按下面方法修改:讯雷 w.ll不用修改
004AED75 . E8 6A35FEFF call Thunder.004922E4
004AED7A . 50 push eax ; |hWnd
004AED7B . E8 648CF5FF call <jmp.&user32.ShowWindow> ; \ShowWindow 修改为jmp 00564A30
004AED80 . E9 0E010000 jmp Thunder.004AEE93
004AED85 > 33C0 xor eax,eax
004070C4 $- FF25 7CA35600 jmp dword ptr ds:[<&kernel32.Loa>; kernel32.LoadLibraryA
0040132C $- FF25 4CA25600 jmp dword ptr ds:[<&kernel32.Get>; kernel32.GetProcAddress
004079E4 $- FF25 3CA65600 jmp dword ptr ds:[<&user32.ShowW>; user32.ShowWindow
00564A30 68 604A5600 push Thunder.00564A60 ; ASCII "w.dll"
00564A35 E8 8A26EAFF call <jmp.&kernel32.LoadLibraryA>
00564A3A 83F8 00 cmp eax,0
00564A3D 74 11 je short Thunder.00564A50
00564A3F 68 674A5600 push Thunder.00564A67 ; ASCII "move"
00564A44 50 push eax
00564A45 E8 E2C8E9FF call <jmp.&kernel32.GetProcAddre>
00564A4A 3E:FF3424 push dword ptr ds:[esp]
00564A4E FFD0 call eax
00564A50 E8 8F2FEAFF call <jmp.&user32.ShowWindow>
00564A55 ^ E9 26A3F4FF jmp Thunder.004AED80
68 60 4A 56 00 E8 8A 26 EA FF 83 F8 00 74 11 68 67 4A 56 00 50 E8 E2 C8 E9 FF 3E FF 34 24 FF D0
E8 8F 2F EA FF E9 26 A3 F4 FF 00 00 00 00 00 00 77 2E 64 6C 6C 00 00 6D 6F 76 65 00 00 00 00 00
下面是效果图: