1 000D532C kernel32.dll 01E9 GlobalAddAtomA 1 000D5330 kernel32.dll 01DC GetVersionExA 1 000D5334 kernel32.dll 01DB GetVersion 1 000D5338 kernel32.dll 01D2 GetTickCount 1 000D533C kernel32.dll 01CD GetThreadLocale 1 000D5340 kernel32.dll 01B9 GetSystemInfo 1 000D5344 kernel32.dll 01B1 GetStringTypeExA 1 000D5348 kernel32.dll 01AF GetStdHandle 1 000D534C kernel32.dll 01A8 GetProfileStringA 1 000D5350 kernel32.dll 0198 GetProcAddress 1 000D5354 kernel32.dll 0194 GetPrivateProfileStringA 1 000D5358 kernel32.dll 0176 GetModuleHandleA 1 000D535C kernel32.dll 0174 GetModuleFileNameA 1 000D5360 kernel32.dll 016C GetLocaleInfoA 1 000D5364 kernel32.dll 016B GetLocalTime 1 000D5368 kernel32.dll 0169 GetLastError 1 000D536C kernel32.dll 0146 GetDiskFreeSpaceA 1 000D5370 kernel32.dll 0140 GetDateFormatA 1 000D5374 kernel32.dll 013F GetCurrentThreadId 1 000D5378 kernel32.dll 013D GetCurrentProcessId 1 000D537C kernel32.dll 00FE GetCPInfo 1 000D5380 kernel32.dll 00F7 GetACP 1 000D5384 kernel32.dll 00F3 FreeResource 1 000D5388 kernel32.dll 00F1 FreeLibrary 1 000D538C kernel32.dll 00EC FormatMessageA 1 000D5390 kernel32.dll 00E0 FindResourceA 1 000D5394 kernel32.dll 0098 EnumCalendarInfoA 1 000D5398 kernel32.dll 0097 EnterCriticalSection 1 000D539C kernel32.dll 0080 DeleteCriticalSection 1 000D53A0 kernel32.dll 006D CreateThread 1 000D53A4 kernel32.dll 0050 CreateFileA 1 000D53A8 kernel32.dll 004C CreateEventA 1 000D53AC kernel32.dll 0038 CompareStringA 1 000D53B0 kernel32.dll 0032 CloseHandle FThunk: 000D53B8 NbFunc: 00000003 1 000D53B8 version.dll 000B VerQueryValueA 1 000D53BC version.dll 0002 GetFileVersionInfoSizeA 1 000D53C0 version.dll 0001 GetFileVersionInfoA FThunk: 000D53C8 NbFunc: 00000056 1 000D53C8 gdi32.dll 0253 UnrealizeObject 1 000D53CC gdi32.dll 024A StretchBlt 1 000D53D0 gdi32.dll 0249 StartPage 1 000D53D4 gdi32.dll 0246 StartDocA 1 000D53D8 gdi32.dll 0244 SetWindowOrgEx 1 000D53DC gdi32.dll 0243 SetWindowExtEx 1 000D53E0 gdi32.dll 0242 SetWinMetaFileBits 1 000D53E4 gdi32.dll 0240 SetViewportOrgEx 1 000D53E8 gdi32.dll 023F SetViewportExtEx 1 000D53EC gdi32.dll 023D SetTextColor 1 000D53F0 gdi32.dll 0239 SetStretchBltMode 1 000D53F4 gdi32.dll 0236 SetROP2 1 000D53F8 gdi32.dll 0232 SetPixel 1 000D53FC gdi32.dll 022C SetMapMode 1 000D5400 gdi32.dll 0223 SetEnhMetaFileBits 1 000D5404 gdi32.dll 021F SetDIBColorTable 1 000D5408 gdi32.dll 021A SetBrushOrgEx 1 000D540C gdi32.dll 0217 SetBkMode 1 000D5410 gdi32.dll 0216 SetBkColor 1 000D5414 gdi32.dll 0211 SetAbortProc 1 000D5418 gdi32.dll 0210 SelectPalette 1 000D541C gdi32.dll 020F SelectObject 1 000D5420 gdi32.dll 0208 SaveDC 1 000D5424 gdi32.dll 0202 RoundRect 1 000D5428 gdi32.dll 0201 RestoreDC 1 000D542C gdi32.dll 01F7 Rectangle 1 000D5430 gdi32.dll 01F6 RectVisible 1 000D5434 gdi32.dll 01F4 RealizePalette 1 000D5438 gdi32.dll 01EF Polyline 1 000D543C gdi32.dll 01EB PolyPolyline 1 000D5440 gdi32.dll 01E1 PlayEnhMetaFile 1 000D5444 gdi32.dll 01DE PatBlt 1 000D5448 gdi32.dll 01D2 MoveToEx 1 000D544C gdi32.dll 01CF MaskBlt 1 000D5450 gdi32.dll 01CE LineTo 1 000D5454 gdi32.dll 01C8 IntersectClipRect 1 000D5458 gdi32.dll 01C4 GetWindowOrgEx 1 000D545C gdi32.dll 01C2 GetWinMetaFileBits 1 000D5460 gdi32.dll 01BD GetTextMetricsA 1 000D5464 gdi32.dll 01B7 GetTextExtentPointA 1 000D5468 gdi32.dll 01B5 GetTextExtentPoint32A 1 000D546C gdi32.dll 01AA GetSystemPaletteEntries 1 000D5470 gdi32.dll 01A6 GetStockObject 1 000D5474 gdi32.dll 01A5 GetRgnBox 1 000D5478 gdi32.dll 019D GetPixel 1 000D547C gdi32.dll 019B GetPaletteEntries 1 000D5480 gdi32.dll 0196 GetObjectA 1 000D5484 gdi32.dll 0176 GetEnhMetaFilePaletteEntries 1 000D5488 gdi32.dll 0175 GetEnhMetaFileHeader 1 000D548C gdi32.dll 0172 GetEnhMetaFileBits 1 000D5490 gdi32.dll 016C GetDeviceCaps 1 000D5494 gdi32.dll 016B GetDIBits 1 000D5498 gdi32.dll 016A GetDIBColorTable 1 000D549C gdi32.dll 0168 GetDCOrgEx 1 000D54A0 gdi32.dll 0166 GetCurrentPositionEx 1 000D54A4 gdi32.dll 0161 GetClipBox 1 000D54A8 gdi32.dll 0151 GetBrushOrgEx 1 000D54AC gdi32.dll 014B GetBitmapBits 1 000D54B0 gdi32.dll 011C GdiFlush 1 000D54B4 gdi32.dll 00DE ExtTextOutA 1 000D54B8 gdi32.dll 00D9 ExtCreatePen 1 000D54BC gdi32.dll 00D8 ExcludeClipRect 1 000D54C0 gdi32.dll 0099 EndPage 1 000D54C4 gdi32.dll 0097 EndDoc 1 000D54C8 gdi32.dll 0095 Ellipse 1 000D54CC gdi32.dll 0090 DeleteObject 1 000D54D0 gdi32.dll 008E DeleteEnhMetaFile 1 000D54D4 gdi32.dll 008D DeleteDC 1 000D54D8 gdi32.dll 0051 CreateSolidBrush 1 000D54DC