能力值:
( LV2,RANK:10 )
|
-
-
2 楼
楼主是开玩笑?还是我被蒙蔽?
//TForm1.FormCreate
004680F4 53 push ebx
004680F5 BBE4BB4600 mov ebx, $0046BBE4
004680FA B201 mov dl, $01
004680FC A198894200 mov eax, dword ptr [$00428998]
* Reference to: Registry.TRegistry.Create(TRegistry;boolean);overload;
|
00468101 E83E09FCFF call 00428A44
00468106 8903 mov [ebx], eax
00468108 BA01000080 mov edx, $80000001
0046810D 8B03 mov eax, [ebx]
* Reference to: Registry.TRegistry.SetRootKey(TRegistry;HKEY);
|
0046810F E8D009FCFF call 00428AE4
00468114 33C9 xor ecx, ecx
* Possible String Reference to: '\Software\Microsoft\Internet Explor
| er\Main'
|
00468116 BA4C814600 mov edx, $0046814C
0046811B 8B03 mov eax, [ebx]
* Reference to: Registry.TRegistry.OpenKey(TRegistry;AnsiString;Boolean):Boolean;
|
0046811D E8260AFCFF call 00428B48
* Possible String Reference to: ' '
|
00468122 B980814600 mov ecx, $00468180
* Possible String Reference to: 'Start Page'
|
00468127 BA98814600 mov edx, $00468198
0046812C 8B03 mov eax, [ebx]
* Reference to: Registry.TRegistry.WriteString(TRegistry;AnsiString;AnsiString);
|
0046812E E8390BFCFF call 00428C6C
00468133 8B03 mov eax, [ebx]
* Reference to: Registry.TRegistry.CloseKey(TRegistry);
|
00468135 E87A09FCFF call 00428AB4
0046813A 8B03 mov eax, [ebx]
* Reference to: System.TObject.Free(TObject);
|
0046813C E8BBAFF9FF call 004030FC
00468141 5B pop ebx
00468142 C3 ret
//TForm1.Button1.Click
00467F3C 55 push ebp
00467F3D 8BEC mov ebp, esp
00467F3F 6A00 push $00
00467F41 6A00 push $00
00467F43 53 push ebx
00467F44 8BD8 mov ebx, eax
00467F46 33C0 xor eax, eax
00467F48 55 push ebp
00467F49 6810804600 push $00468010
***** TRY
|
00467F4E 64FF30 push dword ptr fs:[eax]
00467F51 648920 mov fs:[eax], esp
00467F54 8D55FC lea edx, [ebp-$04]
* Reference to control Edit1 : N.A.
|
00467F57 8B83FC020000 mov eax, [ebx+$02FC]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00467F5D E87EBCFCFF call 00433BE0
00467F62 8B45FC mov eax, [ebp-$04]
* Possible String Reference to: ' '
|
00467F65 BA24804600 mov edx, $00468024
* Reference to: System.@LStrCmp;
|
00467F6A E8E9C2F9FF call 00404258
00467F6F 756B jnz 00467FDC
00467F71 8D55F8 lea edx, [ebp-$08]
* Reference to control Edit2 : N.A.
|
00467F74 8B8300030000 mov eax, [ebx+$0300]
* Reference to: Controls.TControl.GetText(TControl):TCaption;
|
00467F7A E861BCFCFF call 00433BE0
00467F7F 8B45F8 mov eax, [ebp-$08]
* Possible String Reference to: ' '
|
00467F82 BA3C804600 mov edx, $0046803C
* Reference to: System.@LStrCmp;
|
00467F87 E8CCC2F9FF call 00404258
00467F8C 7533 jnz 00467FC1
00467F8E 6A40 push $40
* Possible String Reference to: '我晕!出错了 '
|
00467F90 684C804600 push $0046804C
* Possible String Reference to: ' 对了,
| '
|
00467F95 6868804600 push $00468068
00467F9A 8BC3 mov eax, ebx
* Reference to: Controls.TWinControl.GetHandle(TWinControl):HWND;
| or: QComCtrls.TTrackBar.GetHandle(TTrackBar):QClxSliderH;
| or: QComCtrls.TCustomViewControl.GetHandle(TCustomViewControl):QListViewH;
| or: QComCtrls.TCustomViewControl.ViewportHandle(TCustomViewControl):QWidgetH;
| or: QComCtrls.TCustomHeaderControl.GetHandle(TCustomHeaderControl):QHeaderH;
