[原创]Load DLL from memory.-编程技术-看雪-安全社区|安全招聘|kanxue.com

[原创]Load DLL from memory.

发表于: 2015-3-21 11:36 17460

[原创]Load DLL from memory.

无名侠

2015-3-21 11:36

17460

就是一个模拟加载DLL的.
为了方便，代码里的DLL数据还是从文件里读的，实际应用的时候把文件缓冲区改成已经装备好的DLL数据就可以了。

PVOID PELoader_Dll(char *FileName)； // 加载DLL

PVOID  PeLoader_GetProcAddress(HMODULE imageBase,char *ExportName) ；导出函数名字

PELoader_Dll里面有一些printf输出信息，可以去掉，只是为了调试方便。

-------------------------------------------------------------------------------------
好了说说关于系统如何”识别“我们加载的DLL
我看了几篇帖子，争议很大呢，其实我们可以换一个角度想，让系统识别无非就是想用GetProcAddress或者FreeLibrary或者是DLLMain。

HOOK GetProcAddress，检查目标是不是我们加载的PE，如果是跳入我们的函数，不是则放行。
怎么检测？呵MZ标志后的一个字节放一个我们的标识码就好了。
FreeLibrary同上。

DLLMain：
  这个也比较简单吧，随便HOOK某个DLL的DLLMain，然后跳入我们的DLLMain，然后又跳回去。

关于反HOOK.
  重载内核很牛逼，重载DLL应该也不是什么难事，重写主模块的IAT. 所以InlneHOOK或者是IATHOOK都是浮云

以上为个人见解，不喜勿喷，写的不对的地方欢迎回帖。

登录后可查看完整内容

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！

上传的附件：

PeLoader.zip （3.03kb，354次下载）

收藏・52

免费・3

支持

最新回复 (29) 1 2 ▶
pxhb 雪币： 6494 活跃值： (4441) 能力值： ( LV7，RANK：110 ) 在线值：发帖 10 回帖 420 粉丝 20 关注私信	pxhb 2 2 楼收藏一份，学习了 2015-3-21 11:42 0
totest 雪币： 100 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 50 粉丝 0 关注私信	totest 3 楼 LZ,你这样内存加载,还能用SEH没有? 2015-3-21 12:30 0
sunflover 雪币： 25 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 89 粉丝 0 关注私信	sunflover 4 楼既然要写,为什么不写好,写成一函数或者一个类都行呀 BOOL LoadMemDLL(int nPID,LPVOID *pDllBuf,UINT nDllLen); 2015-3-21 13:22 0
封心锁爱雪币： 239 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 170 粉丝 1 关注私信	封心锁爱 5 楼先顶下吧，有空看看 2015-3-21 15:42 0
Rprop 雪币： 878 活跃值： (496) 能力值： ( LV3，RANK：20 ) 在线值：发帖 35 回帖 743 粉丝 12 关注私信	Rprop 6 楼同第三楼, 不知道对SEH有没有考虑. 2015-3-21 16:02 0
dppdpp 雪币： 23 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 18 回帖 365 粉丝 0 关注私信	dppdpp 7 楼建议楼主直接用SMC就可以了，连dllmain都省了 2015-3-21 16:44 0
ProgmBoy 雪币： 382 活跃值： (352) 能力值： ( LV2，RANK：140 ) 在线值：发帖 9 回帖 157 粉丝 5 关注私信	ProgmBoy 3 8 楼 https://github.com/fancycode/MemoryModule 2015-3-23 10:46 0
wgejydy 雪币： 70 活跃值： (37) 能力值： ( LV4，RANK：50 ) 在线值：发帖 3 回帖 67 粉丝 2 关注私信	wgejydy 1 9 楼异常没处理吧，GetModuleHandle也要处理的 2015-3-23 11:05 0
sinmon 雪币： 163 活跃值： (45) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 107 粉丝 0 关注私信	sinmon 10 楼 Mark 2015-3-24 20:34 0
无名侠雪币： 6908 活跃值： (9024) 能力值： ( LV17，RANK：797 ) 在线值：发帖 74 回帖 406 粉丝 579 关注私信	无名侠 12 11 楼哦对，谢谢提醒。 2015-3-27 20:13 0
tomtory 雪币： 11052 活跃值： (3009) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 144 粉丝 1 关注私信	tomtory 12 楼看起来不错，关注～ 2015-3-27 20:36 0
无名侠雪币： 6908 活跃值： (9024) 能力值： ( LV17，RANK：797 ) 在线值：发帖 74 回帖 406 粉丝 579 关注私信	无名侠 12 13 楼请教一下异常应该如何处理呢？ 2015-3-27 21:10 0
raincrack 雪币： 26 活跃值： (56) 能力值： ( LV2，RANK：10 ) 在线值：发帖 12 回帖 66 粉丝 1 关注私信	raincrack 14 楼很麻烦 win7 win8 win8.1 win10处理的方式变化都很大！目前网上还有没能完美加载内存DLL并且处理SEH的代码！ github上有个开源的Blackbone 没仔细看他是完整模拟加载内存的，也挂钩了对SEH的有效性检测，但是他属于真实模拟！！所以加载出来的内存DLL是存在于LDR表的！！无法起到隐藏内存的作用 2015-3-30 02:30 0
raincrack 雪币： 26 活跃值： (56) 能力值： ( LV2，RANK：10 ) 在线值：发帖 12 回帖 66 粉丝 1 关注私信	raincrack 15 楼如果异常不能接管！！内存加载的意义就小很多了 2015-3-30 02:32 0
浙江螃蟹雪币： 5463 活跃值： (1420) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 142 粉丝 0 关注私信	浙江螃蟹 16 楼三人行必有我师，看了楼主的贴子，我也学到了些东西的。 2015-3-30 22:17 0
Rprop 雪币： 878 活跃值： (496) 能力值： ( LV3，RANK：20 ) 在线值：发帖 35 回帖 743 粉丝 12 关注私信	Rprop 17 楼 https://github.com/fancycode/MemoryModule/issues/4 2015-3-30 22:39 0
raincrack 雪币： 26 活跃值： (56) 能力值： ( LV2，RANK：10 ) 在线值：发帖 12 回帖 66 粉丝 1 关注私信	raincrack 18 楼这个又要加PEB 又要加 fileheadlist 还要加LdrpInvertedFunctionTable 才能支持SEH 这样以来你需要在磁盘释放DLL文件然后PEB里也能查询到模块存在，内存加载的意义简直就是鸡肋还不如直接 loaddll 2015-4-1 23:41 0
sunflover 雪币： 25 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 89 粉丝 0 关注私信	sunflover 19 楼 BOOL InjectMemDll(DWORD dwProcessID, LPVOID pDllBuffer, DWORD dwLength) { if((int)dwProcessID < 0 \|\| dwProcessID%4 != 0 \|\| pDllBuffer == NULL \|\| (int)dwLength <= 0) return FALSE; //打开进程 HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessID); if(hProcess == NULL) return FALSE; //将内存中的DLL写到目标进程 LPVOID pDataAddr = VirtualAllocEx(hProcess, NULL, dwLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if(pDataAddr == NULL) return FALSE; DWORD dwWritten = 0; BOOL bSuccess = WriteProcessMemory(hProcess, pDataAddr, pDllBuffer, dwLength, &dwWritten); ASSERT(bSuccess); //把加载函数写到目标进程 BYTE LoadCode[] = { 0x55, 0x8B, 0xEC, 0xFF, 0x75, 0x08, 0xE8, 0x06, 0x00, 0x00, 0x00, 0xE9, 0x48, 0x08, 0x00, 0x00, 0x90, 0x83, 0xEC, 0x68, 0x8D, 0x44, 0x24, 0x10, 0x53, 0x55, 0x56, 0x57, 0x50, 0xE8, 0x4F, 0x05, 0x00, 0x00, 0x8B, 0x74, 0x24, 0x7C, 0x66, 0x81, 0x3E, 0x4D, 0x5A, 0x74, 0x0C, 0x5F, 0x5E, 0x5D, 0x33, 0xC0, 0x5B, 0x83, 0xC4, 0x68, 0xC2, 0x04, 0x00, 0x8B, 0x5E, 0x3C, 0x03, 0xDE, 0x89, 0x5C, 0x24, 0x18, 0x81, 0x3B, 0x50, 0x45, 0x00, 0x00, 0x74, 0x0C, 0x5F, 0x5E, 0x5D, 0x33, 0xC0, 0x5B, 0x83, 0xC4, 0x68, 0xC2, 0x04, 0x00, 0x8B, 0x4B, 0x50, 0x8B, 0x53, 0x34, 0x6A, 0x04, 0x68, 0x00, 0x20, 0x00, 0x00, 0x51, 0x52, 0xFF, 0x54, 0x24, 0x38, 0x8B, 0xF8, 0x85, 0xFF, 0x89, 0x7C, 0x24, 0x10, 0x75, 0x26, 0x8B, 0x43, 0x50, 0x6A, 0x04, 0x68, 0x00, 0x20, 0x00, 0x00, 0x50, 0x57, 0xFF, 0x54, 0x24, 0x38, 0x85, 0xC0, 0x89, 0x44, 0x24, 0x10, 0x75, 0x0A, 0x5F, 0x5E, 0x5D, 0x5B, 0x83, 0xC4, 0x68, 0xC2, 0x04, 0x00, 0x8B, 0x7C, 0x24, 0x10, 0x6A, 0x14, 0x6A, 0x00, 0xFF, 0x54, 0x24, 0x3C, 0x50, 0xFF, 0x54, 0x24, 0x50, 0x8B, 0xE8, 0x6A, 0x04, 0x6A, 0x08, 0x89, 0x7D, 0x04, 0xC7, 0x45, 0x0C, 0x00, 0x00, 0x00, 0x00, 0xFF, 0x54, 0x24, 0x3C, 0x50, 0xFF, 0x54, 0x24, 0x50, 0x89, 0x45, 0x08, 0xC7, 0x45, 0x10, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x4B, 0x50, 0x6A, 0x04, 0x68, 0x00, 0x10, 0x00, 0x00, 0x51, 0x57, 0xFF, 0x54, 0x24, 0x38, 0x8B, 0x53, 0x54, 0x6A, 0x04, 0x68, 0x00, 0x10, 0x00, 0x00, 0x52, 0x57, 0xFF, 0x54, 0x24, 0x38, 0x8B, 0x4E, 0x3C, 0x8B, 0x7B, 0x54, 0x03, 0xCF, 0x8B, 0xF8, 0x8B, 0xD1, 0xC1, 0xE9, 0x02, 0xF3, 0xA5, 0x8B, 0xCA, 0x83, 0xE1, 0x03, 0xF3, 0xA4, 0x8B, 0x4C, 0x24, 0x7C, 0x8B, 0x51, 0x3C, 0x8B, 0x4C, 0x24, 0x10, 0x03, 0xC2, 0x8D, 0x54, 0x24, 0x4C, 0x89, 0x45, 0x00, 0x52, 0x89, 0x48, 0x34, 0xE8, 0x53, 0x04, 0x00, 0x00, 0x8B, 0x45, 0x00, 0x8B, 0x55, 0x04, 0x33, 0xC9, 0x89, 0x54, 0x24, 0x1C, 0x66, 0x8B, 0x48, 0x14, 0x66, 0x83, 0x78, 0x06, 0x00, 0xC7, 0x44, 0x24, 0x14, 0x00, 0x00, 0x00, 0x00, 0x8D, 0x4C, 0x01, 0x18, 0x0F, 0x86, 0x97, 0x00, 0x00, 0x00, 0x8D, 0x59, 0x10, 0xEB, 0x04, 0x8B, 0x54, 0x24, 0x1C, 0x83, 0x3B, 0x00, 0x75, 0x36, 0x8B, 0x44, 0x24, 0x18, 0x8B, 0x70, 0x38, 0x85, 0xF6, 0x7E, 0x5D, 0x8B, 0x4B, 0xFC, 0x6A, 0x04, 0x68, 0x00, 0x10, 0x00, 0x00, 0x03, 0xCA, 0x56, 0x51, 0xFF, 0x54, 0x24, 0x64, 0x8B, 0xCE, 0x8B, 0xF8, 0x8B, 0xD1, 0x33, 0xC0, 0xC1, 0xE9, 0x02, 0x89, 0x7B, 0xF8, 0xF3, 0xAB, 0x8B, 0xCA, 0x83, 0xE1, 0x03, 0xF3, 0xAA, 0xEB, 0x32, 0x8B, 0x4B, 