gdi32.dll 004C CreateRectRgn 1 000D54E0 gdi32.dll 0049 CreatePenIndirect 1 000D54E4 gdi32.dll 0046 CreatePalette 1 000D54E8 gdi32.dll 0042 CreateICA 1 000D54EC gdi32.dll 0040 CreateHalftonePalette 1 000D54F0 gdi32.dll 003B CreateFontIndirectA 1 000D54F4 gdi32.dll 0034 CreateDIBitmap 1 000D54F8 gdi32.dll 0033 CreateDIBSection 1 000D54FC gdi32.dll 002F CreateDCA 1 000D5500 gdi32.dll 002E CreateCompatibleDC 1 000D5504 gdi32.dll 002D CreateCompatibleBitmap 1 000D5508 gdi32.dll 002A CreateBrushIndirect 1 000D550C gdi32.dll 0028 CreateBitmap 1 000D5510 gdi32.dll 0024 CopyEnhMetaFileA 1 000D5514 gdi32.dll 0022 CombineRgn 1 000D5518 gdi32.dll 0013 BitBlt 1 000D551C gdi32.dll 000C Arc FThunk: 000D5524 NbFunc: 000000AD 1 000D5524 user32.dll 02D6 WindowFromPoint 1 000D5528 user32.dll 02D3 WinHelpA 1 000D552C user32.dll 02D1 WaitMessage 1 000D5530 user32.dll 02C6 ValidateRect 1 000D5534 user32.dll 02BC UpdateWindow 1 000D5538 user32.dll 02B4 UnregisterClassA 1 000D553C user32.dll 02B0 UnionRect 1 000D5540 user32.dll 02AF UnhookWindowsHookEx 1 000D5544 user32.dll 02AB TranslateMessage 1 000D5548 user32.dll 02AA TranslateMDISysAccel 1 000D554C user32.dll 02A5 TrackPopupMenu 1 000D5550 user32.dll 029A SystemParametersInfoA 1 000D5554 user32.dll 0293 ShowWindow 1 000D5558 user32.dll 0291 ShowScrollBar 1 000D555C user32.dll 0290 ShowOwnedPopups 1 000D5560 user32.dll 028F ShowCursor 1 000D5564 user32.dll 028B SetWindowsHookExA 1 000D5568 user32.dll 0287 SetWindowTextA 1 000D556C user32.dll 0284 SetWindowPos 1 000D5570 user32.dll 0283 SetWindowPlacement 1 000D5574 user32.dll 0281 SetWindowLongA 1 000D5578 user32.dll 027B SetTimer 1 000D557C user32.dll 0271 SetScrollRange 1 000D5580 user32.dll 0270 SetScrollPos 1 000D5584 user32.dll 026F SetScrollInfo 1 000D5588 user32.dll 026D SetRect 1 000D558C user32.dll 026B SetPropA 1 000D5590 user32.dll 0263 SetMenuItemInfoA 1 000D5594 user32.dll 025E SetMenu 1 000D5598 user32.dll 025A SetKeyboardState 1 000D559C user32.dll 0258 SetForegroundWindow 1 000D55A0 user32.dll 0257 SetFocus 1 000D55A4 user32.dll 024E SetCursor 1 000D55A8 user32.dll 024B SetClipboardData 1 000D55AC user32.dll 0248 SetClassLongA 1 000D55B0 user32.dll 0245 SetCapture 1 000D55B4 user32.dll 0244 SetActiveWindow 1 000D55B8 user32.dll 023C SendMessageA 1 000D55BC user32.dll 0236 ScrollWindowEx 1 000D55C0 user32.dll 0235 ScrollWindow 1 000D55C4 user32.dll 0232 ScreenToClient 1 000D55C8 user32.dll 022D RemovePropA 1 000D55CC user32.dll 022C RemoveMenu 1 000D55D0 user32.dll 022B ReleaseDC 1 000D55D4 user32.dll 022A ReleaseCapture 1 000D55D8 user32.dll 021B RegisterClipboardFormatA 1 000D55DC user32.dll 021B RegisterClipboardFormatA 1 000D55E0 user32.dll 0217 RegisterClassA 1 000D55E4 user32.dll 0216 RedrawWindow 1 000D55E8 user32.dll 020C PtInRect 1 000D55EC user32.dll 0202 PostQuitMessage 1 000D55F0 user32.dll 0200 PostMessageA 1 000D55F4 user32.dll 01FE PeekMessageA 1 000D55F8 user32.dll 01F4 OpenClipboard 1 000D55FC user32.dll 01F3 OffsetRect 1 000D5600 user32.dll 01EF OemToCharA 1 000D5604 user32.dll 01DD MessageBoxA 1 000D5608 user32.dll 01DC MessageBeep 1 000D560C user32.dll 01D8 MapWindowPoints 1 000D5610 user32.dll 01D4 MapVirtualKeyA 1 000D5614 user32.dll 01C9 LoadStringA 1 000D5618 user32.dll 01C0 LoadKeyboardLayoutA 1 000D561C user32.dll 01BC LoadIconA 1 000D5620 user32.dll 01B8 LoadCursorA 1 000D5624 user32.dll 01B6 LoadBitmapA 1 000D5628 user32.dll 01B3 KillTimer 1 000D562C user32.dll 01B1 IsZoomed 1 000D5630 user32.dll 01B0 IsWindowVisible 1 000D5634 user32.dll 01AD IsWindowEnabled 1 000D5638 user32.dll 01AC IsWindow 1 000D563C user32.dll 01A9 IsRectEmpty 1 000D5640 user32.dll 01A7 IsIconic 1 000D5644 user32.dll 01A1 IsDialogMessage 1 000D5648 user32.dll 01A0 IsClipboardFormatAvailable 1 000D564C user32.dll 019F IsChild 1 000D5650 user32.dll 0198 IsCharAlphaNumericA 1 000D5654 user32.dll 0197 IsCharAlphaA 1 000D5658 user32.dll 0194 InvalidateRect 1 000D565C user32.dll 0193 IntersectRect 1 000D5660 user32.dll 018F InsertMenuItemA 1 000D5664 user32.dll 018E InsertMenuA 1 000D5668 user32.dll 018B InflateRect 1 000D566C user32.dll 017C GetWindowThreadProcessId 1 000D5670 user32.dll 0178 GetWindowTextA 1 000D5674 user32.dll 0175 GetWindowRect 1 000D5678 user32.dll 0174 GetWindowPlacement 1 000D567C user32.dll 016F GetWindowLongA 1 000D5680 user32.dll 016D GetWindowDC 1 000D5684 user32.dll 0164 GetTopWindow 1 000D5688 user32.dll 015E GetSystemMetrics 1 000D568C user32.dll 015D