| or: QComCtrls.TCustomSpinEdit.GetHandle(TCustomSpinEdit):QClxSpinBoxH;
|
00467F9C E8EF24FDFF call 0043A490
00467FA1 50 push eax
* Reference to: user32.MessageBoxA()
|
00467FA2 E8DDE5F9FF call 00406584
00467FA7 6A01 push $01
00467FA9 6A00 push $00
00467FAB 6A00 push $00
* Possible String Reference to: '
| '
|
00467FAD 6890804600 push $00468090
00467FB2 6A00 push $00
* Reference to: user32.GetDesktopWindow()
|
00467FB4 E803E4F9FF call 004063BC
00467FB9 50 push eax
* Reference to: shell32.ShellExecuteA()
|
00467FBA E831EDFBFF call 00426CF0
00467FBF EB34 jmp 00467FF5
00467FC1 6A10 push $10
* Possible String Reference to: '我晕!出错了 '
|
00467FC3 684C804600 push $0046804C
* Possible String Reference to: '请输入正确的用户名和密码 '
|
00467FC8 68D4804600 push $004680D4
00467FCD 8BC3 mov eax, ebx
* Reference to: Controls.TWinControl.GetHandle(TWinControl):HWND;
| or: QComCtrls.TTrackBar.GetHandle(TTrackBar):QClxSliderH;
| or: QComCtrls.TCustomViewControl.GetHandle(TCustomViewControl):QListViewH;
| or: QComCtrls.TCustomViewControl.ViewportHandle(TCustomViewControl):QWidgetH;
| or: QComCtrls.TCustomHeaderControl.GetHandle(TCustomHeaderControl):QHeaderH;
| or: QComCtrls.TCustomSpinEdit.GetHandle(TCustomSpinEdit):QClxSpinBoxH;
|
00467FCF E8BC24FDFF call 0043A490
00467FD4 50 push eax
* Reference to: user32.MessageBoxA()
|
00467FD5 E8AAE5F9FF call 00406584
00467FDA EB19 jmp 00467FF5
00467FDC 6A10 push $10
* Possible String Reference to: '我晕!出错了 '
|
00467FDE 684C804600 push $0046804C
* Possible String Reference to: '请输入正确的用户名和密码 '
|
00467FE3 68D4804600 push $004680D4
00467FE8 8BC3 mov eax, ebx
* Reference to: Controls.TWinControl.GetHandle(TWinControl):HWND;
| or: QComCtrls.TTrackBar.GetHandle(TTrackBar):QClxSliderH;
| or: QComCtrls.TCustomViewControl.GetHandle(TCustomViewControl):QListViewH;
| or: QComCtrls.TCustomViewControl.ViewportHandle(TCustomViewControl):QWidgetH;
| or: QComCtrls.TCustomHeaderControl.GetHandle(TCustomHeaderControl):QHeaderH;
| or: QComCtrls.TCustomSpinEdit.GetHandle(TCustomSpinEdit):QClxSpinBoxH;
|
00467FEA E8A124FDFF call 0043A490
00467FEF 50 push eax
* Reference to: user32.MessageBoxA()
|
00467FF0 E88FE5F9FF call 00406584
00467FF5 33C0 xor eax, eax
00467FF7 5A pop edx
00467FF8 59 pop ecx
00467FF9 59 pop ecx
00467FFA 648910 mov fs:[eax], edx
****** FINALLY
|
00467FFD 6817804600 push $00468017
00468002 8D45F8 lea eax, [ebp-$08]
00468005 BA02000000 mov edx, $00000002
* Reference to: System.@LStrArrayClr(void;void;Integer);
|
0046800A E861BEF9FF call 00403E70
0046800F C3 ret
* Reference to: System.@HandleFinally;
|
00468010 E93BB8F9FF jmp 00403850
00468015 EBEB jmp 00468002
****** END
|
00468017 5B pop ebx
00468018 59 pop ecx
00468019 59 pop ecx
0046801A 5D pop ebp
0046801B C3 ret
|
能力值:
(RANK:990 )
|
-
-
3 楼
看上面贴的代码也知道注册名和密码都是12个空格,直接明码比较,有什么强度可言?
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
很有指导意义
|
能力值:
(RANK:990 )
|
-
-
5 楼
这人不地道,刚才下载了他的东西测试了一下,竟然把我IE的默认主页改成14个空格,不知还有没有别的破坏性的东西,搞得我现在还要分析一下这个东西有没有对我系统造成破坏。大家不要运行这玩意!
|
能力值:
(RANK:350 )
|
-
-
6 楼
最初由 GMest 发布 很有指导意义
不要乱灌水,后果比较严重
|
能力值:
( LV9,RANK:530 )
|
-
-
7 楼
最初由 CCDebuger 发布 这人不地道,刚才下载了他的东西测试了一下,竟然把我IE的默认主页改成14个空格,不知还有没有别的破坏性的东西,搞得我现在还要分析一下这个东西有没有对我系统造成破坏。大家不要运行这玩意!