0xFC, 0x8B, 0x03, 0x6A, 0x04, 0x68, 0x00, 0x10, 0x00, 0x00, 0x03, 0xCA, 0x50, 0x51, 0xFF, 0x54, 0x24, 0x64, 0x8B, 0x0B, 0x8B, 0x73, 0x04, 0x8B, 0x7C, 0x24, 0x7C, 0x8B, 0xD1, 0x03, 0xF7, 0x8B, 0xF8, 0xC1, 0xE9, 0x02, 0xF3, 0xA5, 0x8B, 0xCA, 0x83, 0xE1, 0x03, 0xF3, 0xA4, 0x89, 0x43, 0xF8, 0x8B, 0x4D, 0x00, 0x8B, 0x44, 0x24, 0x14, 0x33, 0xD2, 0x40, 0x66, 0x8B, 0x51, 0x06, 0x83, 0xC3, 0x28, 0x3B, 0xC2, 0x89, 0x44, 0x24, 0x14, 0x0F, 0x8C, 0x72, 0xFF, 0xFF, 0xFF, 0x8B, 0x5C, 0x24, 0x18, 0x8B, 0x44, 0x24, 0x10, 0x8B, 0x4B, 0x34, 0x2B, 0xC1, 0x89, 0x44, 0x24, 0x7C, 0x74, 0x7F, 0x8D, 0x44, 0x24, 0x4C, 0x50, 0xE8, 0x7C, 0x03, 0x00, 0x00, 0x8B, 0x45, 0x00, 0x8B, 0x7D, 0x04, 0x05, 0xA0, 0x00, 0x00, 0x00, 0x89, 0x7C, 0x24, 0x1C, 0x8B, 0x48, 0x04, 0x85, 0xC9, 0x76, 0x5F, 0x8B, 0x08, 0x8B, 0x04, 0x39, 0x03, 0xCF, 0x85, 0xC0, 0x76, 0x54, 0x8D, 0x1C, 0x38, 0x8B, 0x41, 0x04, 0x83, 0xE8, 0x08, 0x33, 0xF6, 0xA9, 0xFE, 0xFF, 0xFF, 0xFF, 0x8D, 0x51, 0x08, 0x76, 0x36, 0x33, 0xC0, 0x66, 0x8B, 0x02, 0x8B, 0xF8, 0x81, 0xE7, 0x00, 0xF0, 0xFF, 0xFF, 0x81, 0xFF, 0x00, 0x30, 0x00, 0x00, 0x75, 0x0D, 0x8B, 0x7C, 0x24, 0x7C, 0x25, 0xFF, 0x0F, 0x00, 0x00, 0x03, 0xC3, 0x01, 0x38, 0x8B, 0x41, 0x04, 0x46, 0x83, 0xE8, 0x08, 0x83, 0xC2, 0x02, 0xD1, 0xE8, 0x3B, 0xF0, 0x72, 0xCE, 0x8B, 0x7C, 0x24, 0x1C, 0x03, 0x49, 0x04, 0x8B, 0x01, 0x85, 0xC0, 0x77, 0xAC, 0x8D, 0x4C, 0x24, 0x4C, 0x51, 0xE8, 0xFD, 0x02, 0x00, 0x00, 0x8B, 0x45, 0x00, 0x8B, 0x5D, 0x04, 0x05, 0x80, 0x00, 0x00, 0x00, 0x89, 0x5C, 0x24, 0x7C, 0x8B, 0x48, 0x04, 0x85, 0xC9, 0x0F, 0x86, 0xDB, 0x00, 0x00, 0x00, 0x8B, 0x30, 0x6A, 0x14, 0x03, 0xF3, 0x56, 0x89, 0x74, 0x24, 0x1C, 0xFF, 0x54, 0x24, 0x64, 0x85, 0xC0, 0x0F, 0x85, 0xC4, 0x00, 0x00, 0x00, 0xEB, 0x08, 0x8B, 0x74, 0x24, 0x14, 0x8B, 0x5C, 0x24, 0x7C, 0x8B, 0x46, 0x0C, 0x85, 0xC0, 0x0F, 0x84, 0xAF, 0x00, 0x00, 0x00, 0x03, 0xC3, 0x50, 0xFF, 0x54, 0x24, 0x54, 0x8B, 0xF8, 0x83, 0xFF, 0xFF, 0x0F, 0x84, 0xC5, 0x00, 0x00, 0x00, 0x8B, 0x55, 0x0C, 0x8B, 0x4D, 0x08, 0x8D, 0x04, 0x95, 0x04, 0x00, 0x00, 0x00, 0x50, 0x51, 0x6A, 0x08, 0xFF, 0x54, 0x24, 0x6C, 0x50, 0xFF, 0x94, 0x24, 0x84, 0x00, 0x00, 0x00, 0x85, 0xC0, 0x89, 0x45, 0x08, 0x0F, 0x84, 0x9D, 0x00, 0x00, 0x00, 0x8B, 0x55, 0x0C, 0x89, 0x3C, 0x90, 0x8B, 0x55, 0x0C, 0x42, 0x89, 0x55, 0x0C, 0x8B, 0x06, 0x85, 0xC0, 0x74, 0x0B, 0x8B, 0x76, 0x10, 0x03, 0xD8, 0x03, 0x74, 0x24, 0x7C, 0xEB, 0x07, 0x8B, 0x46, 0x10, 0x03, 0xD8, 0x8B, 0xF3, 0x8B, 0x03, 0x85, 0xC0, 0x74, 0x30, 0xA9, 0x00, 0x00, 0x00, 0x80, 0x74, 0x08, 0x25, 0xFF, 0xFF, 0x00, 0x00, 0x50, 0xEB, 0x09, 0x8B, 0x4C, 0x24, 0x7C, 0x8D, 0x54, 0x08, 0x02, 0x52, 0x57, 0xFF, 0x54, 0x24, 0x70, 0x85, 0xC0, 0x89, 0x06, 0x74, 0x4F, 0x8B, 0x43, 0x04, 0x83, 0xC3, 0x04, 0x83, 0xC6, 0x04, 0x85, 0xC0, 0x75, 0xD0, 0x8B, 0x44, 0x24, 0x14, 0x6A, 0x14, 0x83, 0xC0, 0x14, 0x50, 0x89, 0x44, 0x24, 0x1C, 0xFF, 0x54, 0x24, 0x64, 0x85, 0xC0, 0x0F, 0x84, 0x3E, 0xFF, 0xFF, 0xFF, 0x55, 0xE8, 0x52, 0x00, 0x00, 0x00, 0x8B, 0x45, 0x00, 0x83, 0xC4, 0x04, 0x8B, 0x40, 0x28, 0x85, 0xC0, 0x74, 0x2E, 0x8B, 0x4C, 0x24, 0x10, 0x03, 0xC1, 0x85, 0xC0, 0x74, 0x0B, 0x6A, 0x00, 0x6A, 0x01, 0x51, 0xFF, 0xD0, 0x85, 0xC0, 0x75, 0x12, 0x55, 0xE8, 0x3A, 0x01, 0x00, 0x00, 0x5F, 0x5E, 0x5D, 0x33, 0xC0, 0x5B, 0x83, 0xC4, 0x68, 0xC2, 0x04, 0x00, 0xC7, 0x45, 0x10, 0x01, 0x00, 0x00, 0x00, 0x5F, 0x8B, 0xC5, 0x5E, 0x5D, 0x5B, 0x83, 0xC4, 0x68, 0xC2, 0x04, 0x00, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x83, 0xEC, 0x50, 0x55, 0x8D, 0x44, 0x24, 0x28, 0x57, 0x50, 0xE8, 0xA1, 0x01, 0x00, 0x00, 0x8B, 0x4C, 0x24, 0x5C, 0x33, 0xD2, 0x33, 0xED, 0xC7, 0x44, 0x24, 0x0C, 0x01, 0x00, 0x00, 0x00, 0x8B, 0x39, 0xC7, 0x44, 0x24, 0x10, 0x08, 0x00, 0x00, 0x00, 0xC7, 0x44, 0x24, 0x14, 0x02, 0x00, 0x00, 0x00, 0xC7, 0x44, 0x24, 0x18, 0x04, 0x00, 0x00, 0x00, 0x66, 0x8B, 0x57, 0x14, 0x66, 0x39, 0x6F, 0x06, 0xC7, 0x44, 0x24, 0x1C, 0x10, 0x00, 0x00, 0x00, 0xC7, 0x44, 0x24, 0x20, 0x80, 0x00, 0x00, 0x00, 0xC7, 0x44, 0x24, 0x24, 0x20, 0x00, 0x00, 0x00, 0xC7, 0x44, 0x24, 0x28, 0x40, 0x00, 0x00, 0x00, 0x8D, 0x44, 0x3A, 0x18, 0x0F, 0x86, 0x93, 0x00, 0x00, 0x00, 0x53, 0x56, 0x8D, 0x58, 0x24, 0x8B, 0x03, 0x8B, 0xC8, 0x8B, 0xD0, 0xC1, 0xE9, 0x1D, 0xC1, 0xEA, 0x1E, 0x8B, 0xF0, 0x83, 0xE1, 0x01, 0x83, 0xE2, 0x01, 0xC1, 0xEE, 0x1F, 0xA9, 0x00, 0x00, 0x00, 0x02, 0x74, 0x13, 0x8B, 0x43, 0xEC, 0x8B, 0x4B, 0xE4, 0x68, 0x00, 0x40, 0x00, 0x00, 0x50, 0x51, 0xFF, 0x54, 0x24, 0x4C, 0xEB, 0x43, 0x8D, 0x14, 0x4A, 0xA9, 0x00, 0x00, 0x00, 0x04, 0x8D, 0x0C, 0x56, 0x8B, 0x74, 0x8C, 0x14, 0x74, 0x06, 0x81, 0xCE, 0x00, 0x02, 0x00, 0x00, 0x8B, 0x53, 0xEC, 0x8B, 0xCA, 0x85, 0xC9, 0x75, 0x12, 0xA8, 0x40, 0x74, 0x05, 0x8B, 0x4F, 0x20, 0xEB, 0x07, 0xA8, 0x80, 0x74, 0x16, 0x8B, 0x4F, 0x24, 0x85, 0xC9, 0x76, 0x0F, 0x8B, 0x4B, 0xE4, 0x8D, 0x44, 0x24, 0x10, 0x50, 0x56, 0x52, 0x51, 0xFF, 0x54, 0x24, 0x44, 0x8B, 0x54, 0x24, 0x64, 0x33, 0xC0, 0x45, 0x83, 0xC3, 0x28, 0x8B, 0x3A, 0x66, 0x8B, 0x47, 0x06, 0x3B, 0xE8, 0x0F, 0x8C, 0x74, 0xFF, 0xFF, 0xFF, 0x5E, 0x5B, 0x5F, 0x5D, 0x83, 0xC4, 0x50, 0xC3, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x83, 0xEC, 0x2C, 0x8D, 0x44, 0x24, 0x00, 0x56, 0x50, 0xE8, 0x92, 0x00, 0x00, 0x00, 0x8B, 0x74, 0x24, 0x34, 0x85, 0xF6, 0x74, 0x77, 0x8B, 0x46, 0x10, 0x85, 0xC0, 0x74, 0x18, 0x8B, 0x0E, 0x8B, 0x46, 0x04, 0x6A, 0x00, 0x6A, 0x00, 0x8B, 0x51, 0x28, 0x50, 0x03, 0xD0, 0xFF, 0xD2, 0xC7, 0x46, 0x10, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x46, 0x08, 0x85, 0xC0, 0x74, 0x32, 0x8B, 0x46, 0x0C, 0x57, 0x33, 0xFF, 0x85, 0xC0, 0x7E, 0x18, 0x8B, 0x46, 0x08, 0x8B, 0x04, 0xB8, 0x83, 0xF8, 0xFF, 0x74, 0x05, 0x50, 0xFF, 0x54, 0x24, 0x24, 0x8B, 0x46, 0x0C, 0x47, 0x3B, 0xF8, 0x7C, 0xE8, 0x8B, 0x4E, 0x08, 0x51, 0x6A, 0x00, 0xFF, 0x54, 0x24, 0x24, 0x50, 0xFF, 0x54, 0x24, 0x34, 0x5F, 0x8B, 0x46, 0x04, 0x85, 0xC0, 0x74, 0x0C, 0x68, 0x00, 0x80, 0x00, 0x00, 0x6A, 0x00, 0x50, 0xFF, 0x54, 0x24, 0x1C, 0x56, 0x6A, 0x00, 0xFF, 0x54, 0x24, 0x20, 0x50, 0xFF, 0x54, 0x24, 0x30, 0x5E, 0x83, 0xC4, 0x2C, 0xC2, 0x04, 0x00, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x55, 0x8B, 0xEC, 0x81, 0xEC, 0x94, 0x00, 0x00, 0x00, 0x53, 0x56, 0x57, 0x53, 0x51, 0x52, 0x56, 0x33, 0xC9, 0x64, 0x8B, 0x71, 0x30, 0x8B, 0x76, 0x0C, 0x8B, 0x76, 0x1C, 0x8B, 0x46, 0x08, 0x8B, 0x7E, 0x20, 0x8B, 0x36, 0x38, 0x4F, 0x18, 0x75, 0xF3, 0x90, 0x90, 0x89, 0x85, 0x6C, 0xFF, 0xFF, 0xFF, 0x55, 0x8B, 0xE8, 0x8B, 0x45, 0x3C, 0x8B, 0x54, 0x05, 0x78, 0x03, 0xD5, 0x8B, 0x4A, 0x18, 0x8B, 0x5A, 0x20, 0x03, 0xDD, 0x49, 0x8B, 0x34, 0x8B, 0x03, 0xF5, 0xB8, 0x47, 0x65, 0x74, 0x50, 0x39, 0x06, 0x75, 0xF1, 0xB8, 0x72, 0x6F, 0x63, 0x41, 0x39, 0x46, 0x04, 0x75, 0xE7, 0x8B, 0x5A, 0x24, 0x03, 0xDD, 0x66, 0x8B, 0x0C, 0x4B, 0x8B, 0x5A, 0x1C, 0x03, 0xDD, 0x8B, 0x04, 0x8B, 