GetSystemMenu 1 000D5690 user32.dll 015B GetSysColor 1 000D5694 user32.dll 015A GetSubMenu 1 000D5698 user32.dll 0158 GetScrollRange 1 000D569C user32.dll 0157 GetScrollPos 1 000D56A0 user32.dll 0156 GetScrollInfo 1 000D56A4 user32.dll 014B GetPropA 1 000D56A8 user32.dll 0146 GetParent 1 000D56AC user32.dll 016B GetWindow 1 000D56B0 user32.dll 013E GetMessageTime 1 000D56B4 user32.dll 0139 GetMenuStringA 1 000D56B8 user32.dll 0138 GetMenuState 1 000D56BC user32.dll 0135 GetMenuItemInfoA 1 000D56C0 user32.dll 0134 GetMenuItemID 1 000D56C4 user32.dll 0133 GetMenuItemCount 1 000D56C8 user32.dll 012D GetMenu 1 000D56CC user32.dll 0129 GetLastActivePopup 1 000D56D0 user32.dll 0127 GetKeyboardState 1 000D56D4 user32.dll 0124 GetKeyboardLayoutList 1 000D56D8 user32.dll 0123 GetKeyboardLayout 1 000D56DC user32.dll 0122 GetKeyState 1 000D56E0 user32.dll 0120 GetKeyNameTextA 1 000D56E4 user32.dll 011B GetIconInfo 1 000D56E8 user32.dll 0118 GetForegroundWindow 1 000D56EC user32.dll 0117 GetFocus 1 000D56F0 user32.dll 0116 GetDoubleClickTime 1 000D56F4 user32.dll 0112 GetDlgItem 1 000D56F8 user32.dll 010F GetDesktopWindow 1 000D56FC user32.dll 010E GetDCEx 1 000D5700 user32.dll 010D GetDC 1 000D5704 user32.dll 010C GetCursorPos 1 000D5708 user32.dll 0109 GetCursor 1 000D570C user32.dll 0102 GetClipboardData 1 000D5710 user32.dll 0100 GetClientRect 1 000D5714 user32.dll 00FD GetClassNameA 1 000D5718 user32.dll 00F7 GetClassInfoA 1 000D571C user32.dll 00F6 GetCaretPos 1 000D5720 user32.dll 00F4 GetCapture 1 000D5724 user32.dll 00EC GetActiveWindow 1 000D5728 user32.dll 00EA FrameRect 1 000D572C user32.dll 00E4 FindWindowA 1 000D5730 user32.dll 00E3 FillRect 1 000D5734 user32.dll 00E0 EqualRect 1 000D5738 user32.dll 00DF EnumWindows 1 000D573C user32.dll 00DC EnumThreadWindows 1 000D5740 user32.dll 00CD EnumClipboardFormats 1 000D5744 user32.dll 00C9 EndPaint 1 000D5748 user32.dll 00C5 EnableWindow 1 000D574C user32.dll 00C4 EnableScrollBar 1 000D5750 user32.dll 00C3 EnableMenuItem 1 000D5754 user32.dll 00C2 EmptyClipboard 1 000D5758 user32.dll 00BD DrawTextA 1 000D575C user32.dll 00B9 DrawMenuBar 1 000D5760 user32.dll 00B8 DrawIconEx 1 000D5764 user32.dll 00B7 DrawIcon 1 000D5768 user32.dll 00B6 DrawFrameControl 1 000D576C user32.dll 00B4 DrawFocusRect 1 000D5770 user32.dll 00B3 DrawEdge 1 000D5774 user32.dll 00A2 DispatchMessageA 1 000D5778 user32.dll 009A DestroyWindow 1 000D577C user32.dll 0098 DestroyMenu 1 000D5780 user32.dll 0096 DestroyCursor 1 000D5784 user32.dll 0096 DestroyCursor 1 000D5788 user32.dll 0092 DeleteMenu 1 000D578C user32.dll 008F DefWindowProcA 1 000D5790 user32.dll 008C DefMDIChildProcA 1 000D5794 user32.dll 008A DefFrameProcA 1 000D5798 user32.dll 0061 CreateWindowExA 1 000D579C user32.dll 005F CreatePopupMenu 1 000D57A0 user32.dll 005E CreateMenu 1 000D57A4 user32.dll 0058 CreateIcon 1 000D57A8 user32.dll 0043 CloseClipboard 1 000D57AC user32.dll 0041 ClientToScreen 1 000D57B0 user32.dll 003A CheckMenuItem 1 000D57B4 user32.dll 001C CallWindowProcA 1 000D57B8 user32.dll 001B CallNextHookEx 1 000D57BC user32.dll 000E BeginPaint 1 000D57C0 user32.dll 002B CharNextA 1 000D57C4 user32.dll 0028 CharLowerBuffA 1 000D57C8 user32.dll 0027 CharLowerA 1 000D57CC user32.dll 0036 CharUpperBuffA 1 000D57D0 user32.dll 0003 AdjustWindowRectEx 1 000D57D4 user32.dll 0001 ActivateKeyboardLayout FThunk: 000D57DC NbFunc: 00000001 1 000D57DC kernel32.dll 033F Sleep FThunk: 000D57E4 NbFunc: 0000000C 1 000D57E4 oleaut32.dll 0094 SafeArrayPtrOfIndex 1 000D57E8 oleaut32.dll 001A SafeArrayPutElement 1 000D57EC oleaut32.dll 0019 SafeArrayGetElement 1 000D57F0 oleaut32.dll 0013 SafeArrayGetUBound 1 000D57F4 oleaut32.dll 0014 SafeArrayGetLBound 1 000D57F8 oleaut32.dll 0028 SafeArrayRedim 1 000D57FC oleaut32.dll 000F SafeArrayCreate 1 000D5800 oleaut32.dll 0093 VariantChangeTypeEx 1 000D5804 oleaut32.dll 000B VariantCopyInd 1 000D5808 oleaut32.dll 000A VariantCopy 1 000D580C oleaut32.dll 0009 VariantClear 1 000D5810 oleaut32.dll 0008 VariantInit FThunk: 000D5818 NbFunc: 00000004 1 000D5818 ole32.dll 0115 OleUninitialize 1 000D581C ole32.dll 00FE OleInitialize 1 000D5820 ole32.dll 006A CoUninitialize 1 000D5824 ole32.dll 003C CoInitialize FThunk: 000D582C NbFunc: 00000002 1 000D582C oleaut32.dll 00C8 GetErrorInfo 1 000D5830 oleaut32.dll 0006 SysFreeString FThunk: 000D5838 NbFunc: 00000018 1 000D5838 comctl32.dll 004F ImageList_SetIconSize 1 000D583C comctl32.dll 003B ImageList_GetIconSize 1 