这年头什么都得防一点
|
能力值:
(RANK:990 )
|
-
-
8 楼
分析了一下,程序刚开始运行的时候就改IE默认主页:
00428CC4 |. 50 PUSH EAX ; |ValueName
00428CC5 |. 8B43 04 MOV EAX,DWORD PTR DS:[EBX+4] ; |
00428CC8 |. 50 PUSH EAX ; |hKey
00428CC9 |. E8 4ED1FDFF CALL <JMP.&advapi32.RegSetValueExA> ; \这里改IE默认主页为14个空格
注册成功后到这:
00467FA7 |. 6A 01 PUSH 1 ; /IsShown = 1
00467FA9 |. 6A 00 PUSH 0 ; |DefDir = NULL
00467FAB |. 6A 00 PUSH 0 ; |Parameters = NULL
00467FAD |. 68 90804600 PUSH TEST.00468090 ; |FileName = " "
00467FB2 |. 6A 00 PUSH 0 ; |Operation = NULL
00467FB4 >|. E8 03E4F9FF CALL <JMP.&user32.GetDesktopWindow> ; |[GetDesktopWindow
00467FB9 |. 50 PUSH EAX ; |hWnd
00467FBA >|. E8 31EDFBFF CALL <JMP.&shell32.ShellExecuteA> ; \可能是想干点什么,不过没成功
其他的尚未发现有何恶迹。
|
能力值:
( LV9,RANK:1250 )
|
-
-
9 楼
这年头,做人要厚道!
|
能力值:
( LV6,RANK:90 )
|
-
-
10 楼
|
能力值:
( LV2,RANK:10 )
|
-
-
11 楼
已经告诉他只不过如此
|
能力值:
( LV2,RANK:10 )
|
-
-
12 楼
最初由 CCDebuger 发布 看上面贴的代码也知道注册名和密码都是12个空格,直接明码比较,有什么强度可言? 大侠一出手,便知有没有.
|
能力值:
( LV2,RANK:10 )
|
-
-
13 楼
晕,,我忘了提醒大家,,我只用Dede看了下有问题我就没运行,看代码就知道会改注册表了。
|
能力值:
( LV3,RANK:20 )
|
-
-
14 楼
嗨!幸好看到各位的回复,不敢下了...嘻嘻.
|
能力值:
(RANK:990 )
|
-
-
15 楼
我是一失足成千古恨。都没怎么注意看,只是想这么简单的东西还测试什么强度?一时好奇,下载运行了一下。感觉不对头才想起来分析
|
能力值:
( LV4,RANK:50 )
|
-
-
16 楼
|
能力值:
( LV2,RANK:10 )
|
-
-
17 楼
最初由 CCDebuger 发布 我是一失足成千古恨。都没怎么注意看,只是想这么简单的东西还测试什么强度?一时好奇,下载运行了一下。感觉不对头才想起来分析
哈哈。。我现在运行比较没把握的程序之前都先静态分析一下,呵呵,其实这个也没啥大害,不过楼主4.1都过去了才发出来就是楼主的不对了。
|
能力值:
(RANK:990 )
|
-
-
18 楼
呵呵,可能是愚人节礼物
|
能力值:
( LV2,RANK:10 )
|
-
-
19 楼
要我说,这样的人就拉出去枪毙5分钟!
|
能力值:
( LV2,RANK:10 )
|
-
-
20 楼
常在河边走
哪能不湿鞋?
|
能力值:
( LV2,RANK:10 )
|
-
-
21 楼
最初由 寂静如风 发布 要我说,这样的人就拉出去枪毙5分钟!
哈哈,枪毙一下就死了,还要5分钟,虐待尸体呀
|
能力值:
( LV4,RANK:50 )
|
-
-
22 楼
|
能力值:
(RANK:350 )
|
-
-
23 楼
|
能力值:
( LV2,RANK:10 )
|
-
-
24 楼
最初由 kanxue 发布 再等2天,如他不来解释就直接封了。 惩办与宽大想结合.呵呵.
|
能力值:
( LV2,RANK:10 )
|
-
-
25 楼
人怎么这样啊
|