0x03, 0xC5, 0x5D, 0x5E, 0x5A, 0x59, 0x5B, 0x89, 0x85, 0x70, 0xFF, 0xFF, 0xFF, 0xB1, 0x72, 0xB2, 0x61, 0xB0, 0x65, 0x32, 0xDB, 0xC6, 0x85, 0x74, 0xFF, 0xFF, 0xFF, 0x56, 0xC6, 0x85, 0x75, 0xFF, 0xFF, 0xFF, 0x69, 0x88, 0x8D, 0x76, 0xFF, 0xFF, 0xFF, 0xC6, 0x85, 0x77, 0xFF, 0xFF, 0xFF, 0x74, 0xC6, 0x85, 0x78, 0xFF, 0xFF, 0xFF, 0x75, 0x88, 0x95, 0x79, 0xFF, 0xFF, 0xFF, 0xC6, 0x85, 0x7A, 0xFF, 0xFF, 0xFF, 0x6C, 0xC6, 0x85, 0x7B, 0xFF, 0xFF, 0xFF, 0x50, 0x88, 0x8D, 0x7C, 0xFF, 0xFF, 0xFF, 0xC6, 0x85, 0x7D, 0xFF, 0xFF, 0xFF, 0x6F, 0xC6, 0x85, 0x7E, 0xFF, 0xFF, 0xFF, 0x74, 0x88, 0x85, 0x7F, 0xFF, 0xFF, 0xFF, 0xC6, 0x45, 0x80, 0x63, 0xC6, 0x45, 0x81, 0x74, 0x88, 0x5D, 0x82, 0xC6, 0x45, 0xB4, 0x4C, 0xC6, 0x45, 0xB5, 0x6F, 0x88, 0x55, 0xB6, 0xC6, 0x45, 0xB7, 0x64, 0xC6, 0x45, 0xB8, 0x4C, 0xC6, 0x45, 0xB9, 0x69, 0xC6, 0x45, 0xBA, 0x62, 0x88, 0x4D, 0xBB, 0x88, 0x55, 0xBC, 0x88, 0x4D, 0xBD, 0xC6, 0x45, 0xBE, 0x79, 0xC6, 0x45, 0xBF, 0x41, 0x88, 0x5D, 0xC0, 0xC6, 0x45, 0xA4, 0x56, 0xC6, 0x45, 0xA5, 0x69, 0x88, 0x4D, 0xA6, 0xC6, 0x45, 0xA7, 0x74, 0xC6, 0x45, 0xA8, 0x75, 0x88, 0x55, 0xA9, 0xC6, 0x45, 0xAA, 0x6C, 0xC6, 0x45, 0xAB, 0x41, 0xC6, 0x45, 0xAC, 0x6C, 0xC6, 0x45, 0xAD, 0x6C, 0xC6, 0x45, 0xAE, 0x6F, 0xC6, 0x45, 0xAF, 0x63, 0x88, 0x5D, 0xB0, 0xC6, 0x45, 0xC4, 0x56, 0xC6, 0x45, 0xC5, 0x69, 0x88, 0x4D, 0xC6, 0xC6, 0x45, 0xC7, 0x74, 0xC6, 0x45, 0xC8, 0x75, 0x88, 0x55, 0xC9, 0xC6, 0x45, 0xCA, 0x6C, 0xC6, 0x45, 0xCB, 0x46, 0x88, 0x4D, 0xCC, 0x88, 0x45, 0xCD, 0x88, 0x45, 0xCE, 0x88, 0x5D, 0xCF, 0xC6, 0x45, 0x94, 0x49, 0xC6, 0x45, 0x95, 0x73, 0xC6, 0x45, 0x96, 0x42, 0x88, 0x55, 0x97, 0xC6, 0x45, 0x98, 0x64, 0xC6, 0x45, 0x99, 0x52, 0x88, 0x45, 0x9A, 0x88, 0x55, 0x9B, 0xC6, 0x45, 0x9C, 0x64, 0xC6, 0x45, 0x9D, 0x50, 0xC6, 0x45, 0x9E, 0x74, 0x88, 0x4D, 0x9F, 0x88, 0x5D, 0xA0, 0xC6, 0x45, 0x84, 0x47, 0x88, 0x45, 0x85, 0xC6, 0x45, 0x86, 0x74, 0xC6, 0x45, 0x87, 0x50, 0x88, 0x4D, 0x88, 0xC6, 0x45, 0x89, 0x6F, 0xC6, 0x45, 0x8A, 0x63, 0x8B, 0xB5, 0x70, 0xFF, 0xFF, 0xFF, 0x88, 0x45, 0x8B, 0x88, 0x45, 0x8F, 0x88, 0x45, 0xDE, 0x88, 0x45, 0xDF, 0x88, 0x45, 0xF5, 0x88, 0x45, 0xFA, 0x88, 0x45, 0xFB, 0x88, 0x45, 0xE9, 0x88, 0x45, 0xD1, 0x88, 0x45, 0xD5, 0x88, 0x5D, 0x92, 0x88, 0x5D, 0xE7, 0x88, 0x5D, 0xFC, 0x88, 0x5D, 0xF1, 0x88, 0x5D, 0xDB, 0x8B, 0x9D, 0x6C, 0xFF, 0xFF, 0xFF, 0x8D, 0x85, 0x74, 0xFF, 0xFF, 0xFF, 0x50, 0x53, 0xC6, 0x45, 0x8C, 0x73, 0xC6, 0x45, 0x8D, 0x73, 0xC6, 0x45, 0x8E, 0x48, 0x88, 0x55, 0x90, 0xC6, 0x45, 0x91, 0x70, 0xC6, 0x45, 0xDC, 0x46, 0x88, 0x4D, 0xDD, 0xC6, 0x45, 0xE0, 0x4C, 0xC6, 0x45, 0xE1, 0x69, 0xC6, 0x45, 0xE2, 0x62, 0x88, 0x4D, 0xE3, 0x88, 0x55, 0xE4, 0x88, 0x4D, 0xE5, 0xC6, 0x45, 0xE6, 0x79, 0xC6, 0x45, 0xF4, 0x48, 0x88, 0x55, 0xF6, 0xC6, 0x45, 0xF7, 0x70, 0xC6, 0x45, 0xF8, 0x46, 0x88, 0x4D, 0xF9, 0xC6, 0x45, 0xE8, 0x48, 0x88, 0x55, 0xEA, 0xC6, 0x45, 0xEB, 0x70, 0xC6, 0x45, 0xEC, 0x41, 0xC6, 0x45, 0xED, 0x6C, 0xC6, 0x45, 0xEE, 0x6C, 0xC6, 0x45, 0xEF, 0x6F, 0xC6, 0x45, 0xF0, 0x63, 0xC6, 0x45, 0xD0, 0x48, 0x88, 0x55, 0xD2, 0xC6, 0x45, 0xD3, 0x70, 0xC6, 0x45, 0xD4, 0x52, 0xC6, 0x45, 0xD6, 0x41, 0xC6, 0x45, 0xD7, 0x6C, 0xC6, 0x45, 0xD8, 0x6C, 0xC6, 0x45, 0xD9, 0x6F, 0xC6, 0x45, 0xDA, 0x63, 0xFF, 0xD6, 0x8B, 0x7D, 0x08, 0x8D, 0x4D, 0xB4, 0x51, 0x53, 0x89, 0x07, 0xFF, 0xD6, 0x8D, 0x55, 0xA4, 0x89, 0x47, 0x04, 0x52, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x08, 0x8D, 0x45, 0xC4, 0x50, 0x53, 0xFF, 0xD6, 0x8D, 0x4D, 0x94, 0x89, 0x47, 0x0C, 0x51, 0x53, 0xFF, 0xD6, 0x8D, 0x55, 0x84, 0x89, 0x47, 0x10, 0x52, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x14, 0x8D, 0x45, 0xDC, 0x50, 0x53, 0xFF, 0xD6, 0x8D, 0x4D, 0xF4, 0x89, 0x47, 0x18, 0x51, 0x53, 0x89, 0x77, 0x1C, 0xFF, 0xD6, 0x8D, 0x55, 0xE8, 0x89, 0x47, 0x20, 0x52, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x24, 0x8D, 0x45, 0xD0, 0x50, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x28, 0x5F, 0x5E, 0x5B, 0x8B, 0xE5, 0x5D, 0xC2, 0x04, 0x00, 0x89, 0x45, 0x0C, 0xC9, 0xC2, 0x04, 0x00 }; BYTE GetAddressCode[] = { 0x55, 0x8B, 0xEC, 0x8B, 0x45, 0x0C, 0x50, 0xFF, 0x75, 0x08, 0xE8, 0x05, 0x00, 0x00, 0x00, 0xE9, 0xFA, 0x00, 0x00, 0x00, 0x8B, 0x44, 0x24, 0x04, 0x83, 0xEC, 0x10, 0x53, 0x55, 0x8B, 0x68, 0x04, 0x8B, 0x00, 0x83, 0xC0, 0x78, 0x56, 0x57, 0x8B, 0x48, 0x04, 0x85, 0xC9, 0x0F, 0x84, 0xA8, 0x00, 0x00, 0x00, 0x8B, 0x18, 0x03, 0xDD, 0x89, 0x5C, 0x24, 0x10, 0x8B, 0x4B, 0x18, 0x85, 0xC9, 0x89, 0x4C, 0x24, 0x1C, 0x0F, 0x84, 0x91, 0x00, 0x00, 0x00, 0x8B, 0x43, 0x14, 0x85, 0xC0, 0x0F, 0x84, 0x86, 0x00, 0x00, 0x00, 0x8B, 0x7B, 0x20, 0x8B, 0x43, 0x24, 0x03, 0xFD, 0x03, 0xC5, 0x85, 0xC9, 0x89, 0x44, 0x24, 0x24, 0xC7, 0x44, 0x24, 0x14, 0x00, 0x00, 0x00, 0x00, 0x76, 0x6C, 0x8B, 0x4C, 0x24, 0x28, 0x33, 0xC0, 0x8A, 0x01, 0x89, 0x44, 0x24, 0x18, 0x8B, 0x17, 0x8B, 0x44, 0x24, 0x18, 0x8D, 0x0C, 0x2A, 0x8A, 0x14, 0x2A, 0x8B, 0xF2, 0x81, 0xE6, 0xFF, 0x00, 0x00, 0x00, 0x2B, 0xC6, 0x75, 0x29, 0x8B, 0x74, 0x24, 0x28, 0x2B, 0xF1, 0x84, 0xD2, 0x74, 0x1B, 0x8A, 0x51, 0x01, 0x41, 0x33, 0xC0, 0x8B, 0xDA, 0x8A, 0x04, 0x0E, 0x81, 0xE3, 0xFF, 0x00, 0x00, 0x00, 0x2B, 0xC3, 0x8B, 0x5C, 0x24, 0x10, 0x74, 0xE3, 0xEB, 0x04, 0x85, 0xC0, 0x74, 0x2B, 0x8B, 0x44, 0x24, 0x14, 0x8B, 0x54, 0x24, 0x24, 0x8B, 0x4C, 0x24, 0x1C, 0x40, 0x83, 0xC7, 0x04, 0x83, 0xC2, 0x02, 0x3B, 0xC1, 0x89, 0x44, 0x24, 0x14, 0x89, 0x54, 0x24, 0x24, 0x72, 0xA0, 0x5F, 0x5E, 0x5D, 0x33, 0xC0, 0x5B, 0x83, 0xC4, 0x10, 0xC2, 0x08, 0x00, 0x8B, 0x4C, 0x24, 0x24, 0x33, 0xC0, 0x66, 0x8B, 0x01, 0x83, 0xF8, 0xFF, 0x74, 0xE6, 0x3B, 0x43, 0x14, 0x77, 0xE1, 0x8B, 0x53, 0x1C, 0x5F, 0x5E, 0x8D, 0x04, 0x82, 0x8B, 0x04, 0x28, 0x03, 0xC5, 0x5D, 0x5B, 0x83, 0xC4, 0x10, 0xC2, 0x08, 0x00, 0x89, 0x45, 0x10, 0xC9, 0xC2, 0x08, 0x00 }; BYTE FreeCode[] = { 0x55, 0x8B, 0xEC, 0xFF, 0x75, 0x08, 0xE8, 0x05, 0x00, 0x00, 0x00, 0xE9, 0x87, 0x03, 0x00, 0x00, 0x83, 0xEC, 0x2C, 0x8D, 0x44, 0x24, 0x00, 0x56, 0x50, 0xE8, 0x92, 0x00, 0x00, 0x00, 0x8B, 0x74, 0x24, 0x34, 0x85, 0xF6, 0x74, 0x77, 0x8B, 0x46, 0x10, 0x85, 0xC0, 0x74, 0x18, 0x8B, 0x0E, 0x8B, 0x46, 0x04, 0x6A, 0x00, 0x6A, 0x00, 0x8B, 0x51, 0x28, 0x50, 0x03, 0xD0, 0xFF, 0xD2, 0xC7, 0x46, 0x10, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x46, 0x08, 0x85, 0xC0, 0x74, 0x32, 0x8B, 0x46, 0x0C, 0x57, 0x33, 0xFF, 0x85, 0xC0, 0x7E, 0x18, 0x8B, 0x46, 0x08, 0x8B, 0x04, 0xB8, 0x83, 0xF8, 0xFF, 0x74, 0x05, 0x50, 0xFF, 0x54, 0x24, 0x24, 0x8B, 0x46, 0x0C, 0x47, 0x3B, 0xF8, 0x7C, 0xE8, 0x8B, 0x4E, 0x08, 0x51, 0x6A, 0x00, 0xFF, 0x54, 0x24, 0x24, 0x50, 0xFF, 0x54, 0x24, 0x34, 0x5F, 0x8B, 0x46, 0x04, 0x85, 0xC0, 0x74, 0x0C, 0x68, 0x00, 0x80, 0x00, 0x00, 0x6A, 0x00, 0x50, 0xFF, 0x54, 0x24, 0x1C, 0x56, 0x6A, 0x00, 0xFF, 0x54, 0x24, 0x20, 0x50, 0xFF, 0x54, 0x24, 0x30, 0x5E, 0x83, 0xC4, 0x2C, 