000D5840 comctl32.dll 0052 ImageList_Write 1 000D5844 comctl32.dll 0043 ImageList_Read 1 000D5848 comctl32.dll 0038 ImageList_GetDragImage 1 000D584C comctl32.dll 0031 ImageList_DragShowNolock 1 000D5850 comctl32.dll 004C ImageList_SetDragCursorImage 1 000D5854 comctl32.dll 0030 ImageList_DragMove 1 000D5858 comctl32.dll 002F ImageList_DragLeave 1 000D585C comctl32.dll 002E ImageList_DragEnter 1 000D5860 comctl32.dll 0036 ImageList_EndDrag 1 000D5864 comctl32.dll 002A ImageList_BeginDrag 1 000D5868 comctl32.dll 0044 ImageList_Remove 1 000D586C comctl32.dll 0033 ImageList_DrawEx 1 000D5870 comctl32.dll 0045 ImageList_Replace 1 000D5874 comctl32.dll 0032 ImageList_Draw 1 000D5878 comctl32.dll 0037 ImageList_GetBkColor 1 000D587C comctl32.dll 004B ImageList_SetBkColor 1 000D5880 comctl32.dll 0046 ImageList_ReplaceIcon 1 000D5884 comctl32.dll 0027 ImageList_Add 1 000D5888 comctl32.dll 003C ImageList_GetImageCount 1 000D588C comctl32.dll 002D ImageList_Destroy 1 000D5890 comctl32.dll 002C ImageList_Create 1 000D5894 comctl32.dll 0011 InitCommonControls FThunk: 000D589C NbFunc: 00000004 1 000D589C winspool.drv 0105 OpenPrinterA 1 000D58A0 winspool.drv 00EA EnumPrintersA 1 000D58A4 winspool.drv 00B1 DocumentPropertiesA 1 000D58A8 winspool.drv 0086 ClosePrinter FThunk: 000D58B0 NbFunc: 00000001 1 000D58B0 shell32.dll 0167 ShellExecuteA FThunk: 000D58B8 NbFunc: 00000003 1 000D58B8 shell32.dll 013C SHGetSpecialFolderLocation 1 000D58BC shell32.dll 0136 SHGetMalloc 1 000D58C0 shell32.dll 0127 SHGetDesktopFolder FThunk: 000D58C8 NbFunc: 00000004 1 000D58C8 comdlg32.dll 0075 PrintDlgA 1 000D58CC comdlg32.dll 0065 ChooseColorA 1 000D58D0 comdlg32.dll 0070 GetSaveFileNameA 1 000D58D4 comdlg32.dll 006E GetOpenFileNameA FThunk: 000D58DC NbFunc: 00000001 1 000D58DC kernel32.dll 0264 MulDiv 2005-6-11 14:21 0
老刘雪币： 451 活跃值： (117) 能力值： ( LV3，RANK：20 ) 在线值：发帖 13 回帖 137 粉丝 1 关注私信	老刘 6 楼谢谢ｆｌｙ的支持啊好像明白一点了，看来脱此壳关键要跳过输入表加密啊要是还是学不会还要麻烦大侠啊 2005-6-11 14:50 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

老刘

发帖

137

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (5)
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 2 楼想办法避开输入表加密 2005-6-11 12:25 0
老刘雪币： 451 活跃值： (117) 能力值： ( LV3，RANK：20 ) 在线值：发帖 13 回帖 137 粉丝 1 关注私信	老刘 3 楼ｆｌｙ大侠能不能给个详细的说你不是说这个壳不加密输入表吗？我知道加密输入表之前会有一个跳转可就是找不到，给点提示吧，或者有没有固定的特征代码啊加密输入表是在跳向程序真正入口之前吧有多远呢？请给个提示类似的脱壳文章太少了 2005-6-11 13:21 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 4 楼我哪里说过Visual Protect不加密输入表？看看壳是如何处理输入表，就能找到避开加密的方法 2005-6-11 13:33 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 5 楼具体避开输入表加密的方法去搜索：《用Ollydbg手脱Visual Protect V3.54加壳的DLL》 OEP: 000D0060 IATRVA: 000D51A0 IATSize: 00000744 FThunk: 000D51A4 NbFunc: 0000002B 1 000D51A4 kernel32.dll 0080 DeleteCriticalSection 1 000D51A8 kernel32.dll 0241 LeaveCriticalSection 1 000D51AC kernel32.dll 0097 EnterCriticalSection 1 000D51B0 kernel32.dll 0216 InitializeCriticalSection 1 000D51B4 kernel32.dll 036E VirtualFree 1 000D51B8 kernel32.dll 036B VirtualAlloc 1 000D51BC kernel32.dll 024C LocalFree 1 000D51C0 kernel32.dll 0248 LocalAlloc 1 000D51C4 kernel32.dll 013F GetCurrentThreadId 1 000D51C8 kernel32.dll 021A InterlockedDecrement 1 000D51CC kernel32.dll 021E InterlockedIncrement 1 000D51D0 kernel32.dll 0373 VirtualQuery 1 000D51D4 kernel32.dll 037F WideCharToMultiByte 1 000D51D8 kernel32.dll 02F8 SetCurrentDirectoryA 1 000D51DC kernel32.dll 0265 MultiByteToWideChar 1 000D51E0 kernel32.dll 03B3 lstrlen 1 000D51E4 kernel32.dll 03B0 lstrcpyn 1 000D51E8 kernel32.dll 0243 LoadLibraryExA 1 000D51EC kernel32.dll 01CD GetThreadLocale 1 000D51F0 kernel32.dll 01AD GetStartupInfoA 1 000D51F4 kernel32.dll 0198 GetProcAddress 1 000D51F8 kernel32.dll 0176 GetModuleHandleA 1 000D51FC kernel32.dll 0174 GetModuleFileNameA 1 000D5200 kernel32.dll 016C GetLocaleInfoA 1 000D5204 kernel32.dll 0169 GetLastError 1 000D5208 kernel32.dll 013A GetCurrentDirectoryA 1 000D520C kernel32.dll 010A GetCommandLineA 1 000D5210 kernel32.dll 00F1 FreeLibrary 1 000D5214 kernel32.dll 00D1 FindFirstFileA 1 000D5218 kernel32.dll 00CD FindClose 1 000D521C kernel32.dll 00B7 ExitProcess 1 000D5220 kernel32.dll 038C WriteFile 1 000D5224 kernel32.dll 0358 UnhandledExceptionFilter 1 000D5228 kernel32.dll 0307 SetFilePointer 1 000D522C kernel32.dll 02FE SetEndOfFile 1 000D5230 kernel32.dll 02C5 RtlUnwind 1 000D5234 kernel32.dll 02A4 ReadFile 1 000D5238 kernel32.dll 0297 RaiseException 1 000D523C kernel32.dll 01AF GetStdHandle 1 000D5240 kernel32.dll 