0xC2, 0x04, 0x00, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x55, 0x8B, 0xEC, 0x81, 0xEC, 0x94, 0x00, 0x00, 0x00, 0x53, 0x56, 0x57, 0x53, 0x51, 0x52, 0x56, 0x33, 0xC9, 0x64, 0x8B, 0x71, 0x30, 0x8B, 0x76, 0x0C, 0x8B, 0x76, 0x1C, 0x8B, 0x46, 0x08, 0x8B, 0x7E, 0x20, 0x8B, 0x36, 0x38, 0x4F, 0x18, 0x75, 0xF3, 0x90, 0x90, 0x89, 0x85, 0x6C, 0xFF, 0xFF, 0xFF, 0x55, 0x8B, 0xE8, 0x8B, 0x45, 0x3C, 0x8B, 0x54, 0x05, 0x78, 0x03, 0xD5, 0x8B, 0x4A, 0x18, 0x8B, 0x5A, 0x20, 0x03, 0xDD, 0x49, 0x8B, 0x34, 0x8B, 0x03, 0xF5, 0xB8, 0x47, 0x65, 0x74, 0x50, 0x39, 0x06, 0x75, 0xF1, 0xB8, 0x72, 0x6F, 0x63, 0x41, 0x39, 0x46, 0x04, 0x75, 0xE7, 0x8B, 0x5A, 0x24, 0x03, 0xDD, 0x66, 0x8B, 0x0C, 0x4B, 0x8B, 0x5A, 0x1C, 0x03, 0xDD, 0x8B, 0x04, 0x8B, 0x03, 0xC5, 0x5D, 0x5E, 0x5A, 0x59, 0x5B, 0x89, 0x85, 0x70, 0xFF, 0xFF, 0xFF, 0xB1, 0x72, 0xB2, 0x61, 0xB0, 0x65, 0x32, 0xDB, 0xC6, 0x85, 0x74, 0xFF, 0xFF, 0xFF, 0x56, 0xC6, 0x85, 0x75, 0xFF, 0xFF, 0xFF, 0x69, 0x88, 0x8D, 0x76, 0xFF, 0xFF, 0xFF, 0xC6, 0x85, 0x77, 0xFF, 0xFF, 0xFF, 0x74, 0xC6, 0x85, 0x78, 0xFF, 0xFF, 0xFF, 0x75, 0x88, 0x95, 0x79, 0xFF, 0xFF, 0xFF, 0xC6, 0x85, 0x7A, 0xFF, 0xFF, 0xFF, 0x6C, 0xC6, 0x85, 0x7B, 0xFF, 0xFF, 0xFF, 0x50, 0x88, 0x8D, 0x7C, 0xFF, 0xFF, 0xFF, 0xC6, 0x85, 0x7D, 0xFF, 0xFF, 0xFF, 0x6F, 0xC6, 0x85, 0x7E, 0xFF, 0xFF, 0xFF, 0x74, 0x88, 0x85, 0x7F, 0xFF, 0xFF, 0xFF, 0xC6, 0x45, 0x80, 0x63, 0xC6, 0x45, 0x81, 0x74, 0x88, 0x5D, 0x82, 0xC6, 0x45, 0xB4, 0x4C, 0xC6, 0x45, 0xB5, 0x6F, 0x88, 0x55, 0xB6, 0xC6, 0x45, 0xB7, 0x64, 0xC6, 0x45, 0xB8, 0x4C, 0xC6, 0x45, 0xB9, 0x69, 0xC6, 0x45, 0xBA, 0x62, 0x88, 0x4D, 0xBB, 0x88, 0x55, 0xBC, 0x88, 0x4D, 0xBD, 0xC6, 0x45, 0xBE, 0x79, 0xC6, 0x45, 0xBF, 0x41, 0x88, 0x5D, 0xC0, 0xC6, 0x45, 0xA4, 0x56, 0xC6, 0x45, 0xA5, 0x69, 0x88, 0x4D, 0xA6, 0xC6, 0x45, 0xA7, 0x74, 0xC6, 0x45, 0xA8, 0x75, 0x88, 0x55, 0xA9, 0xC6, 0x45, 0xAA, 0x6C, 0xC6, 0x45, 0xAB, 0x41, 0xC6, 0x45, 0xAC, 0x6C, 0xC6, 0x45, 0xAD, 0x6C, 0xC6, 0x45, 0xAE, 0x6F, 0xC6, 0x45, 0xAF, 0x63, 0x88, 0x5D, 0xB0, 0xC6, 0x45, 0xC4, 0x56, 0xC6, 0x45, 0xC5, 0x69, 0x88, 0x4D, 0xC6, 0xC6, 0x45, 0xC7, 0x74, 0xC6, 0x45, 0xC8, 0x75, 0x88, 0x55, 0xC9, 0xC6, 0x45, 0xCA, 0x6C, 0xC6, 0x45, 0xCB, 0x46, 0x88, 0x4D, 0xCC, 0x88, 0x45, 0xCD, 0x88, 0x45, 0xCE, 0x88, 0x5D, 0xCF, 0xC6, 0x45, 0x94, 0x49, 0xC6, 0x45, 0x95, 0x73, 0xC6, 0x45, 0x96, 0x42, 0x88, 0x55, 0x97, 0xC6, 0x45, 0x98, 0x64, 0xC6, 0x45, 0x99, 0x52, 0x88, 0x45, 0x9A, 0x88, 0x55, 0x9B, 0xC6, 0x45, 0x9C, 0x64, 0xC6, 0x45, 0x9D, 0x50, 0xC6, 0x45, 0x9E, 0x74, 0x88, 0x4D, 0x9F, 0x88, 0x5D, 0xA0, 0xC6, 0x45, 0x84, 0x47, 0x88, 0x45, 0x85, 0xC6, 0x45, 0x86, 0x74, 0xC6, 0x45, 0x87, 0x50, 0x88, 0x4D, 0x88, 0xC6, 0x45, 0x89, 0x6F, 0xC6, 0x45, 0x8A, 0x63, 0x8B, 0xB5, 0x70, 0xFF, 0xFF, 0xFF, 0x88, 0x45, 0x8B, 0x88, 0x45, 0x8F, 0x88, 0x45, 0xDE, 0x88, 0x45, 0xDF, 0x88, 0x45, 0xF5, 0x88, 0x45, 0xFA, 0x88, 0x45, 0xFB, 0x88, 0x45, 0xE9, 0x88, 0x45, 0xD1, 0x88, 0x45, 0xD5, 0x88, 0x5D, 0x92, 0x88, 0x5D, 0xE7, 0x88, 0x5D, 0xFC, 0x88, 0x5D, 0xF1, 0x88, 0x5D, 0xDB, 0x8B, 0x9D, 0x6C, 0xFF, 0xFF, 0xFF, 0x8D, 0x85, 0x74, 0xFF, 0xFF, 0xFF, 0x50, 0x53, 0xC6, 0x45, 0x8C, 0x73, 0xC6, 0x45, 0x8D, 0x73, 0xC6, 0x45, 0x8E, 0x48, 0x88, 0x55, 0x90, 0xC6, 0x45, 0x91, 0x70, 0xC6, 0x45, 0xDC, 0x46, 0x88, 0x4D, 0xDD, 0xC6, 0x45, 0xE0, 0x4C, 0xC6, 0x45, 0xE1, 0x69, 0xC6, 0x45, 0xE2, 0x62, 0x88, 0x4D, 0xE3, 0x88, 0x55, 0xE4, 0x88, 0x4D, 0xE5, 0xC6, 0x45, 0xE6, 0x79, 0xC6, 0x45, 0xF4, 0x48, 0x88, 0x55, 0xF6, 0xC6, 0x45, 0xF7, 0x70, 0xC6, 0x45, 0xF8, 0x46, 0x88, 0x4D, 0xF9, 0xC6, 0x45, 0xE8, 0x48, 0x88, 0x55, 0xEA, 0xC6, 0x45, 0xEB, 0x70, 0xC6, 0x45, 0xEC, 0x41, 0xC6, 0x45, 0xED, 0x6C, 0xC6, 0x45, 0xEE, 0x6C, 0xC6, 0x45, 0xEF, 0x6F, 0xC6, 0x45, 0xF0, 0x63, 0xC6, 0x45, 0xD0, 0x48, 0x88, 0x55, 0xD2, 0xC6, 0x45, 0xD3, 0x70, 0xC6, 0x45, 0xD4, 0x52, 0xC6, 0x45, 0xD6, 0x41, 0xC6, 0x45, 0xD7, 0x6C, 0xC6, 0x45, 0xD8, 0x6C, 0xC6, 0x45, 0xD9, 0x6F, 0xC6, 0x45, 0xDA, 0x63, 0xFF, 0xD6, 0x8B, 0x7D, 0x08, 0x8D, 0x4D, 0xB4, 0x51, 0x53, 0x89, 0x07, 0xFF, 0xD6, 0x8D, 0x55, 0xA4, 0x89, 0x47, 0x04, 0x52, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x08, 0x8D, 0x45, 0xC4, 0x50, 0x53, 0xFF, 0xD6, 0x8D, 0x4D, 0x94, 0x89, 0x47, 0x0C, 0x51, 0x53, 0xFF, 0xD6, 0x8D, 0x55, 0x84, 0x89, 0x47, 0x10, 0x52, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x14, 0x8D, 0x45, 0xDC, 0x50, 0x53, 0xFF, 0xD6, 0x8D, 0x4D, 0xF4, 0x89, 0x47, 0x18, 0x51, 0x53, 0x89, 0x77, 0x1C, 0xFF, 0xD6, 0x8D, 0x55, 0xE8, 0x89, 0x47, 0x20, 0x52, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x24, 0x8D, 0x45, 0xD0, 0x50, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x28, 0x5F, 0x5E, 0x5B, 0x8B, 0xE5, 0x5D, 0xC2, 0x04, 0x00, 0xC9, 0xC2, 0x04, 0x00 }; int nLength = sizeof(LoadCode) + sizeof(GetAddressCode) + sizeof(FreeCode); LPVOID pShellcode = new BYTE[nLength]; memcpy(pShellcode,LoadCode,sizeof(LoadCode)); int tmp = (int)pShellcode + sizeof(LoadCode); memcpy((LPVOID)tmp,GetAddressCode,sizeof(GetAddressCode)); tmp += sizeof(GetAddressCode); memcpy((LPVOID)tmp,FreeCode,sizeof(FreeCode)); //将shellcode写到目标进程 LPVOID pLoadAddr = VirtualAllocEx(hProcess, NULL, nLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if(pLoadAddr == NULL) return FALSE; bSuccess = WriteProcessMemory(hProcess, pLoadAddr, pShellcode, nLength, &dwWritten); ASSERT(bSuccess); LPVOID pGetAddr = LPVOID((int)pLoadAddr + sizeof(LoadCode)); LPVOID pFreeAddr = LPVOID((int)pGetAddr + sizeof(GetAddressCode)); DWORD dwThreadID = 0; HANDLE hThread = CreateRemoteThread(hProcess,0,0,(LPTHREAD_START_ROUTINE)pLoadAddr,pDataAddr,0,&dwThreadID); WaitForSingleObject(hThread,-1); DWORD dwExitCode = 0; GetExitCodeThread(hThread,&dwExitCode); ASSERT(hThread>0); CloseHandle(hThread); if (dwExitCode == 0) { VirtualFreeEx(hProcess,pLoadAddr,0,MEM_RELEASE); VirtualFreeEx(hProcess,pDataAddr,0,MEM_RELEASE); return FALSE; } delete []pShellcode; return TRUE; } 2015-4-2 00:26 0
Rprop 雪币： 878 活跃值： (496) 能力值： ( LV3，RANK：20 ) 在线值：发帖 35 回帖 743 粉丝 12 关注私信	Rprop 20 楼不需要释放, 2015-4-2 13:39 0
raincrack 雪币： 26 活跃值： (56) 能力值： ( LV2，RANK：10 ) 在线值：发帖 12 回帖 66 粉丝 1 关注私信	raincrack 21 楼这个和普通的内存加载DLL 有什么区别呃？还是不支持 SEH 2015-4-3 00:12 0
无名侠雪币： 6908 活跃值： (9024) 能力值： ( LV17，RANK：797 ) 在线值：发帖 74 回帖 406 粉丝 579 关注私信	无名侠 12 22 楼有调试版的代码吗，你这个看着很头疼。 2015-4-3 19:23 0
sunflover 雪币： 25 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 89 粉丝 0 关注私信	sunflover 23 楼自己想办法,不能老要求别人! 2015-4-4 11:26 0
无名侠雪币： 6908 活跃值： (9024) 能力值： ( LV17，RANK：797 ) 在线值：发帖 74 回帖 406 粉丝 579 关注私信	无名侠 12 24 楼是怎么取导出函数地址的？ 2015-4-5 18:50 0
无名侠雪币： 6908 活跃值： (9024) 能力值： ( LV17，RANK：797 ) 在线值：发帖 74 回帖 406 粉丝 579 关注私信	无名侠 12 25 楼就是想从网络读取数据，目的不是为了隐藏。 2015-4-5 18:51 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

无名侠

发帖

406

回帖

797

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (29) 1 2 ▶
pxhb 雪币： 6494 活跃值： (4441) 能力值： ( LV7，RANK：110 ) 在线值：发帖 10 回帖 420 粉丝 20 关注私信	pxhb 2 2 楼收藏一份，学习了 2015-3-21 11:42 0
totest 雪币： 100 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 50 粉丝 0 关注私信	totest 3 楼 LZ,你这样内存加载,还能用SEH没有? 2015-3-21 12:30 0
sunflover 雪币： 25 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 89 粉丝 0 关注私信	sunflover 4 楼既然要写,为什么不写好,写成一函数或者一个类都行呀 BOOL LoadMemDLL(int nPID,LPVOID *pDllBuf,UINT nDllLen); 2015-3-21 13:22 0
封心锁爱雪币： 239 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 170 粉丝 1 关注私信	封心锁爱 5 楼先顶下吧，有空看看 2015-3-21 15:42 0
Rprop 雪币： 878 活跃值： (496) 能力值： ( LV3，RANK：20 ) 在线值：发帖 35 回帖 743 粉丝 12 关注私信	Rprop 6 楼同第三楼, 不知道对SEH有没有考虑. 2015-3-21 16:02 0
dppdpp 雪币： 23 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 18 回帖 365 粉丝 0 关注私信	dppdpp 7 楼建议楼主直接用SMC就可以了，连dllmain都省了 2015-3-21 16:44 0
ProgmBoy 雪币： 382 活跃值： (352) 能力值： ( LV2，RANK：140 ) 在线值：发帖 9 回帖 157 粉丝 5 关注私信	ProgmBoy 3 8 楼 https://github.com/fancycode/MemoryModule 2015-3-23 10:46 0
wgejydy 雪币： 70 活跃值： (37) 能力值： ( LV4，RANK：50 ) 在线值：发帖 3 回帖 67 粉丝 2 关注私信	wgejydy 1 9 楼异常没处理吧，GetModuleHandle也要处理的 2015-3-23 11:05 0
sinmon 雪币： 163 活跃值： (45) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 107 粉丝 0 关注私信	sinmon 10 楼 Mark 2015-3-24 20:34 0
无名侠雪币： 6908 活跃值： (9024) 能力值： ( LV17，RANK：797 ) 在线值：发帖 74 回帖 406 粉丝 579 关注私信	无名侠 12 11 楼哦对，谢谢提醒。 2015-3-27 20:13 0
tomtory 雪币： 11052 活跃值： (3009) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 144 粉丝 1 关注私信	tomtory 12 楼看起来不错，关注～ 2015-3-27 20:36 0
无名侠雪币： 6908 活跃值： (9024) 能力值： ( LV17，RANK：797 ) 在线值：发帖 74 回帖 406 粉丝 579 关注私信	无名侠 12 13 楼请教一下异常应该如何处理呢？ 2015-3-27 21:10 0
raincrack 雪币： 26 活跃值： (56) 能力值： ( LV2，RANK：10 ) 在线值：发帖 12 回帖 66 粉丝 1 关注私信	raincrack 14 楼很麻烦 win7 win8 win8.1 win10处理的方式变化都很大！目前网上还有没能完美加载内存DLL并且处理SEH的代码！ github上有个开源的Blackbone 没仔细看他是完整模拟加载内存的，也挂钩了对SEH的有效性检测，但是他属于真实模拟！！所以加载出来的内存DLL是存在于LDR表的！！无法起到隐藏内存的作用 2015-3-30 02:30 0
raincrack 雪币： 26 活跃值： (56) 能力值： ( LV2，RANK：10 ) 在线值：发帖 12 回帖 66 粉丝 1 关注私信	raincrack 15 楼如果异常不能接管！！内存加载的意义就小很多了 2015-3-30 02:32 0
浙江螃蟹雪币： 5463 活跃值： (1420) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 142 粉丝 0 关注私信	浙江螃蟹 16 楼三人行必有我师，看了楼主的贴子，我也学到了些东西的。 2015-3-30 22:17 0
Rprop 雪币： 878 活跃值： (496) 能力值： ( LV3，RANK：20 ) 在线值：发帖 35 回帖 743 粉丝 12 关注私信	Rprop 17 楼 https://github.com/fancycode/MemoryModule/issues/4 2015-3-30 22:39 0
raincrack 雪币： 26 活跃值： (56) 能力值： ( LV2，RANK：10 ) 在线值：发帖 12 回帖 66 粉丝 1 关注私信	raincrack 18 楼这个又要加PEB 又要加 fileheadlist 还要加LdrpInvertedFunctionTable 才能支持SEH 这样以来你需要在磁盘释放DLL文件然后PEB里也能查询到模块存在，内存加载的意义简直就是鸡肋还不如直接 loaddll 2015-4-1 23:41 0
sunflover 雪币： 25 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 89 粉丝 0 关注私信	sunflover 19 楼 BOOL InjectMemDll(DWORD dwProcessID, LPVOID pDllBuffer, DWORD dwLength) { if((int)dwProcessID < 0 \|\| dwProcessID%4 != 0 \|\| pDllBuffer == NULL \|\| (int)dwLength <= 0) return FALSE; //打开进程 HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessID); if(hProcess == NULL) return FALSE; //将内存中的DLL写到目标进程 LPVOID pDataAddr = VirtualAllocEx(hProcess, NULL, dwLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if(pDataAddr == NULL) return FALSE; DWORD dwWritten = 0; BOOL bSuccess = WriteProcessMemory(hProcess, pDataAddr, pDllBuffer, dwLength, &dwWritten); ASSERT(bSuccess); //把加载函数写到目标进程 BYTE LoadCode[] = { 0x55, 0x8B, 0xEC, 0xFF, 0x75, 0x08, 0xE8, 0x06, 0x00, 0x00, 0x00, 0xE9, 0x48, 0x08, 0x00, 0x00, 0x90, 0x83, 0xEC, 0x68, 0x8D, 0x44, 0x24, 0x10, 0x53, 0x55, 0x56, 0x57, 0x50, 0xE8, 0x4F, 0x05, 0x00, 0x00, 0x8B, 0x74, 0x24, 0x7C, 0x66, 0x81, 0x3E, 0x4D, 0x5A, 0x74, 0x0C, 0x5F, 0x5E, 0x5D, 0x33, 0xC0, 0x5B, 0x83, 0xC4, 0x68, 0xC2, 0x04, 0x00, 0x8B, 0x5E, 0x3C, 0x03, 0xDE, 0x89, 0x5C, 0x24, 0x18, 0x81, 0x3B, 0x50, 0x45, 0x00, 0x00, 0x74, 0x0C, 0x5F, 0x5E, 0x5D, 0x33, 0xC0, 0x5B, 0x83, 0xC4, 0x68, 0xC2, 0x04, 0x00, 0x8B, 0x4B, 0x50, 0x8B, 0x53, 0x34, 0x6A, 0x04, 0x68, 0x00, 0x20, 0x00, 0x00, 0x51, 0x52, 0xFF, 0x54, 0x24, 0x38, 0x8B, 0xF8, 0x85, 0xFF, 0x89, 0x7C, 0x24, 0x10, 0x75, 0x26, 0x8B, 0x43, 0x50, 0x6A, 0x04, 0x68, 0x00, 0x20, 0x00, 0x00, 0x50, 0x57, 0xFF, 0x54, 0x24, 0x38, 0x85, 0xC0, 0x89, 0x44, 0x24, 0x10, 0x75, 0x0A, 0x5F, 0x5E, 0x5D, 0x5B, 0x83, 0xC4, 0x68, 0xC2, 0x04, 0x00, 0x8B, 0x7C, 0x24, 0x10, 0x6A, 0x14, 0x6A, 0x00, 0xFF, 0x54, 0x24, 0x3C, 0x50, 0xFF, 0x54, 0x24, 0x50, 0x8B, 0xE8, 0x6A, 0x04, 0x6A, 0x08, 0x89, 0x7D, 0x04, 0xC7, 0x45, 0x0C, 0x00, 0x00, 0x00, 0x00, 0xFF, 0x54, 0x24, 0x3C, 0x50, 0xFF, 0x54, 0x24, 0x50, 0x89, 0x45, 0x08, 0xC7, 0x45, 0x10, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x4B, 0x50, 0x6A, 0x04, 0x68, 0x00, 0x10, 0x00, 0x00, 0x51, 0x57, 0xFF, 0x54, 0x24, 0x38, 0x8B, 0x53, 0x54, 0x6A, 0x04, 0x68, 0x00, 0x10, 0x00, 0x00, 0x52, 0x57, 0xFF, 0x54, 0x24, 0x38, 0x8B, 0x4E, 0x3C, 0x8B, 0x7B, 0x54, 0x03, 0xCF, 0x8B, 0xF8, 0x8B, 0xD1, 0xC1, 0xE9, 0x02, 0xF3, 0xA5, 0x8B, 0xCA, 0x83, 0xE1, 0x03, 0xF3, 0xA4, 0x8B, 0x4C, 0x24, 0x7C, 0x8B, 0x51, 0x3C, 0x8B, 0x4C, 0x24, 0x10, 0x03, 0xC2, 0x8D, 0x54, 0x24, 0x4C, 0x89, 0x45, 0x00, 0x52, 0x89, 0x48, 0x34, 0xE8, 0x53, 0x04, 0x00, 0x00, 0x8B, 0x45, 0x00, 0x8B, 0x55, 0x04, 0x33, 0xC9, 0x89, 0x54, 0x24, 0x1C, 0x66, 0x8B, 0x48, 0x14, 0x66, 0x83, 0x78, 0x06, 0x00, 0xC7, 0x44, 0x24, 0x14, 0x00, 0x00, 0x00, 0x00, 0x8D, 0x4C, 0x01, 0x18, 0x0F, 0x86, 0x97, 0x00, 0x00, 0x00, 0x8D, 0x59, 0x10, 0xEB, 0x04, 0x8B, 0x54, 0x24, 0x1C, 0x83, 0x3B, 0x00, 0x75, 0x36, 0x8B, 0x44, 0x24, 0x18, 0x8B, 0x70, 0x38, 0x85, 0xF6, 0x7E, 0x5D, 0x8B, 0x4B, 0xFC, 0x6A, 0x04, 0x68, 0x00, 0x10, 0x00, 0x00, 0x03, 0xCA, 0x56, 0x51, 0xFF, 0x54, 0x24, 0x64, 0x8B, 0xCE, 0x8B, 0xF8, 0x8B, 0xD1, 0x33, 0xC0, 0xC1, 0xE9, 0x02, 0x89, 0x7B, 0xF8, 0xF3, 0xAB, 0x8B, 0xCA, 0x83, 0xE1, 0x03, 0xF3, 0xAA, 0xEB, 0x32, 0x8B, 0x4B, 0xFC, 0x8B, 0x03, 0x6A, 0x04, 0x68, 0x00, 0x10, 0x00, 0x00, 0x03, 0xCA, 0x50, 0x51, 0xFF, 0x54, 0x24, 0x64, 0x8B, 0x0B, 0x8B, 0x73, 0x04, 0x8B, 0x7C, 0x24, 0x7C, 0x8B, 0xD1, 0x03, 0xF7, 0x8B, 0xF8, 0xC1, 0xE9, 0x02, 0xF3, 0xA5, 0x8B, 0xCA, 0x83, 0xE1, 0x03, 0xF3, 0xA4, 0x89, 0x43, 0xF8, 0x8B, 0x4D, 0x00, 0x8B, 0x44, 0x24, 0x14, 0x33, 0xD2, 0x40, 0x66, 0x8B, 0x51, 0x06, 0x83, 0xC3, 0x28, 0x3B, 0xC2, 0x89, 0x44, 0x24, 0x14, 0x0F, 0x8C, 0x72, 0xFF, 0xFF, 0xFF, 0x8B, 0x5C, 0x24, 0x18, 0x8B, 0x44, 0x24, 0x10, 0x8B, 0x4B, 0x34, 0x2B, 0xC1, 0x89, 0x44, 0x24, 0x7C, 0x74, 0x7F, 0x8D, 0x44, 0x24, 0x4C, 0x50, 0xE8, 0x7C, 0x03, 0x00, 0x00, 0x8B, 0x45, 0x00, 0x8B, 0x7D, 0x04, 