015C GetFileSize 1 000D5244 kernel32.dll 015F GetFileType 1 000D5248 kernel32.dll 0050 CreateFileA 1 000D524C kernel32.dll 0032 CloseHandle FThunk: 000D5254 NbFunc: 00000004 1 000D5254 user32.dll 0128 GetKeyboardType 1 000D5258 user32.dll 01C9 LoadStringA 1 000D525C user32.dll 01DD MessageBoxA 1 000D5260 user32.dll 002B CharNextA FThunk: 000D5268 NbFunc: 00000003 1 000D5268 advapi32.dll 01EE RegQueryValueExA 1 000D526C advapi32.dll 01E4 RegOpenKeyExA 1 000D5270 advapi32.dll 01CB RegCloseKey FThunk: 000D5278 NbFunc: 00000003 1 000D5278 oleaut32.dll 0006 SysFreeString 1 000D527C oleaut32.dll 0005 SysReAllocStringLen 1 000D5280 oleaut32.dll 0004 SysAllocStringLen FThunk: 000D5288 NbFunc: 00000004 1 000D5288 kernel32.dll 034F TlsSetValue 1 000D528C kernel32.dll 034E TlsGetValue 1 000D5290 kernel32.dll 0248 LocalAlloc 1 000D5294 kernel32.dll 0176 GetModuleHandleA FThunk: 000D529C NbFunc: 00000003 1 000D529C advapi32.dll 01EE RegQueryValueExA 1 000D52A0 advapi32.dll 01E4 RegOpenKeyExA 1 000D52A4 advapi32.dll 01CB RegCloseKey FThunk: 000D52AC NbFunc: 00000042 1 000D52AC kernel32.dll 03AD lstrcpy 1 000D52B0 kernel32.dll 0391 WritePrivateProfileStringA 1 000D52B4 kernel32.dll 038C WriteFile 1 000D52B8 kernel32.dll 037B WaitForSingleObject 1 000D52BC kernel32.dll 0373 VirtualQuery 1 000D52C0 kernel32.dll 036B VirtualAlloc 1 000D52C4 kernel32.dll 033F Sleep 1 000D52C8 kernel32.dll 033E SizeofResource 1 000D52CC kernel32.dll 032D SetThreadLocale 1 000D52D0 kernel32.dll 0307 SetFilePointer 1 000D52D4 kernel32.dll 0302 SetEvent 1 000D52D8 kernel32.dll 0301 SetErrorMode 1 000D52DC kernel32.dll 02FE SetEndOfFile 1 000D52E0 kernel32.dll 02BD ResetEvent 1 000D52E4 kernel32.dll 02A4 ReadFile 1 000D52E8 kernel32.dll 0265 MultiByteToWideChar 1 000D52EC kernel32.dll 0264 MulDiv 1 000D52F0 kernel32.dll 0255 LockResource 1 000D52F4 kernel32.dll 0247 LoadResource 1 000D52F8 kernel32.dll 0242 LoadLibraryA 1 000D52FC kernel32.dll 0241 LeaveCriticalSection 1 000D5300 kernel32.dll 0216 InitializeCriticalSection 1 000D5304 kernel32.dll 01FD GlobalUnlock 1 000D5308 kernel32.dll 01FA GlobalSize 1 000D530C kernel32.dll 01F9 GlobalReAlloc 1 000D5310 kernel32.dll 01F7 GlobalMemoryStatus 1 000D5314 kernel32.dll 01F5 GlobalHandle 1 000D5318 kernel32.dll 01F6 GlobalLock 1 000D531C kernel32.dll 01F2 GlobalFree 1 000D5320 kernel32.dll 01EE GlobalFindAtomA 1 000D5324 kernel32.dll 01ED GlobalDeleteAtom 1 000D5328 kernel32.dll 01EB GlobalAlloc 1 000D532C kernel32.dll 01E9 GlobalAddAtomA 1 000D5330 kernel32.dll 01DC GetVersionExA 1 000D5334 kernel32.dll 01DB GetVersion 1 000D5338 kernel32.dll 01D2 GetTickCount 1 000D533C kernel32.dll 01CD GetThreadLocale 1 000D5340 kernel32.dll 01B9 GetSystemInfo 1 000D5344 kernel32.dll 01B1 GetStringTypeExA 1 000D5348 kernel32.dll 01AF GetStdHandle 1 000D534C kernel32.dll 01A8 GetProfileStringA 1 000D5350 kernel32.dll 0198 GetProcAddress 1 000D5354 kernel32.dll 0194 GetPrivateProfileStringA 1 000D5358 kernel32.dll 0176 GetModuleHandleA 1 000D535C kernel32.dll 0174 GetModuleFileNameA 1 000D5360 kernel32.dll 016C GetLocaleInfoA 1 000D5364 kernel32.dll 016B GetLocalTime 1 000D5368 kernel32.dll 0169 GetLastError 1 000D536C kernel32.dll 0146 GetDiskFreeSpaceA 1 000D5370 kernel32.dll 0140 GetDateFormatA 1 000D5374 kernel32.dll 013F GetCurrentThreadId 1 000D5378 kernel32.dll 013D GetCurrentProcessId 1 000D537C kernel32.dll 00FE GetCPInfo 1 000D5380 kernel32.dll 00F7 GetACP 1 000D5384 kernel32.dll 00F3 FreeResource 1 000D5388 kernel32.dll 00F1 FreeLibrary 1 000D538C kernel32.dll 00EC FormatMessageA 1 000D5390 kernel32.dll 00E0 FindResourceA 1 000D5394 kernel32.dll 0098 EnumCalendarInfoA 1 000D5398 kernel32.dll 0097 EnterCriticalSection 1 000D539C kernel32.dll 0080 DeleteCriticalSection 1 000D53A0 kernel32.dll 006D CreateThread 1 000D53A4 kernel32.dll 0050 CreateFileA 1 000D53A8 kernel32.dll 004C CreateEventA 1 000D53AC kernel32.dll 0038 CompareStringA 1 000D53B0 kernel32.dll 0032 CloseHandle FThunk: 000D53B8 NbFunc: 00000003 1 000D53B8 version.dll 000B VerQueryValueA 1 000D53BC version.dll 0002 GetFileVersionInfoSizeA 1 000D53C0 version.dll 0001 GetFileVersionInfoA FThunk: 000D53C8 NbFunc: 00000056 1 000D53C8 gdi32.dll 0253 UnrealizeObject 1 000D53CC gdi32.dll 024A StretchBlt 1 000D53D0 gdi32.dll 0249 StartPage 1 000D53D4 gdi32.dll 0246 StartDocA 1 000D53D8 gdi32.dll 0244 SetWindowOrgEx 1 000D53DC gdi32.dll 0243 SetWindowExtEx 1 000D53E0 gdi32.dll 0242 SetWinMetaFileBits 1 000D53E4 gdi32.dll 