0x05, 0xA0, 0x00, 0x00, 0x00, 0x89, 0x7C, 0x24, 0x1C, 0x8B, 0x48, 0x04, 0x85, 0xC9, 0x76, 0x5F, 0x8B, 0x08, 0x8B, 0x04, 0x39, 0x03, 0xCF, 0x85, 0xC0, 0x76, 0x54, 0x8D, 0x1C, 0x38, 0x8B, 0x41, 0x04, 0x83, 0xE8, 0x08, 0x33, 0xF6, 0xA9, 0xFE, 0xFF, 0xFF, 0xFF, 0x8D, 0x51, 0x08, 0x76, 0x36, 0x33, 0xC0, 0x66, 0x8B, 0x02, 0x8B, 0xF8, 0x81, 0xE7, 0x00, 0xF0, 0xFF, 0xFF, 0x81, 0xFF, 0x00, 0x30, 0x00, 0x00, 0x75, 0x0D, 0x8B, 0x7C, 0x24, 0x7C, 0x25, 0xFF, 0x0F, 0x00, 0x00, 0x03, 0xC3, 0x01, 0x38, 0x8B, 0x41, 0x04, 0x46, 0x83, 0xE8, 0x08, 0x83, 0xC2, 0x02, 0xD1, 0xE8, 0x3B, 0xF0, 0x72, 0xCE, 0x8B, 0x7C, 0x24, 0x1C, 0x03, 0x49, 0x04, 0x8B, 0x01, 0x85, 0xC0, 0x77, 0xAC, 0x8D, 0x4C, 0x24, 0x4C, 0x51, 0xE8, 0xFD, 0x02, 0x00, 0x00, 0x8B, 0x45, 0x00, 0x8B, 0x5D, 0x04, 0x05, 0x80, 0x00, 0x00, 0x00, 0x89, 0x5C, 0x24, 0x7C, 0x8B, 0x48, 0x04, 0x85, 0xC9, 0x0F, 0x86, 0xDB, 0x00, 0x00, 0x00, 0x8B, 0x30, 0x6A, 0x14, 0x03, 0xF3, 0x56, 0x89, 0x74, 0x24, 0x1C, 0xFF, 0x54, 0x24, 0x64, 0x85, 0xC0, 0x0F, 0x85, 0xC4, 0x00, 0x00, 0x00, 0xEB, 0x08, 0x8B, 0x74, 0x24, 0x14, 0x8B, 0x5C, 0x24, 0x7C, 0x8B, 0x46, 0x0C, 0x85, 0xC0, 0x0F, 0x84, 0xAF, 0x00, 0x00, 0x00, 0x03, 0xC3, 0x50, 0xFF, 0x54, 0x24, 0x54, 0x8B, 0xF8, 0x83, 0xFF, 0xFF, 0x0F, 0x84, 0xC5, 0x00, 0x00, 0x00, 0x8B, 0x55, 0x0C, 0x8B, 0x4D, 0x08, 0x8D, 0x04, 0x95, 0x04, 0x00, 0x00, 0x00, 0x50, 0x51, 0x6A, 0x08, 0xFF, 0x54, 0x24, 0x6C, 0x50, 0xFF, 0x94, 0x24, 0x84, 0x00, 0x00, 0x00, 0x85, 0xC0, 0x89, 0x45, 0x08, 0x0F, 0x84, 0x9D, 0x00, 0x00, 0x00, 0x8B, 0x55, 0x0C, 0x89, 0x3C, 0x90, 0x8B, 0x55, 0x0C, 0x42, 0x89, 0x55, 0x0C, 0x8B, 0x06, 0x85, 0xC0, 0x74, 0x0B, 0x8B, 0x76, 0x10, 0x03, 0xD8, 0x03, 0x74, 0x24, 0x7C, 0xEB, 0x07, 0x8B, 0x46, 0x10, 0x03, 0xD8, 0x8B, 0xF3, 0x8B, 0x03, 0x85, 0xC0, 0x74, 0x30, 0xA9, 0x00, 0x00, 0x00, 0x80, 0x74, 0x08, 0x25, 0xFF, 0xFF, 0x00, 0x00, 0x50, 0xEB, 0x09, 0x8B, 0x4C, 0x24, 0x7C, 0x8D, 0x54, 0x08, 0x02, 0x52, 0x57, 0xFF, 0x54, 0x24, 0x70, 0x85, 0xC0, 0x89, 0x06, 0x74, 0x4F, 0x8B, 0x43, 0x04, 0x83, 0xC3, 0x04, 0x83, 0xC6, 0x04, 0x85, 0xC0, 0x75, 0xD0, 0x8B, 0x44, 0x24, 0x14, 0x6A, 0x14, 0x83, 0xC0, 0x14, 0x50, 0x89, 0x44, 0x24, 0x1C, 0xFF, 0x54, 0x24, 0x64, 0x85, 0xC0, 0x0F, 0x84, 0x3E, 0xFF, 0xFF, 0xFF, 0x55, 0xE8, 0x52, 0x00, 0x00, 0x00, 0x8B, 0x45, 0x00, 0x83, 0xC4, 0x04, 0x8B, 0x40, 0x28, 0x85, 0xC0, 0x74, 0x2E, 0x8B, 0x4C, 0x24, 0x10, 0x03, 0xC1, 0x85, 0xC0, 0x74, 0x0B, 0x6A, 0x00, 0x6A, 0x01, 0x51, 0xFF, 0xD0, 0x85, 0xC0, 0x75, 0x12, 0x55, 0xE8, 0x3A, 0x01, 0x00, 0x00, 0x5F, 0x5E, 0x5D, 0x33, 0xC0, 0x5B, 0x83, 0xC4, 0x68, 0xC2, 0x04, 0x00, 0xC7, 0x45, 0x10, 0x01, 0x00, 0x00, 0x00, 0x5F, 0x8B, 0xC5, 0x5E, 0x5D, 0x5B, 0x83, 0xC4, 0x68, 0xC2, 0x04, 0x00, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x83, 0xEC, 0x50, 0x55, 0x8D, 0x44, 0x24, 0x28, 0x57, 0x50, 0xE8, 0xA1, 0x01, 0x00, 0x00, 0x8B, 0x4C, 0x24, 0x5C, 0x33, 0xD2, 0x33, 0xED, 0xC7, 0x44, 0x24, 0x0C, 0x01, 0x00, 0x00, 0x00, 0x8B, 0x39, 0xC7, 0x44, 0x24, 0x10, 0x08, 0x00, 0x00, 0x00, 0xC7, 0x44, 0x24, 0x14, 0x02, 0x00, 0x00, 0x00, 0xC7, 0x44, 0x24, 0x18, 0x04, 0x00, 0x00, 0x00, 0x66, 0x8B, 0x57, 0x14, 0x66, 0x39, 0x6F, 0x06, 0xC7, 0x44, 0x24, 0x1C, 0x10, 0x00, 0x00, 0x00, 0xC7, 0x44, 0x24, 0x20, 0x80, 0x00, 0x00, 0x00, 0xC7, 0x44, 0x24, 0x24, 0x20, 0x00, 0x00, 0x00, 0xC7, 0x44, 0x24, 0x28, 0x40, 0x00, 0x00, 0x00, 0x8D, 0x44, 0x3A, 0x18, 0x0F, 0x86, 0x93, 0x00, 0x00, 0x00, 0x53, 0x56, 0x8D, 0x58, 0x24, 0x8B, 0x03, 0x8B, 0xC8, 0x8B, 0xD0, 0xC1, 0xE9, 0x1D, 0xC1, 0xEA, 0x1E, 0x8B, 0xF0, 0x83, 0xE1, 0x01, 0x83, 0xE2, 0x01, 0xC1, 0xEE, 0x1F, 0xA9, 0x00, 0x00, 0x00, 0x02, 0x74, 0x13, 0x8B, 0x43, 0xEC, 0x8B, 0x4B, 0xE4, 0x68, 0x00, 0x40, 0x00, 0x00, 0x50, 0x51, 0xFF, 0x54, 0x24, 0x4C, 0xEB, 0x43, 0x8D, 0x14, 0x4A, 0xA9, 0x00, 0x00, 0x00, 0x04, 0x8D, 0x0C, 0x56, 0x8B, 0x74, 0x8C, 0x14, 0x74, 0x06, 0x81, 0xCE, 0x00, 0x02, 0x00, 0x00, 0x8B, 0x53, 0xEC, 0x8B, 0xCA, 0x85, 0xC9, 0x75, 0x12, 0xA8, 0x40, 0x74, 0x05, 0x8B, 0x4F, 0x20, 0xEB, 0x07, 0xA8, 0x80, 0x74, 0x16, 0x8B, 0x4F, 0x24, 0x85, 0xC9, 0x76, 0x0F, 0x8B, 0x4B, 0xE4, 0x8D, 0x44, 0x24, 0x10, 0x50, 0x56, 0x52, 0x51, 0xFF, 0x54, 0x24, 0x44, 0x8B, 0x54, 0x24, 0x64, 0x33, 0xC0, 0x45, 0x83, 0xC3, 0x28, 0x8B, 0x3A, 0x66, 0x8B, 0x47, 0x06, 0x3B, 0xE8, 0x0F, 0x8C, 0x74, 0xFF, 0xFF, 0xFF, 0x5E, 0x5B, 0x5F, 0x5D, 0x83, 0xC4, 0x50, 0xC3, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x83, 0xEC, 0x2C, 0x8D, 0x44, 0x24, 0x00, 0x56, 0x50, 0xE8, 0x92, 0x00, 0x00, 0x00, 0x8B, 0x74, 0x24, 0x34, 0x85, 0xF6, 0x74, 0x77, 0x8B, 0x46, 0x10, 0x85, 0xC0, 0x74, 0x18, 0x8B, 0x0E, 0x8B, 0x46, 0x04, 0x6A, 0x00, 0x6A, 0x00, 0x8B, 0x51, 0x28, 0x50, 0x03, 0xD0, 0xFF, 0xD2, 0xC7, 0x46, 0x10, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x46, 0x08, 0x85, 0xC0, 0x74, 0x32, 0x8B, 0x46, 0x0C, 0x57, 0x33, 0xFF, 0x85, 0xC0, 0x7E, 0x18, 0x8B, 0x46, 0x08, 0x8B, 0x04, 0xB8, 0x83, 0xF8, 0xFF, 0x74, 0x05, 0x50, 0xFF, 0x54, 0x24, 0x24, 0x8B, 0x46, 0x0C, 0x47, 0x3B, 0xF8, 0x7C, 0xE8, 0x8B, 0x4E, 0x08, 0x51, 0x6A, 0x00, 0xFF, 0x54, 0x24, 0x24, 0x50, 0xFF, 0x54, 0x24, 0x34, 0x5F, 0x8B, 0x46, 0x04, 0x85, 0xC0, 0x74, 0x0C, 0x68, 0x00, 0x80, 0x00, 0x00, 0x6A, 0x00, 0x50, 0xFF, 0x54, 0x24, 0x1C, 0x56, 0x6A, 0x00, 0xFF, 0x54, 0x24, 0x20, 0x50, 0xFF, 0x54, 0x24, 0x30, 0x5E, 0x83, 0xC4, 0x2C, 0xC2, 0x04, 0x00, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x55, 0x8B, 0xEC, 0x81, 0xEC, 0x94, 0x00, 0x00, 0x00, 0x53, 0x56, 0x57, 0x53, 0x51, 0x52, 0x56, 0x33, 0xC9, 0x64, 0x8B, 0x71, 0x30, 0x8B, 0x76, 0x0C, 0x8B, 0x76, 0x1C, 0x8B, 0x46, 0x08, 0x8B, 0x7E, 0x20, 0x8B, 0x36, 0x38, 0x4F, 0x18, 0x75, 0xF3, 0x90, 0x90, 0x89, 0x85, 0x6C, 0xFF, 0xFF, 0xFF, 0x55, 0x8B, 0xE8, 0x8B, 0x45, 0x3C, 0x8B, 0x54, 0x05, 0x78, 0x03, 0xD5, 0x8B, 0x4A, 0x18, 0x8B, 0x5A, 0x20, 0x03, 0xDD, 0x49, 0x8B, 0x34, 0x8B, 0x03, 0xF5, 0xB8, 0x47, 0x65, 0x74, 0x50, 0x39, 0x06, 0x75, 0xF1, 0xB8, 0x72, 0x6F, 0x63, 0x41, 0x39, 0x46, 0x04, 0x75, 0xE7, 0x8B, 0x5A, 0x24, 0x03, 0xDD, 0x66, 0x8B, 0x0C, 0x4B, 0x8B, 0x5A, 0x1C, 0x03, 0xDD, 0x8B, 0x04, 0x8B, 0x03, 0xC5, 0x5D, 0x5E, 0x5A, 0x59, 0x5B, 0x89, 0x85, 0x70, 0xFF, 0xFF, 0xFF, 0xB1, 0x72, 0xB2, 0x61, 0xB0, 0x65, 0x32, 0xDB, 0xC6, 0x85, 0x74, 0xFF, 0xFF, 0xFF, 0x56, 0xC6, 0x85, 0x75, 0xFF, 0xFF, 0xFF, 0x69, 0x88, 0x8D, 0x76, 0xFF, 0xFF, 0xFF, 0xC6, 0x85, 0x77, 0xFF, 0xFF, 0xFF, 0x74, 0xC6, 0x85, 0x78, 0xFF, 0xFF, 0xFF, 0x75, 0x88, 0x95, 0x79, 0xFF, 0xFF, 0xFF, 0xC6, 0x85, 0x7A, 0xFF, 0xFF, 0xFF, 0x6C, 0xC6, 0x85, 0x7B, 0xFF, 0xFF, 0xFF, 0x50, 0x88, 0x8D, 0x7C, 0xFF, 0xFF, 0xFF, 0xC6, 0x85, 0x7D, 0xFF, 0xFF, 0xFF, 0x6F, 0xC6, 0x85, 0x7E, 0xFF, 0xFF, 0xFF, 0x74, 0x88, 0x85, 0x7F, 0xFF, 0xFF, 0xFF, 0xC6, 0x45, 0x80, 0x63, 0xC6, 0x45, 0x81, 0x74, 0x88, 0x5D, 0x82, 0xC6, 0x45, 0xB4, 0x4C, 0xC6, 0x45, 0xB5, 0x6F, 0x88, 0x55, 0xB6, 0xC6, 0x45, 0xB7, 0x64, 0xC6, 0x45, 0xB8, 0x4C, 0xC6, 0x45, 0xB9, 0x69, 0xC6, 0x45, 0xBA, 0x62, 0x88, 0x4D, 0xBB, 0x88, 0x55, 0xBC, 0x88, 0x4D, 0xBD, 0xC6, 0x45, 0xBE, 0x79, 0xC6, 0x45, 0xBF, 0x41, 0x88, 0x5D, 0xC0, 0xC6, 0x45, 0xA4, 0x56, 0xC6, 0x45, 0xA5, 0x69, 0x88, 0x4D, 0xA6, 0xC6, 0x45, 0xA7, 0x74, 0xC6, 0x45, 0xA8, 0x75, 0x88, 0x55, 0xA9, 0xC6, 0x45, 0xAA, 0x6C, 0xC6, 0x45, 0xAB, 0x41, 0xC6, 0x45, 0xAC, 0x6C, 0xC6, 0x45, 0xAD, 0x6C, 0xC6, 0x45, 0xAE, 0x6F, 0xC6, 0x45, 0xAF, 0x63, 0x88, 0x5D, 0xB0, 0xC6, 0x45, 0xC4, 0x56, 0xC6, 0x45, 0xC5, 0x69, 0x88, 0x4D, 0xC6, 0xC6, 0x45, 0xC7, 0x74, 0xC6, 0x45, 0xC8, 0x75, 0x88, 0x55, 0xC9, 0xC6, 0x45, 0xCA, 0x6C, 0xC6, 0x45, 0xCB, 0x46, 0x88, 0x4D, 0xCC, 0x88, 0x45, 0xCD, 0x88, 0x45, 0xCE, 0x88, 0x5D, 0xCF, 0xC6, 0x45, 0x94, 0x49, 0xC6, 0x45, 0x95, 0x73, 0xC6, 0x45, 0x96, 0x42, 0x88, 0x55, 0x97, 0xC6, 0x45, 0x98, 0x64, 0xC6, 0x45, 0x99, 0x52, 0x88, 0x45, 0x9A, 0x88, 0x55, 0x9B, 0xC6, 0x45, 0x9C, 0x64, 0xC6, 0x45, 0x9D, 0x50, 0xC6, 0x45, 0x9E, 0x74, 0x88, 0x4D, 0x9F, 0x88, 0x5D, 0xA0, 0xC6, 0x45, 0x84, 0x47, 0x88, 0x45, 0x85, 0xC6, 0x45, 0x86, 0x74, 0xC6, 0x45, 0x87, 0x50, 0x88, 0x4D, 0x88, 0xC6, 0x45, 0x89, 0x6F, 0xC6, 0x45, 0x8A, 0x63, 0x8B, 0xB5, 0x70, 0xFF, 0xFF, 0xFF, 0x88, 0x45, 0x8B, 0x88, 0x45, 0x8F, 0x88, 0x45, 0xDE, 0x88, 0x45, 0xDF, 0x88, 0x45, 0xF5, 0x88, 0x45, 0xFA, 0x88, 0x45, 0xFB, 0x88, 0x45, 0xE9, 0x88, 0x45, 0xD1, 0x88, 0x45, 0xD5, 0x88, 0x5D, 0x92, 0x88, 0x5D, 0xE7, 0x88, 0x5D, 0xFC, 0x88, 0x5D, 0xF1, 0x88, 0x5D, 0xDB, 0x8B, 0x9D, 0x6C, 0xFF, 0xFF, 0xFF, 0x8D, 0x85, 0x74, 0xFF, 0xFF, 0xFF, 0x50, 0x53, 0xC6, 0x45, 0x8C, 0x73, 0xC6, 0x45, 0x8D, 0x73, 0xC6, 0x45, 0x8E, 0x48, 0x88, 0x55, 0x90, 0xC6, 0x45, 0x91, 0x70, 0xC6, 0x45, 0xDC, 0x46, 0x88, 0x4D, 0xDD, 0xC6, 0x45, 0xE0, 0x4C, 0xC6, 0x45, 0xE1, 0x69, 0xC6, 0x45, 0xE2, 0x62, 0x88, 0x4D, 0xE3, 0x88, 0x55, 0xE4, 0x88, 0x4D, 0xE5, 0xC6, 0x45, 0xE6, 0x79, 0xC6, 0x45, 0xF4, 0x48, 0x88, 0x55, 0xF6, 0xC6, 0x45, 0xF7, 0x70, 0xC6, 0x45, 0xF8, 0x46, 0x88, 0x4D, 0xF9, 0xC6, 0x45, 0xE8, 0x48, 0x88, 0x55, 0xEA, 0xC6, 0x45, 0xEB, 0x70, 0xC6, 0x45, 0xEC, 0x41, 0xC6, 0x45, 0xED, 0x6C, 0xC6, 0x45, 0xEE, 0x6C, 0xC6, 0x45, 0xEF, 0x6F, 0xC6, 0x45, 0xF0, 0x63, 0xC6, 0x45, 0xD0, 0x48, 0x88, 0x55, 0xD2, 0xC6, 0x45, 0xD3, 0x70, 0xC6, 0x45, 0xD4, 0x52, 0xC6, 0x45, 0xD6, 0x41, 0xC6, 0x45, 0xD7, 0x6C, 0xC6, 0x45, 0xD8, 0x6C, 0xC6, 0x45, 0xD9, 0x6F, 0xC6, 0x45, 0xDA, 0x63, 0xFF, 0xD6, 0x8B, 0x7D, 0x08, 0x8D, 0x4D, 0xB4, 0x51, 0x53, 0x89, 0x07, 0xFF, 0xD6, 0x8D, 0x55, 0xA4, 0x89, 0x47, 0x04, 0x52, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x08, 0x8D, 0x45, 0xC4, 0x50, 0x53, 0xFF, 0xD6, 0x8D, 0x4D, 0x94, 0x89, 0x47, 0x0C, 0x51, 0x53, 0xFF, 0xD6, 0x8D, 0x55, 0x84, 0x89, 0x47, 0x10, 0x52, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x14, 0x8D, 0x45, 0xDC, 0x50, 0x53, 0xFF, 0xD6, 0x8D, 0x4D, 0xF4, 0x89, 0x47, 0x18, 0x51, 0x53, 0x89, 0x77, 0x1C, 0xFF, 0xD6, 0x8D, 0x55, 0xE8, 0x89, 0x47, 0x20, 0x52, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x24, 0x8D, 0x45, 0xD0, 0x50, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x28, 0x5F, 0x5E, 0x5B, 0x8B, 0xE5, 0x5D, 0xC2, 0x04, 0x00, 0x89, 0x45, 0x0C, 0xC9, 0xC2, 0x04, 0x00 }; BYTE GetAddressCode[] = { 0x55, 0x8B, 0xEC, 0x8B, 0x45, 0x0C, 0x50, 0xFF, 0x75, 0x08, 0xE8, 0x05, 0x00, 0x00, 0x00, 0xE9, 0xFA, 0x00, 0x00, 0x00, 0x8B, 0x44, 0x24, 0x04, 0x83, 0xEC, 0x10, 0x53, 0x55, 0x8B, 0x68, 0x04, 0x8B, 0x00, 0x83, 0xC0, 0x78, 0x56, 0x57, 0x8B, 0x48, 0x04, 0x85, 0xC9, 0x0F, 0x84, 0xA8, 0x00, 0x00, 0x00, 0x8B, 0x18, 0x03, 0xDD, 0x89, 0x5C, 0x24, 0x10, 0x8B, 0x4B, 0x18, 0x85, 0xC9, 0x89, 0x4C, 0x24, 0x1C, 0x0F, 0x84, 0x91, 0x00, 0x00, 0x00, 0x8B, 0x43, 0x14, 0x85, 0xC0, 0x0F, 0x84, 0x86, 0x00, 0x00, 0x00, 0x8B, 0x7B, 0x20, 0x8B, 0x43, 0x24, 0x03, 0xFD, 0x03, 0xC5, 0x85, 0xC9, 0x89, 0x44, 0x24, 0x24, 0xC7, 0x44, 0x24, 0x14, 0x00, 0x00, 0x00, 0x00, 0x76, 0x6C, 0x8B, 0x4C, 0x24, 0x28, 0x33, 0xC0, 0x8A, 0x01, 0x89, 0x44, 0x24, 0x18, 0x8B, 0x17, 0x8B, 0x44, 0x24, 0x18, 0x8D, 0x0C, 0x2A, 0x8A, 0x14, 0x2A, 0x8B, 0xF2, 0x81, 0xE6, 0xFF, 0x00, 0x00, 0x00, 0x2B, 0xC6, 0x75, 0x29, 0x8B, 0x74, 0x24, 0x28, 0x2B, 0xF1, 0x84, 0xD2, 0x74, 0x1B, 0x8A, 0x51, 0x01, 0x41, 0x33, 0xC0, 0x8B, 0xDA, 0x8A, 0x04, 0x0E, 0x81, 0xE3, 0xFF, 0x00, 0x00, 0x00, 0x2B, 0xC3, 0x8B, 0x5C, 0x24, 0x10, 0x74, 0xE3, 0xEB, 0x04, 0x85, 0xC0, 0x74, 0x2B, 0x8B, 0x44, 0x24, 0x14, 0x8B, 0x54, 0x24, 0x24, 0x8B, 0x4C, 0x24, 0x1C, 0x40, 0x83, 0xC7, 0x04, 0x83, 0xC2, 0x02, 0x3B, 0xC1, 0x89, 0x44, 0x24, 0x14, 0x89, 0x54, 0x24, 0x24, 0x72, 0xA0, 0x5F, 0x5E, 0x5D, 0x33, 0xC0, 0x5B, 0x83, 0xC4, 0x10, 0xC2, 0x08, 0x00, 0x8B, 0x4C, 0x24, 0x24, 0x33, 0xC0, 0x66, 0x8B, 0x01, 0x83, 0xF8, 0xFF, 0x74, 0xE6, 0x3B, 0x43, 0x14, 0x77, 0xE1, 0x8B, 0x53, 0x1C, 0x5F, 0x5E, 0x8D, 0x04, 0x82, 0x8B, 0x04, 0x28, 0x03, 0xC5, 0x5D, 0x5B, 0x83, 0xC4, 0x10, 0xC2, 0x08, 0x00, 0x89, 0x45, 0x10, 0xC9, 0xC2, 0x08, 0x00 }; BYTE FreeCode[] = { 0x55, 0x8B, 0xEC, 0xFF, 0x75, 0x08, 0xE8, 0x05, 0x00, 0x00, 0x00, 0xE9, 0x87, 0x03, 0x00, 0x00, 0x83, 0xEC, 0x2C, 0x8D, 0x44, 0x24, 0x00, 0x56, 0x50, 0xE8, 0x92, 0x00, 0x00, 0x00, 0x8B, 0x74, 0x24, 0x34, 0x85, 0xF6, 0x74, 0x77, 0x8B, 0x46, 0x10, 0x85, 0xC0, 0x74, 0x18, 0x8B, 0x0E, 0x8B, 0x46, 0x04, 0x6A, 0x00, 0x6A, 0x00, 0x8B, 0x51, 0x28, 0x50, 0x03, 0xD0, 0xFF, 0xD2, 0xC7, 0x46, 0x10, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x46, 0x08, 0x85, 0xC0, 0x74, 0x32, 0x8B, 0x46, 0x0C, 0x57, 0x33, 0xFF, 0x85, 0xC0, 0x7E, 0x18, 0x8B, 0x46, 0x08, 0x8B, 0x04, 0xB8, 0x83, 0xF8, 0xFF, 0x74, 0x05, 0x50, 0xFF, 0x54, 0x24, 0x24, 0x8B, 0x46, 0x0C, 0x47, 0x3B, 0xF8, 0x7C, 0xE8, 0x8B, 0x4E, 0x08, 0x51, 0x6A, 0x00, 0xFF, 0x54, 0x24, 0x24, 0x50, 0xFF, 0x54, 0x24, 0x34, 0x5F, 0x8B, 0x46, 0x04, 0x85, 0xC0, 0x74, 0x0C, 0x68, 0x00, 0x80, 0x00, 0x00, 0x6A, 0x00, 0x50, 0xFF, 0x54, 0x24, 0x1C, 0x56, 0x6A, 0x00, 0xFF, 0x54, 0x24, 0x20, 0x50, 0xFF, 0x54, 0x24, 0x30, 0x5E, 0x83, 0xC4, 0x2C, 0xC2, 0x04, 0x00, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x55, 0x8B, 0xEC, 0x81, 0xEC, 0x94, 0x00, 0x00, 0x00, 0x53, 0x56, 0x57, 0x53, 0x51, 0x52, 0x56, 0x33, 0xC9, 0x64, 0x8B, 0x71, 0x30, 0x8B, 0x76, 