0240 SetViewportOrgEx 1 000D53E8 gdi32.dll 023F SetViewportExtEx 1 000D53EC gdi32.dll 023D SetTextColor 1 000D53F0 gdi32.dll 0239 SetStretchBltMode 1 000D53F4 gdi32.dll 0236 SetROP2 1 000D53F8 gdi32.dll 0232 SetPixel 1 000D53FC gdi32.dll 022C SetMapMode 1 000D5400 gdi32.dll 0223 SetEnhMetaFileBits 1 000D5404 gdi32.dll 021F SetDIBColorTable 1 000D5408 gdi32.dll 021A SetBrushOrgEx 1 000D540C gdi32.dll 0217 SetBkMode 1 000D5410 gdi32.dll 0216 SetBkColor 1 000D5414 gdi32.dll 0211 SetAbortProc 1 000D5418 gdi32.dll 0210 SelectPalette 1 000D541C gdi32.dll 020F SelectObject 1 000D5420 gdi32.dll 0208 SaveDC 1 000D5424 gdi32.dll 0202 RoundRect 1 000D5428 gdi32.dll 0201 RestoreDC 1 000D542C gdi32.dll 01F7 Rectangle 1 000D5430 gdi32.dll 01F6 RectVisible 1 000D5434 gdi32.dll 01F4 RealizePalette 1 000D5438 gdi32.dll 01EF Polyline 1 000D543C gdi32.dll 01EB PolyPolyline 1 000D5440 gdi32.dll 01E1 PlayEnhMetaFile 1 000D5444 gdi32.dll 01DE PatBlt 1 000D5448 gdi32.dll 01D2 MoveToEx 1 000D544C gdi32.dll 01CF MaskBlt 1 000D5450 gdi32.dll 01CE LineTo 1 000D5454 gdi32.dll 01C8 IntersectClipRect 1 000D5458 gdi32.dll 01C4 GetWindowOrgEx 1 000D545C gdi32.dll 01C2 GetWinMetaFileBits 1 000D5460 gdi32.dll 01BD GetTextMetricsA 1 000D5464 gdi32.dll 01B7 GetTextExtentPointA 1 000D5468 gdi32.dll 01B5 GetTextExtentPoint32A 1 000D546C gdi32.dll 01AA GetSystemPaletteEntries 1 000D5470 gdi32.dll 01A6 GetStockObject 1 000D5474 gdi32.dll 01A5 GetRgnBox 1 000D5478 gdi32.dll 019D GetPixel 1 000D547C gdi32.dll 019B GetPaletteEntries 1 000D5480 gdi32.dll 0196 GetObjectA 1 000D5484 gdi32.dll 0176 GetEnhMetaFilePaletteEntries 1 000D5488 gdi32.dll 0175 GetEnhMetaFileHeader 1 000D548C gdi32.dll 0172 GetEnhMetaFileBits 1 000D5490 gdi32.dll 016C GetDeviceCaps 1 000D5494 gdi32.dll 016B GetDIBits 1 000D5498 gdi32.dll 016A GetDIBColorTable 1 000D549C gdi32.dll 0168 GetDCOrgEx 1 000D54A0 gdi32.dll 0166 GetCurrentPositionEx 1 000D54A4 gdi32.dll 0161 GetClipBox 1 000D54A8 gdi32.dll 0151 GetBrushOrgEx 1 000D54AC gdi32.dll 014B GetBitmapBits 1 000D54B0 gdi32.dll 011C GdiFlush 1 000D54B4 gdi32.dll 00DE ExtTextOutA 1 000D54B8 gdi32.dll 00D9 ExtCreatePen 1 000D54BC gdi32.dll 00D8 ExcludeClipRect 1 000D54C0 gdi32.dll 0099 EndPage 1 000D54C4 gdi32.dll 0097 EndDoc 1 000D54C8 gdi32.dll 0095 Ellipse 1 000D54CC gdi32.dll 0090 DeleteObject 1 000D54D0 gdi32.dll 008E DeleteEnhMetaFile 1 000D54D4 gdi32.dll 008D DeleteDC 1 000D54D8 gdi32.dll 0051 CreateSolidBrush 1 000D54DC gdi32.dll 004C CreateRectRgn 1 000D54E0 gdi32.dll 0049 CreatePenIndirect 1 000D54E4 gdi32.dll 0046 CreatePalette 1 000D54E8 gdi32.dll 0042 CreateICA 1 000D54EC gdi32.dll 0040 CreateHalftonePalette 1 000D54F0 gdi32.dll 003B CreateFontIndirectA 1 000D54F4 gdi32.dll 0034 CreateDIBitmap 1 000D54F8 gdi32.dll 0033 CreateDIBSection 1 000D54FC gdi32.dll 002F CreateDCA 1 000D5500 gdi32.dll 002E CreateCompatibleDC 1 000D5504 gdi32.dll 002D CreateCompatibleBitmap 1 000D5508 gdi32.dll 002A CreateBrushIndirect 1 000D550C gdi32.dll 0028 CreateBitmap 1 000D5510 gdi32.dll 0024 CopyEnhMetaFileA 1 000D5514 gdi32.dll 0022 CombineRgn 1 000D5518 gdi32.dll 0013 BitBlt 1 000D551C gdi32.dll 000C Arc FThunk: 000D5524 NbFunc: 000000AD 1 000D5524 user32.dll 02D6 WindowFromPoint 1 000D5528 user32.dll 02D3 WinHelpA 1 000D552C user32.dll 02D1 WaitMessage 1 000D5530 user32.dll 02C6 ValidateRect 1 000D5534 user32.dll 02BC UpdateWindow 1 000D5538 user32.dll 02B4 UnregisterClassA 1 000D553C user32.dll 02B0 UnionRect 1 000D5540 user32.dll 02AF UnhookWindowsHookEx 1 000D5544 user32.dll 02AB TranslateMessage 1 000D5548 user32.dll 02AA TranslateMDISysAccel 1 000D554C user32.dll 02A5 TrackPopupMenu 1 000D5550 user32.dll 029A SystemParametersInfoA 1 000D5554 user32.dll 0293 ShowWindow 1 000D5558 user32.dll 0291 ShowScrollBar 1 000D555C user32.dll 0290 ShowOwnedPopups 1 000D5560 user32.dll 028F ShowCursor 1 000D5564 user32.dll 028B SetWindowsHookExA 1 000D5568 user32.dll 0287 SetWindowTextA 1 000D556C user32.dll 0284 SetWindowPos 1 000D5570 user32.dll 0283 SetWindowPlacement 1 000D5574 user32.dll 0281 SetWindowLongA 1 000D5578 user32.dll 027B SetTimer 1 000D557C user32.dll 0271 SetScrollRange 1 000D5580 user32.dll 0270 SetScrollPos 1 000D5584 user32.dll 026F SetScrollInfo 1 000D5588 user32.dll 026D SetRect 1 000D558C user32.dll 026B SetPropA 1 000D5590 user32.dll 0263 SetMenuItemInfoA 1 000D5594 user32.dll 025E SetMenu 1 000D5598 user32.dll 025A SetKeyboardState 1 000D559C user32.dll 0258 SetForegroundWindow 1 000D55A0 user32.dll 0257 SetFocus 1 000D55A4 user32.dll 024E SetCursor 1 000D55A8 user32.dll 024B SetClipboardData 1 000D55AC user32.dll 0248 SetClassLongA 1 000D55B0 user32.dll 0245 SetCapture 1 000D55B4 user32.dll 0244 SetActiveWindow 1 000D55B8 user32.dll 023C SendMessageA 1 000D55BC user32.dll 0236 ScrollWindowEx 1 000D55C0 user32.dll 0235 ScrollWindow 1 000D55C4 user32.dll 0232 ScreenToClient 1 000D55C8 user32.dll 022D RemovePropA 1 000D55CC user32.dll 022C RemoveMenu 1 000D55D0 user32.dll 022B ReleaseDC 1 000D55D4 user32.dll 022A ReleaseCapture 1 000D55D8 user32.dll 021B RegisterClipboardFormatA 1 000D55DC user32.dll 021B RegisterClipboardFormatA 1 000D55E0 user32.dll 0217 RegisterClassA 1 000D55E4 user32.dll 0216 RedrawWindow 1 000D55E8 user32.dll 020C PtInRect 1 000D55EC user32.dll 0202 PostQuitMessage 1 000D55F0 user32.dll 0200 PostMessageA 1 000D55F4 user32.dll 01FE PeekMessageA 1 000D55F8 user32.dll 01F4 OpenClipboard 1 000D55FC user32.dll 01F3 OffsetRect 1 000D5600 user32.dll 01EF OemToCharA 1 000D5604 user32.dll 01DD MessageBoxA 1 000D5608 user32.dll 01DC MessageBeep 1 000D560C user32.dll 01D8 MapWindowPoints 1 000D5610 user32.dll 01D4 MapVirtualKeyA 1 000D5614 user32.dll 01C9 LoadStringA 1 000D5618 user32.dll 01C0 LoadKeyboardLayoutA 1 000D561C user32.dll 01BC LoadIconA 1 000D5620 user32.dll 01B8 LoadCursorA 1 000D5624 user32.dll 01B6 LoadBitmapA 1 000D5628 user32.dll 01B3 KillTimer 1 000D562C user32.dll 01B1 IsZoomed 1 000D5630 user32.dll 01B0 IsWindowVisible 1 000D5634 user32.dll 01AD IsWindowEnabled 1 000D5638 user32.dll 01AC IsWindow 1 000D563C user32.dll 01A9 IsRectEmpty 1 000D5640 user32.dll 01A7 IsIconic 1 000D5644 user32.dll 01A1 IsDialogMessage 1 000D5648 user32.dll 01A0 IsClipboardFormatAvailable 1 000D564C user32.dll 019F IsChild 1 000D5650 user32.dll 0198 IsCharAlphaNumericA 1 000D5654 user32.dll 0197 IsCharAlphaA 1 000D5658 user32.dll 0194 InvalidateRect 1 000D565C user32.dll 0193 IntersectRect 1 000D5660 user32.dll 018F InsertMenuItemA 1 000D5664 user32.dll 018E InsertMenuA 1 000D5668 user32.dll 018B InflateRect 1 000D566C user32.dll 017C GetWindowThreadProcessId 1 000D5670 user32.dll 0178 GetWindowTextA 1 000D5674 user32.dll 0175 GetWindowRect 1 000D5678 user32.dll 0174 GetWindowPlacement 1 000D567C user32.dll 016F GetWindowLongA 1 000D5680 user32.dll 016D GetWindowDC 1 000D5684 user32.dll 0164 GetTopWindow 1 000D5688 user32.dll 015E GetSystemMetrics 1 000D568C user32.dll 015D GetSystemMenu 1 000D5690 user32.dll 015B GetSysColor 1 000D5694 user32.dll 015A GetSubMenu 1 000D5698 user32.dll 0158 GetScrollRange 1 000D569C user32.dll 0157 GetScrollPos 1 000D56A0 user32.dll 0156 GetScrollInfo 1 000D56A4 user32.dll 014B GetPropA 1 000D56A8 user32.dll 0146 GetParent 1 000D56AC user32.dll 016B GetWindow 1 000D56B0 user32.dll 013E GetMessageTime 1 000D56B4 user32.dll 0139 GetMenuStringA 1 000D56B8 user32.dll 0138 GetMenuState 1 000D56BC user32.dll 0135 GetMenuItemInfoA 1 000D56C0 user32.dll 0134 GetMenuItemID 1 000D56C4 user32.dll 0133 GetMenuItemCount 1 000D56C8 user32.dll 012D GetMenu 1 000D56CC user32.dll 0129 GetLastActivePopup 1 000D56D0 user32.dll 0127 GetKeyboardState 1 000D56D4 user32.dll 0124 GetKeyboardLayoutList 1 000D56D8 user32.dll 0123 GetKeyboardLayout 1 000D56DC user32.dll 0122 GetKeyState 1 000D56E0 user32.dll 0120 GetKeyNameTextA 1 000D56E4 user32.dll 011B GetIconInfo 1 000D56E8 user32.dll 0118 GetForegroundWindow 1 000D56EC user32.dll 0117 GetFocus 1 000D56F0 user32.dll 0116 GetDoubleClickTime 1 000D56F4 user32.dll 0112 GetDlgItem 1 000D56F8 user32.dll 010F GetDesktopWindow 1 000D56FC user32.dll 010E GetDCEx 1 000D5700 user32.dll 010D GetDC 1 000D5704 user32.dll 010C GetCursorPos 1 000D5708 user32.dll 0109 GetCursor 1 000D570C user32.dll 0102 GetClipboardData 1 000D5710 user32.dll 0100 GetClientRect 1 000D5714 user32.dll 00FD GetClassNameA 1 000D5718 user32.dll 00F7 GetClassInfoA 1 000D571C user32.dll 00F6 GetCaretPos 1 000D5720 user32.dll 00F4 GetCapture 1 000D5724 user32.dll 00EC GetActiveWindow 1 000D5728 user32.dll 00EA FrameRect 1 000D572C user32.dll 00E4 FindWindowA 1 000D5730 user32.dll 00E3 FillRect 1 000D5734 user32.dll 00E0 EqualRect 1 000D5738 user32.dll 00DF EnumWindows 1 000D573C user32.dll 00DC EnumThreadWindows 1 000D5740 user32.dll 00CD EnumClipboardFormats 1 000D5744 user32.dll 00C9 EndPaint 1 000D5748 user32.dll 00C5 EnableWindow 1 000D574C user32.dll 00C4 EnableScrollBar 1 000D5750 user32.dll 00C3 EnableMenuItem 1 000D5754 