0x0C, 0x8B, 0x76, 0x1C, 0x8B, 0x46, 0x08, 0x8B, 0x7E, 0x20, 0x8B, 0x36, 0x38, 0x4F, 0x18, 0x75, 0xF3, 0x90, 0x90, 0x89, 0x85, 0x6C, 0xFF, 0xFF, 0xFF, 0x55, 0x8B, 0xE8, 0x8B, 0x45, 0x3C, 0x8B, 0x54, 0x05, 0x78, 0x03, 0xD5, 0x8B, 0x4A, 0x18, 0x8B, 0x5A, 0x20, 0x03, 0xDD, 0x49, 0x8B, 0x34, 0x8B, 0x03, 0xF5, 0xB8, 0x47, 0x65, 0x74, 0x50, 0x39, 0x06, 0x75, 0xF1, 0xB8, 0x72, 0x6F, 0x63, 0x41, 0x39, 0x46, 0x04, 0x75, 0xE7, 0x8B, 0x5A, 0x24, 0x03, 0xDD, 0x66, 0x8B, 0x0C, 0x4B, 0x8B, 0x5A, 0x1C, 0x03, 0xDD, 0x8B, 0x04, 0x8B, 0x03, 0xC5, 0x5D, 0x5E, 0x5A, 0x59, 0x5B, 0x89, 0x85, 0x70, 0xFF, 0xFF, 0xFF, 0xB1, 0x72, 0xB2, 0x61, 0xB0, 0x65, 0x32, 0xDB, 0xC6, 0x85, 0x74, 0xFF, 0xFF, 0xFF, 0x56, 0xC6, 0x85, 0x75, 0xFF, 0xFF, 0xFF, 0x69, 0x88, 0x8D, 0x76, 0xFF, 0xFF, 0xFF, 0xC6, 0x85, 0x77, 0xFF, 0xFF, 0xFF, 0x74, 0xC6, 0x85, 0x78, 0xFF, 0xFF, 0xFF, 0x75, 0x88, 0x95, 0x79, 0xFF, 0xFF, 0xFF, 0xC6, 0x85, 0x7A, 0xFF, 0xFF, 0xFF, 0x6C, 0xC6, 0x85, 0x7B, 0xFF, 0xFF, 0xFF, 0x50, 0x88, 0x8D, 0x7C, 0xFF, 0xFF, 0xFF, 0xC6, 0x85, 0x7D, 0xFF, 0xFF, 0xFF, 0x6F, 0xC6, 0x85, 0x7E, 0xFF, 0xFF, 0xFF, 0x74, 0x88, 0x85, 0x7F, 0xFF, 0xFF, 0xFF, 0xC6, 0x45, 0x80, 0x63, 0xC6, 0x45, 0x81, 0x74, 0x88, 0x5D, 0x82, 0xC6, 0x45, 0xB4, 0x4C, 0xC6, 0x45, 0xB5, 0x6F, 0x88, 0x55, 0xB6, 0xC6, 0x45, 0xB7, 0x64, 0xC6, 0x45, 0xB8, 0x4C, 0xC6, 0x45, 0xB9, 0x69, 0xC6, 0x45, 0xBA, 0x62, 0x88, 0x4D, 0xBB, 0x88, 0x55, 0xBC, 0x88, 0x4D, 0xBD, 0xC6, 0x45, 0xBE, 0x79, 0xC6, 0x45, 0xBF, 0x41, 0x88, 0x5D, 0xC0, 0xC6, 0x45, 0xA4, 0x56, 0xC6, 0x45, 0xA5, 0x69, 0x88, 0x4D, 0xA6, 0xC6, 0x45, 0xA7, 0x74, 0xC6, 0x45, 0xA8, 0x75, 0x88, 0x55, 0xA9, 0xC6, 0x45, 0xAA, 0x6C, 0xC6, 0x45, 0xAB, 0x41, 0xC6, 0x45, 0xAC, 0x6C, 0xC6, 0x45, 0xAD, 0x6C, 0xC6, 0x45, 0xAE, 0x6F, 0xC6, 0x45, 0xAF, 0x63, 0x88, 0x5D, 0xB0, 0xC6, 0x45, 0xC4, 0x56, 0xC6, 0x45, 0xC5, 0x69, 0x88, 0x4D, 0xC6, 0xC6, 0x45, 0xC7, 0x74, 0xC6, 0x45, 0xC8, 0x75, 0x88, 0x55, 0xC9, 0xC6, 0x45, 0xCA, 0x6C, 0xC6, 0x45, 0xCB, 0x46, 0x88, 0x4D, 0xCC, 0x88, 0x45, 0xCD, 0x88, 0x45, 0xCE, 0x88, 0x5D, 0xCF, 0xC6, 0x45, 0x94, 0x49, 0xC6, 0x45, 0x95, 0x73, 0xC6, 0x45, 0x96, 0x42, 0x88, 0x55, 0x97, 0xC6, 0x45, 0x98, 0x64, 0xC6, 0x45, 0x99, 0x52, 0x88, 0x45, 0x9A, 0x88, 0x55, 0x9B, 0xC6, 0x45, 0x9C, 0x64, 0xC6, 0x45, 0x9D, 0x50, 0xC6, 0x45, 0x9E, 0x74, 0x88, 0x4D, 0x9F, 0x88, 0x5D, 0xA0, 0xC6, 0x45, 0x84, 0x47, 0x88, 0x45, 0x85, 0xC6, 0x45, 0x86, 0x74, 0xC6, 0x45, 0x87, 0x50, 0x88, 0x4D, 0x88, 0xC6, 0x45, 0x89, 0x6F, 0xC6, 0x45, 0x8A, 0x63, 0x8B, 0xB5, 0x70, 0xFF, 0xFF, 0xFF, 0x88, 0x45, 0x8B, 0x88, 0x45, 0x8F, 0x88, 0x45, 0xDE, 0x88, 0x45, 0xDF, 0x88, 0x45, 0xF5, 0x88, 0x45, 0xFA, 0x88, 0x45, 0xFB, 0x88, 0x45, 0xE9, 0x88, 0x45, 0xD1, 0x88, 0x45, 0xD5, 0x88, 0x5D, 0x92, 0x88, 0x5D, 0xE7, 0x88, 0x5D, 0xFC, 0x88, 0x5D, 0xF1, 0x88, 0x5D, 0xDB, 0x8B, 0x9D, 0x6C, 0xFF, 0xFF, 0xFF, 0x8D, 0x85, 0x74, 0xFF, 0xFF, 0xFF, 0x50, 0x53, 0xC6, 0x45, 0x8C, 0x73, 0xC6, 0x45, 0x8D, 0x73, 0xC6, 0x45, 0x8E, 0x48, 0x88, 0x55, 0x90, 0xC6, 0x45, 0x91, 0x70, 0xC6, 0x45, 0xDC, 0x46, 0x88, 0x4D, 0xDD, 0xC6, 0x45, 0xE0, 0x4C, 0xC6, 0x45, 0xE1, 0x69, 0xC6, 0x45, 0xE2, 0x62, 0x88, 0x4D, 0xE3, 0x88, 0x55, 0xE4, 0x88, 0x4D, 0xE5, 0xC6, 0x45, 0xE6, 0x79, 0xC6, 0x45, 0xF4, 0x48, 0x88, 0x55, 0xF6, 0xC6, 0x45, 0xF7, 0x70, 0xC6, 0x45, 0xF8, 0x46, 0x88, 0x4D, 0xF9, 0xC6, 0x45, 0xE8, 0x48, 0x88, 0x55, 0xEA, 0xC6, 0x45, 0xEB, 0x70, 0xC6, 0x45, 0xEC, 0x41, 0xC6, 0x45, 0xED, 0x6C, 0xC6, 0x45, 0xEE, 0x6C, 0xC6, 0x45, 0xEF, 0x6F, 0xC6, 0x45, 0xF0, 0x63, 0xC6, 0x45, 0xD0, 0x48, 0x88, 0x55, 0xD2, 0xC6, 0x45, 0xD3, 0x70, 0xC6, 0x45, 0xD4, 0x52, 0xC6, 0x45, 0xD6, 0x41, 0xC6, 0x45, 0xD7, 0x6C, 0xC6, 0x45, 0xD8, 0x6C, 0xC6, 0x45, 0xD9, 0x6F, 0xC6, 0x45, 0xDA, 0x63, 0xFF, 0xD6, 0x8B, 0x7D, 0x08, 0x8D, 0x4D, 0xB4, 0x51, 0x53, 0x89, 0x07, 0xFF, 0xD6, 0x8D, 0x55, 0xA4, 0x89, 0x47, 0x04, 0x52, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x08, 0x8D, 0x45, 0xC4, 0x50, 0x53, 0xFF, 0xD6, 0x8D, 0x4D, 0x94, 0x89, 0x47, 0x0C, 0x51, 0x53, 0xFF, 0xD6, 0x8D, 0x55, 0x84, 0x89, 0x47, 0x10, 0x52, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x14, 0x8D, 0x45, 0xDC, 0x50, 0x53, 0xFF, 0xD6, 0x8D, 0x4D, 0xF4, 0x89, 0x47, 0x18, 0x51, 0x53, 0x89, 0x77, 0x1C, 0xFF, 0xD6, 0x8D, 0x55, 0xE8, 0x89, 0x47, 0x20, 0x52, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x24, 0x8D, 0x45, 0xD0, 0x50, 0x53, 0xFF, 0xD6, 0x89, 0x47, 0x28, 0x5F, 0x5E, 0x5B, 0x8B, 0xE5, 0x5D, 0xC2, 0x04, 0x00, 0xC9, 0xC2, 0x04, 0x00 }; int nLength = sizeof(LoadCode) + sizeof(GetAddressCode) + sizeof(FreeCode); LPVOID pShellcode = new BYTE[nLength]; memcpy(pShellcode,LoadCode,sizeof(LoadCode)); int tmp = (int)pShellcode + sizeof(LoadCode); memcpy((LPVOID)tmp,GetAddressCode,sizeof(GetAddressCode)); tmp += sizeof(GetAddressCode); memcpy((LPVOID)tmp,FreeCode,sizeof(FreeCode)); //将shellcode写到目标进程 LPVOID pLoadAddr = VirtualAllocEx(hProcess, NULL, nLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if(pLoadAddr == NULL) return FALSE; bSuccess = WriteProcessMemory(hProcess, pLoadAddr, pShellcode, nLength, &dwWritten); ASSERT(bSuccess); LPVOID pGetAddr = LPVOID((int)pLoadAddr + sizeof(LoadCode)); LPVOID pFreeAddr = LPVOID((int)pGetAddr + sizeof(GetAddressCode)); DWORD dwThreadID = 0; HANDLE hThread = CreateRemoteThread(hProcess,0,0,(LPTHREAD_START_ROUTINE)pLoadAddr,pDataAddr,0,&dwThreadID); WaitForSingleObject(hThread,-1); DWORD dwExitCode = 0; GetExitCodeThread(hThread,&dwExitCode); ASSERT(hThread>0); CloseHandle(hThread); if (dwExitCode == 0) { VirtualFreeEx(hProcess,pLoadAddr,0,MEM_RELEASE); VirtualFreeEx(hProcess,pDataAddr,0,MEM_RELEASE); return FALSE; } delete []pShellcode; return TRUE; } 2015-4-2 00:26 0
Rprop 雪币： 878 活跃值： (496) 能力值： ( LV3，RANK：20 ) 在线值：发帖 35 回帖 743 粉丝 12 关注私信	Rprop 20 楼不需要释放, 2015-4-2 13:39 0
raincrack 雪币： 26 活跃值： (56) 能力值： ( LV2，RANK：10 ) 在线值：发帖 12 回帖 66 粉丝 1 关注私信	raincrack 21 楼这个和普通的内存加载DLL 有什么区别呃？还是不支持 SEH 2015-4-3 00:12 0
无名侠雪币： 6908 活跃值： (9024) 能力值： ( LV17，RANK：797 ) 在线值：发帖 74 回帖 406 粉丝 579 关注私信	无名侠 12 22 楼有调试版的代码吗，你这个看着很头疼。 2015-4-3 19:23 0
sunflover 雪币： 25 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 89 粉丝 0 关注私信	sunflover 23 楼自己想办法,不能老要求别人! 2015-4-4 11:26 0
无名侠雪币： 6908 活跃值： (9024) 能力值： ( LV17，RANK：797 ) 在线值：发帖 74 回帖 406 粉丝 579 关注私信	无名侠 12 24 楼是怎么取导出函数地址的？ 2015-4-5 18:50 0
无名侠雪币： 6908 活跃值： (9024) 能力值： ( LV17，RANK：797 ) 在线值：发帖 74 回帖 406 粉丝 579 关注私信	无名侠 12 25 楼就是想从网络读取数据，目的不是为了隐藏。 2015-4-5 18:51 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复