user32.dll 00C2 EmptyClipboard 1 000D5758 user32.dll 00BD DrawTextA 1 000D575C user32.dll 00B9 DrawMenuBar 1 000D5760 user32.dll 00B8 DrawIconEx 1 000D5764 user32.dll 00B7 DrawIcon 1 000D5768 user32.dll 00B6 DrawFrameControl 1 000D576C user32.dll 00B4 DrawFocusRect 1 000D5770 user32.dll 00B3 DrawEdge 1 000D5774 user32.dll 00A2 DispatchMessageA 1 000D5778 user32.dll 009A DestroyWindow 1 000D577C user32.dll 0098 DestroyMenu 1 000D5780 user32.dll 0096 DestroyCursor 1 000D5784 user32.dll 0096 DestroyCursor 1 000D5788 user32.dll 0092 DeleteMenu 1 000D578C user32.dll 008F DefWindowProcA 1 000D5790 user32.dll 008C DefMDIChildProcA 1 000D5794 user32.dll 008A DefFrameProcA 1 000D5798 user32.dll 0061 CreateWindowExA 1 000D579C user32.dll 005F CreatePopupMenu 1 000D57A0 user32.dll 005E CreateMenu 1 000D57A4 user32.dll 0058 CreateIcon 1 000D57A8 user32.dll 0043 CloseClipboard 1 000D57AC user32.dll 0041 ClientToScreen 1 000D57B0 user32.dll 003A CheckMenuItem 1 000D57B4 user32.dll 001C CallWindowProcA 1 000D57B8 user32.dll 001B CallNextHookEx 1 000D57BC user32.dll 000E BeginPaint 1 000D57C0 user32.dll 002B CharNextA 1 000D57C4 user32.dll 0028 CharLowerBuffA 1 000D57C8 user32.dll 0027 CharLowerA 1 000D57CC user32.dll 0036 CharUpperBuffA 1 000D57D0 user32.dll 0003 AdjustWindowRectEx 1 000D57D4 user32.dll 0001 ActivateKeyboardLayout FThunk: 000D57DC NbFunc: 00000001 1 000D57DC kernel32.dll 033F Sleep FThunk: 000D57E4 NbFunc: 0000000C 1 000D57E4 oleaut32.dll 0094 SafeArrayPtrOfIndex 1 000D57E8 oleaut32.dll 001A SafeArrayPutElement 1 000D57EC oleaut32.dll 0019 SafeArrayGetElement 1 000D57F0 oleaut32.dll 0013 SafeArrayGetUBound 1 000D57F4 oleaut32.dll 0014 SafeArrayGetLBound 1 000D57F8 oleaut32.dll 0028 SafeArrayRedim 1 000D57FC oleaut32.dll 000F SafeArrayCreate 1 000D5800 oleaut32.dll 0093 VariantChangeTypeEx 1 000D5804 oleaut32.dll 000B VariantCopyInd 1 000D5808 oleaut32.dll 000A VariantCopy 1 000D580C oleaut32.dll 0009 VariantClear 1 000D5810 oleaut32.dll 0008 VariantInit FThunk: 000D5818 NbFunc: 00000004 1 000D5818 ole32.dll 0115 OleUninitialize 1 000D581C ole32.dll 00FE OleInitialize 1 000D5820 ole32.dll 006A CoUninitialize 1 000D5824 ole32.dll 003C CoInitialize FThunk: 000D582C NbFunc: 00000002 1 000D582C oleaut32.dll 00C8 GetErrorInfo 1 000D5830 oleaut32.dll 0006 SysFreeString FThunk: 000D5838 NbFunc: 00000018 1 000D5838 comctl32.dll 004F ImageList_SetIconSize 1 000D583C comctl32.dll 003B ImageList_GetIconSize 1 000D5840 comctl32.dll 0052 ImageList_Write 1 000D5844 comctl32.dll 0043 ImageList_Read 1 000D5848 comctl32.dll 0038 ImageList_GetDragImage 1 000D584C comctl32.dll 0031 ImageList_DragShowNolock 1 000D5850 comctl32.dll 004C ImageList_SetDragCursorImage 1 000D5854 comctl32.dll 0030 ImageList_DragMove 1 000D5858 comctl32.dll 002F ImageList_DragLeave 1 000D585C comctl32.dll 002E ImageList_DragEnter 1 000D5860 comctl32.dll 0036 ImageList_EndDrag 1 000D5864 comctl32.dll 002A ImageList_BeginDrag 1 000D5868 comctl32.dll 0044 ImageList_Remove 1 000D586C comctl32.dll 0033 ImageList_DrawEx 1 000D5870 comctl32.dll 0045 ImageList_Replace 1 000D5874 comctl32.dll 0032 ImageList_Draw 1 000D5878 comctl32.dll 0037 ImageList_GetBkColor 1 000D587C comctl32.dll 004B ImageList_SetBkColor 1 000D5880 comctl32.dll 0046 ImageList_ReplaceIcon 1 000D5884 comctl32.dll 0027 ImageList_Add 1 000D5888 comctl32.dll 003C ImageList_GetImageCount 1 000D588C comctl32.dll 002D ImageList_Destroy 1 000D5890 comctl32.dll 002C ImageList_Create 1 000D5894 comctl32.dll 0011 InitCommonControls FThunk: 000D589C NbFunc: 00000004 1 000D589C winspool.drv 0105 OpenPrinterA 1 000D58A0 winspool.drv 00EA EnumPrintersA 1 000D58A4 winspool.drv 00B1 DocumentPropertiesA 1 000D58A8 winspool.drv 0086 ClosePrinter FThunk: 000D58B0 NbFunc: 00000001 1 000D58B0 shell32.dll 0167 ShellExecuteA FThunk: 000D58B8 NbFunc: 00000003 1 000D58B8 shell32.dll 013C SHGetSpecialFolderLocation 1 000D58BC shell32.dll 0136 SHGetMalloc 1 000D58C0 shell32.dll 0127 SHGetDesktopFolder FThunk: 000D58C8 NbFunc: 00000004 1 000D58C8 comdlg32.dll 0075 PrintDlgA 1 000D58CC comdlg32.dll 0065 ChooseColorA 1 000D58D0 comdlg32.dll 0070 GetSaveFileNameA 1 000D58D4 comdlg32.dll 006E GetOpenFileNameA FThunk: 000D58DC NbFunc: 00000001 1 000D58DC kernel32.dll 0264 MulDiv 2005-6-11 14:21 0
老刘雪币： 451 活跃值： (117) 能力值： ( LV3，RANK：20 ) 在线值：发帖 13 回帖 137 粉丝 1 关注私信	老刘 6 楼谢谢ｆｌｙ的支持啊好像明白一点了，看来脱此壳关键要跳过输入表加密啊要是还是学不会还要麻烦大侠啊 2005-6-11 14:50 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复